Anton Lindstrom (about, @twitter, @github)

Limit processes with cgexec

Published:

When running multiple processes it can sometimes be useful to limit the resource usage of one or many process groups. In this post I'll describe how to limit the CPU and memory of a process with the help of Linux Control Groups.

Say that you're compiling a program or doing some heavy computing with a program which uses 100% of all CPUs available. If you now were to run another program, for instance checking your mail, it would be really slow. This is where resource limiting would come into use.

To be able to use resource limiting with cgroups I usually use the cgroup-bin package. The following commands will limit the process ./compute to only use 128 (of a total of 1024) CPU shares and 32MB of memory:

# Install cgroup-bin
apt-get install cgroup-bin

# Create a cgroup for memory and cpu called "mygroup"
cgcreate -g memory,cpu:mygroup

# Add 128 CPU shares (about 12% CPU).
echo 128 > /sys/fs/cgroup/cpu/mygroup/cpu.shares

# Add 32MB of memory to the limit.
echo 32000000 > /sys/fs/cgroup/memory/mygroup/memory.limit_in_bytes

# Do not allow the process to use swap (if the limit is reached the
# process will be killed instead).
echo 0 > /sys/fs/cgroup/memory/build/memory.swappiness

# Run the command in the specified group.
cgexec -g cpu,memory:mygroup ./compute

The above commands describe how to limit resources for a command which I'm using quite often to limit commands such as compiling (./configure && make) to be able to keep some extra resources for processes such as email and IRC.

To be able to write add a non root owner of a control group, the following flags are useful:

-t user:group # User that can add tasks to the cgroup.
-a user:group # User that can add and modify tasks in the cgroup.

# Create a cgroup for user anton in group anton which is able to use and
# modify the cgroup "mygroup".
cgcreate -t anton:anton -a anton:anton memory,cpu:mygroup

There are a lot of other things that can be done with Control Groups such as monitoring and introspection. I recommend reading in on cgroups to learn more about it.

Links

To read more about cgroups, the following links helped me understand more about it: