SlideShare a Scribd company logo

Linux cgroups and namespaces

Locaweb
Locaweb

Luiz Viana e André Ferraz (Cazé) mostram uma visão geral das tecnologias nativas para isolamento de recursos em ambiente Linux.

Technology
1 of 31
Download to read offline
Introduction toLinux Control Groups and NamespacesAndre Ferraz @deferrazLuiz Viana @luizxxDelivery Engineering Team
What is it? • Basically, a kernel feature that allows you to allocate resources among groups of tasks running on a system. • Provides a way to hierarchically group and label processes, and to apply resource limits them.
Resource allocation• CPU time and scheduling• System memory / swap area• Network bandwidth and namespaces• Block devices bandwidth and IOPS• Device access and isolation
HierarchyCopyright Red Hat Inc.
RelationshipCopyright Red Hat Inc.
Implications• Because a task can belong to only single cgroup, there is one way that be limited or affected by any single subsystem. This is logical: a feature, not limitation. • You can group several subsystems together so that they affect all tasks in a single hierarchy. Because cgroups in that hierarchy have different parameters set, those tasks will be affected differently. • Conversely, if the need for splitting subsystems among separate hierarchies is reduced, you can remove a hierarchy and attach its subsystems to an existing one. • The design allows for simple cgroup usage, such as setting a few parameters specific tasks in single hierarchy, such as one with just the cpu and memorysubsystems attached. • The design also allows for highly specific configuration: each task (process) on a system could be a member of each hierarchy, which has single attached subsystem. Such configuration would give the system administrator absolute control over all parameters for every single task. • If you are limiting resources from a user, he will have more processes waiting for and due to this, load average on your server will have higher values constantly.
Using control groups: hard way
Using control groups: command line
Using control groups: cgconfig• The cgconfig service installed with the libcgroup package provides a convenient way to create hierarchies, attach subsystems to and manage cgroups within those hierarchies. • It is recommended that you use cgconfig to manage hierarchies and cgroups on your system. • The default /etc/cgconfig.conf file installed with the libcgroup package creates and mounts an individual hierarchy for each subsystem, and attaches the subsystems to these hierarchies. The cgconfig service also allows to create configuration files in the /etc/cgconfig.d/ directory and invoke them from /etc/cgconfig.conf. • If you stop the cgconfig service (with stopcommand), it unmounts all the hierarchies that it mounted.
Configuration example
Using control groups: cgred• Cgred (cgrulesengd daemon) is a service that moves tasks into cgroups according to parameters set in the /etc/cgrules.conf file. • Entries in the /etc/cgrules.conffile can take one of the two forms: user subsystems control_groupuser:command subsystems control_group• Group names can be specified prefixing the "@" character. • More than one subsystem can be specified in a comma-separated list• Commands are identified by the process name or full command path of a process.
Configuration example
Using control groups: reaper• Reaper allows you to manage groups dynamically on shared multi-user environments. • Can be extended to work on any environment by creating a function validate users. • Entirely written in Python and easy to modify. • Limit exceptions can be created using the command line interface. • Does not depend on external agents. • Use of standard items from libcgroups available in most Linux distributions. Available on Github, https://github.com/lviana/reaper
Obtaining cgroups information• Listing controllers• # lssubsys -m controllers• # cat /proc/cgroups• Finding control groups• # lscgroup• # lscgroup cpuset:adminusers• Display parameters• # cgget -r parameter list_of_cgroups• # cgget -g cpuset /
Future... Actually, not so future anymore!
Systemd• System service manager for Linux that provides parallelization capabilities, keeps track of processes using Linux control groups, offers on-demand starting of daemons and implements an elaborated transactional dependency-based service control logic. • A cgroup is bound to a system unit configurable with file and manageable with systemd's command-line utilities. • Cgroups in systemd can be transient or persistent.
Transient cgroups• Using transient cgroups, you can set limits on resources consumed by the service during its runtime. • Applications can create transient cgroups dynamically by using API calls to systemd. • Commands are started directly from the systemd-runprocess and thus inherit the execution environment of caller. • Commands are run in scope units synchronous execution.
Persistent cgroups• You can assign apersistent cgroup to a systemd service, editting its unit configuration file. • It can be used to manage services that are started automatically. • Unit configuration files are available on /usr/lib/systemd/system/ directory. • Temporary changes can be set using systemctl command.
Where the f*ck do I use it? • Prioritizing database io• Limit resources available to end users• Optimizing processor usage• Control network access• Isolate process from devices• Optimize available physical resources• Set network traffic priority
Projects using it• Linux Containers / LXC (https://linuxcontainers.org/) • Docker (http://docker.io) • Apache Mesos (http://mesos.apache.org) • Openstack (http://www.openstack.org) • Locaweb (http://github.com/locaweb)
Namespaces!
Namespaces,what is it? • Lightweight process isolation• Processes can have different views of the system than other processes• Old Concept: 1992 on plan9 (http://www.cs.bell- labs.com/sys/doc/names.html) • No hypervisor• setns() syscall
Namespaces, types• mountpoints / fs (MNT) [First created on 2002 by Al Viro] • processes (PID) • network (NET) • System V IPC• Hostname (UTS) • User (UIDS)
Namespaces,flags• CLONE_NEWNS 2.4.19 CAP_SYS_ADMIN• CLONE_NEWUTS 2.6.19 CAP_SYS_ADMIN• CLONE_NEWIPC 2.6.19 CAP_SYS_ADMIN• CLONE_NEWPID 2.6.24 CAP_SYS_ADMIN• CLONE_NEWNET 2.6.29 CAP_SYS_ADMIN• CLONE_NEWUSER 3.8 No cap Required
Namespaces, syscallsclone () -create new process and namespaceunshare() -create new namespace and attaches current processsetns() -join an existing namespace
Namespaces, network ns example# ip netns add newnet# ip link add veth0 type veth peer name veth1# ip link set veth1 netns newnet# ip netns exec newnet link list# ip netns exec newnet bash
Namespaces, securityCVE 2013-1858http://lwn.net/Articles/543273/
Namespaces, application server support• uWSGI got full namespaces support in 1.9/2.0• Additional isolated filesystems• You can detach single components to increase isolationMore information on: http://uwsgi-docs.readthedocs.org/en/latest/Namespaces.html
Reference• https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.tree/Documentation/cgroups/ • https://access.redhat.com/documentation/en- US/Red_Hat_Enterprise_Linux/7/ • https://access.redhat.com/documentation/en- US/Red_Hat_Enterprise_Linux/6/ • http://uwsgi-docs.readthedocs.org/en/latest/Namespaces.html
Questions? Thank you!

