Linux CGroup (Control Group)

在擁有多個獨立的namespace之後，如何有效的分配既有的資源，就成了另一個課題。這些都是交由Linux kernel的CGroup功能負責，限制、控制、分離Control Group的資源（包括：CPU, Memory, I/O等等）。CGroup主要的功能有

限制資源上限
優先權決定
計算資源使用情況
將process group掛起或恢復

查看/sys/fs/cgroup底下有哪些項目

root@vm:/sys/fs/cgroup# ls -all
總計 0
drwxr-xr-x 15 root root 380  7月  1 20:50 .
drwxr-xr-x  9 root root   0  7月  1 19:49 ..
dr-xr-xr-x  5 root root   0  7月  1 20:50 blkio
lrwxrwxrwx  1 root root  11  7月  1 20:50 cpu -> cpu,cpuacct
lrwxrwxrwx  1 root root  11  7月  1 20:50 cpuacct -> cpu,cpuacct
dr-xr-xr-x  5 root root   0  7月  1 20:50 cpu,cpuacct
dr-xr-xr-x  3 root root   0  7月  1 20:50 cpuset
dr-xr-xr-x  5 root root   0  7月  1 20:50 devices
dr-xr-xr-x  3 root root   0  7月  1 20:50 freezer
dr-xr-xr-x  3 root root   0  7月  1 20:50 hugetlb
dr-xr-xr-x  5 root root   0  7月  1 20:50 memory
lrwxrwxrwx  1 root root  16  7月  1 20:50 net_cls -> net_cls,net_prio
dr-xr-xr-x  3 root root   0  7月  1 20:50 net_cls,net_prio
lrwxrwxrwx  1 root root  16  7月  1 20:50 net_prio -> net_cls,net_prio
dr-xr-xr-x  3 root root   0  7月  1 20:50 perf_event
dr-xr-xr-x  5 root root   0  7月  1 20:50 pids
dr-xr-xr-x  2 root root   0  7月  1 20:50 rdma
dr-xr-xr-x  6 root root   0  7月  1 20:50 systemd
dr-xr-xr-x  5 root root   0  7月  1 20:50 unified

當Docker建立一個容器時，會在cgroup底下建立資料夾，我在本機擁有一個portainer容器，容器ID為64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1，那麼在cgroup底下我可以找到這個容器ID的資料夾，裡面列出對各項資源的限制及統計，包括memory, cpu等等

root@BigData10:/home/jennifer# docker ps
CONTAINER ID        IMAGE                            COMMAND                  CREATED             STATUS              PORTS                                                                                        NAMES
64577c13ad58        portainer/portainer              "/portainer"             13 months ago       Up 19 hours         0.0.0.0:9000->9000/tcp                                                                       portainer

root@vm:/sys/fs/cgroup# find iname 64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./perf_event/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./blkio/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./net_cls,net_prio/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./memory/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./cpuset/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./pids/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./cpu,cpuacct/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./freezer/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./devices/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./hugetlb/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1
./systemd/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1

tasks顯示了64577容器內的process有哪些

root@vm:/sys/fs/cgroup/memory/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1# cat tasks
2501
2822
2823
2824
2825
2927
2962
2963
3720
3721
4422
4423
6541

利用top查詢目前各process佔用資源的情況

root@:/sys/fs# top
top - 16:52:19 up 20:02,  1 user,  load average: 0.13, 0.08, 0.02
Tasks: 212 total,   1 running, 163 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.2 us,  0.0 sy,  0.0 ni, 99.8 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem : 16411728 total,  8069872 free,  6456780 used,  1885076 buff/cache
KiB Swap:   999420 total,   999420 free,        0 used.  9613404 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
 2550 999       20   0 5922284 4.181g  22672 S   0.3 26.7   6:41.87 java
 3117 root      20   0 1534032 414212  28416 S   0.3  2.5   3:05.76 uwsgi
 3511 root      20   0 2441536 233720  35252 S   0.3  1.4   5:08.07 python

PID=2550佔用主機26.7%的記憶體，先查看看他是屬於哪一個容器的task，再用容器id回查容器狀態

root@vm:/sys/fs/cgroup/memory/docker# grep 2550 /sys/fs/cgroup/cpu/docker/*/tasks
/sys/fs/cgroup/cpu/docker/c4bf14a28bd088b462496a9aa4f73f0433257768b8d48f40a72dfdff649a52ab/tasks:2550

root@vm:/sys/fs/cgroup/memory/docker#  docker ps | grep c4b
c4bf14a28bd0        cassandra                        "docker-entrypoint.s…"   4 weeks ago         Up 20 hours         7001/tcp, 0.0.0.0:7000->7000/tcp, 0.0.0.0:9042->9042/tcp, 0.0.0.0:9160->9160/tcp, 7199/tcp   cassandra-1

