1. Cgroup Concept
Linux Cgroup Provides resource limits for a set of processes and subprocesses , The ability to control and count , These resources include CPU, Memory , Storage , Network, etc . adopt Cgroup, It can easily absorb the resource occupation of a certain process , And it can monitor the process and statistics in real time .
Cgroup The following three components are used to complete resource limitation
- cgroup: It’s a mechanism for process group management
- subsystem: It’s a set of resource control modules
- hierarchy: Put a group of cgroup String into a tree structure ( It can be inherited )
2. Cgroup Use
Talk about half day concept , It’s estimated that everyone is also in a fog , I am directly in Liunx Show me how to use… On the command line
Cgroup
, In this way, everyone should be right Cgroup Have a clearer understanding of .
- Create a folder to hold mount points
mkdir cgroup-demo
- mount hierarchy
mount -t cgroup -o none,name=cgroup-demo cgroup-demo ./cgroup-demo
3. View the generated default file
Once we mount
hierarchy
, Then some default files will be generated in this folder
ls cgroup-demo
Roughly explain the function of these documents , Mainly this task
file
cgroup.clone_children
:cpuset Of subsystem Will read the file , If the value in the file is 1 Words , Then cgroup Will inherit the father cgroup Of cpuset To configurecgroup.procs
: Record the current node in the tree cgroup Process groups in IDtask
: Identify the cgroup Under the process of ID, If you change the ID Write to this file , Then the process will be added to the current cgroup in .
- newly build
Son cgroup
Just mount
hierarchy
Under folder , Create a new folder , Then the new folder will bekernel
Automatically mark the cgroup The son of group
cd cgroup-demo
mkdir cgroup1
You can see , After we create a new folder , Some default files will be automatically generated in the folder , This
cgroup1
Namelycgroup-demo
The son of cgroup, By default , He will inherit his father cgroup Configuration of .
- adopt subsystem Limit cgroup Resources in progress
Created above hierarchy It’s not related to anything subsystem, So I can’t get through the above hierarchy Medium cgroup Node to limit the resource usage of the process , In fact, the system default has been for each subsystem Created a default hierarchy, It’s in Linux Of
/sys/fs/cgroup
Under the path
ls /sys/fs/cgroup
If we want to limit a process ID Of memory , Then in
/sys/fs/cgroup/memory
Create a limit under folder mermory Of cgroup, Create in the same way as above , Just create a folder ,kernel Automatically mark the folder as a cgroup, Let’s try
cd /sys/fs/cgroup/memory
mkdir cgroup-demo-memory
You can see under this file , Automatically created a lot of restricted resource files for us , We just need to
process ID
Write… Under this foldertask
In file , Then modify itmeory.limit_in_bytes
The file of , You can limit the memory usage of the process .
3. Go Used in language Cgroup
package main
import (
"fmt"
"io/ioutil"
"os"
"os/exec"
"path"
"strconv"
"syscall"
)
const (
// Mounted memory subsystem Of hierarchy The root location of
cgroupMemoryHierarchyMount = "/sys/fs/cgroup/memory"
)
func main() {
if os.Args[0] == "/proc/self/exe" {
// Process of container
fmt.Printf("current pid %d \n", syscall.Getpid())
cmd := exec.Command("sh", "-c", "stress --vm-bytes 200m --vm-keep -m 1")
cmd.SysProcAttr = &syscall.SysProcAttr{
}
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
if err := cmd.Run(); err != nil {
panic(err)
}
}
cmd := exec.Command("/proc/self/exe")
cmd.SysProcAttr = &syscall.SysProcAttr{
Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS,
}
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
err := cmd.Start()
if err != nil {
panic(err)
}
// obtain fork Out of the process map in the external namespace pid
fmt.Printf("%+v", cmd.Process.Pid)
// Create a child cgroup
newCgroup := path.Join(cgroupMemoryHierarchyMount, "cgroup-demo-memory")
if err := os.Mkdir(newCgroup, 0755); err != nil {
panic(err)
}
// Put the container process in the child cgroup in
if err := ioutil.WriteFile(path.Join(newCgroup, "tasks"), []byte(strconv.Itoa(cmd.Process.Pid)), 0644); err != nil {
panic(err)
}
// Limit cgroup Memory usage
if err := ioutil.WriteFile(path.Join(newCgroup, "memory.limit_in_bytes"), []byte("100m"), 0644); err != nil {
panic(err)
}
cmd.Process.Wait()
}
These two sections show you docker Principle , Then I will lead you to use go hold docker The framework of the container is set up , Start to really write docker 了 .