也可利用docker stats查看各容器目前使用資源的情況

root@vm:/home/jennifer# docker stats cassandra-1 portainer
CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
c4bf14a28bd0        cassandra-1         0.57%               4.303GiB / 15.65GiB   27.49%              341MB / 342MB       313MB / 4.22GB      128
64577c13ad58        portainer           0.00%               14.12MiB / 15.65GiB   0.09%               553kB / 5.82MB      48.8MB / 268MB      14

PreviousLinux Namespaces NextDocker實作營

Last updated 4 years ago

Was this helpful?

root@vm:/sys/fs/cgroup# ls -all 總計 0 drwxr-xr-x 15 root root 380 7月 1 20:50 . drwxr-xr-x 9 root root 0 7月 1 19:49 .. dr-xr-xr-x 5 root root 0 7月 1 20:50 blkio lrwxrwxrwx 1 root root 11 7月 1 20:50 cpu -> cpu,cpuacct lrwxrwxrwx 1 root root 11 7月 1 20:50 cpuacct -> cpu,cpuacct dr-xr-xr-x 5 root root 0 7月 1 20:50 cpu,cpuacct dr-xr-xr-x 3 root root 0 7月 1 20:50 cpuset dr-xr-xr-x 5 root root 0 7月 1 20:50 devices dr-xr-xr-x 3 root root 0 7月 1 20:50 freezer dr-xr-xr-x 3 root root 0 7月 1 20:50 hugetlb dr-xr-xr-x 5 root root 0 7月 1 20:50 memory lrwxrwxrwx 1 root root 16 7月 1 20:50 net_cls -> net_cls,net_prio dr-xr-xr-x 3 root root 0 7月 1 20:50 net_cls,net_prio lrwxrwxrwx 1 root root 16 7月 1 20:50 net_prio -> net_cls,net_prio dr-xr-xr-x 3 root root 0 7月 1 20:50 perf_event dr-xr-xr-x 5 root root 0 7月 1 20:50 pids dr-xr-xr-x 2 root root 0 7月 1 20:50 rdma dr-xr-xr-x 6 root root 0 7月 1 20:50 systemd dr-xr-xr-x 5 root root 0 7月 1 20:50 unified

root@BigData10:/home/jennifer# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 64577c13ad58 portainer/portainer "/portainer" 13 months ago Up 19 hours 0.0.0.0:9000->9000/tcp portainer root@vm:/sys/fs/cgroup# find iname 64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./perf_event/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./blkio/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./net_cls,net_prio/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./memory/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./cpuset/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./pids/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./cpu,cpuacct/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./freezer/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./devices/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./hugetlb/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1 ./systemd/docker/64577c13ad5842d3183b14f7d082b38aa8ba463aa51d2d7f9afe0179720227b1

root@:/sys/fs# top top - 16:52:19 up 20:02, 1 user, load average: 0.13, 0.08, 0.02 Tasks: 212 total, 1 running, 163 sleeping, 0 stopped, 0 zombie %Cpu(s): 0.2 us, 0.0 sy, 0.0 ni, 99.8 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem : 16411728 total, 8069872 free, 6456780 used, 1885076 buff/cache KiB Swap: 999420 total, 999420 free, 0 used. 9613404 avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2550 999 20 0 5922284 4.181g 22672 S 0.3 26.7 6:41.87 java 3117 root 20 0 1534032 414212 28416 S 0.3 2.5 3:05.76 uwsgi 3511 root 20 0 2441536 233720 35252 S 0.3 1.4 5:08.07 python

root@vm:/sys/fs/cgroup/memory/docker# grep 2550 /sys/fs/cgroup/cpu/docker/*/tasks /sys/fs/cgroup/cpu/docker/c4bf14a28bd088b462496a9aa4f73f0433257768b8d48f40a72dfdff649a52ab/tasks:2550 root@vm:/sys/fs/cgroup/memory/docker# docker ps | grep c4b c4bf14a28bd0 cassandra "docker-entrypoint.s…" 4 weeks ago Up 20 hours 7001/tcp, 0.0.0.0:7000->7000/tcp, 0.0.0.0:9042->9042/tcp, 0.0.0.0:9160->9160/tcp, 7199/tcp cassandra-1

root@vm:/home/jennifer# docker stats cassandra-1 portainer CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS c4bf14a28bd0 cassandra-1 0.57% 4.303GiB / 15.65GiB 27.49% 341MB / 342MB 313MB / 4.22GB 128 64577c13ad58 portainer 0.00% 14.12MiB / 15.65GiB 0.09% 553kB / 5.82MB 48.8MB / 268MB 14