Recommended

Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics CodeOps Technologies LLP
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker ComposeAjeet Singh Raina
 
왕초보를 위한 도커 사용법
왕초보를 위한 도커 사용법왕초보를 위한 도커 사용법
왕초보를 위한 도커 사용법GeunCheolYeom
 

Recommended

Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics CodeOps Technologies LLP
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker ComposeAjeet Singh Raina
 
왕초보를 위한 도커 사용법
왕초보를 위한 도커 사용법왕초보를 위한 도커 사용법
왕초보를 위한 도커 사용법GeunCheolYeom
 
Introduction to shell scripting
Introduction to shell scriptingIntroduction to shell scripting
Introduction to shell scriptingCorrado Santoro
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)rajdeep
 
Docker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesDocker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesLuciano Fiandesio
 
Automate DBA Tasks With Ansible
Automate DBA Tasks With AnsibleAutomate DBA Tasks With Ansible
Automate DBA Tasks With AnsibleIvica Arsov
 
Learning how AWS implement AWS VPC CNI
Learning how AWS implement AWS VPC CNILearning how AWS implement AWS VPC CNI
Learning how AWS implement AWS VPC CNIHungWei Chiu
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Docker intro
Docker introDocker intro
Docker introOleg Z
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking OverviewSreenivas Makam
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionSparkbit
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker, Inc.
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker, Inc.
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansiblesriram_rajan
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionMANAOUIL Karim
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondKubeAcademy
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introductionsoniasnowfrog
 
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...Edureka!
 
Managing Terraform Module Versioning and Dependencies
Managing Terraform Module Versioning and Dependencies Managing Terraform Module Versioning and Dependencies
Managing Terraform Module Versioning and Dependencies Nebulaworks
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerFrederik Mogensen
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansibleGeorge Shuklin
 
Namespace
NamespaceNamespace
Namespaceabhay singh
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelOpenVZ
 

More Related Content

What's hot

Introduction to shell scripting
Introduction to shell scriptingIntroduction to shell scripting
Introduction to shell scriptingCorrado Santoro
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)rajdeep
 
Docker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesDocker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesLuciano Fiandesio
 
Automate DBA Tasks With Ansible
Automate DBA Tasks With AnsibleAutomate DBA Tasks With Ansible
Automate DBA Tasks With AnsibleIvica Arsov
 
Learning how AWS implement AWS VPC CNI
Learning how AWS implement AWS VPC CNILearning how AWS implement AWS VPC CNI
Learning how AWS implement AWS VPC CNIHungWei Chiu
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleOmid Vahdaty
 
Docker intro
Docker introDocker intro
Docker introOleg Z
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking OverviewSreenivas Makam
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionSparkbit
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker, Inc.
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker, Inc.
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansiblesriram_rajan
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondKubeAcademy
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introductionsoniasnowfrog
 
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...Edureka!
 
Managing Terraform Module Versioning and Dependencies
Managing Terraform Module Versioning and Dependencies Managing Terraform Module Versioning and Dependencies
Managing Terraform Module Versioning and Dependencies Nebulaworks
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansibleGeorge Shuklin
 

What's hot (20)

Introduction to shell scripting
Introduction to shell scriptingIntroduction to shell scripting
Introduction to shell scripting
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
 
Docker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesDocker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutes
 
Automate DBA Tasks With Ansible
Automate DBA Tasks With AnsibleAutomate DBA Tasks With Ansible
Automate DBA Tasks With Ansible
 
Learning how AWS implement AWS VPC CNI
Learning how AWS implement AWS VPC CNILearning how AWS implement AWS VPC CNI
Learning how AWS implement AWS VPC CNI
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 
Docker intro
Docker introDocker intro
Docker intro
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in Docker
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker Slides
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansible
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyond
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
 
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...
Docker Explained | What Is A Docker Container? | Docker Simplified | Docker T...
 
Managing Terraform Module Versioning and Dependencies
Managing Terraform Module Versioning and Dependencies Managing Terraform Module Versioning and Dependencies
Managing Terraform Module Versioning and Dependencies
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Best practices for ansible
Best practices for ansibleBest practices for ansible
Best practices for ansible
 

Viewers also liked

Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelOpenVZ
 
Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)Ralf Dannert
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Boden Russell
 
Docker & JVM: A Perfect Match
Docker & JVM: A Perfect MatchDocker & JVM: A Perfect Match
Docker & JVM: A Perfect MatchMatthias Grüter
 
Resource Management of Docker
Resource Management of DockerResource Management of Docker
Resource Management of DockerSpeedyCloud
 
Using cgroups in docker container
Using cgroups in docker containerUsing cgroups in docker container
Using cgroups in docker containerVinay Jindal
 
Recent advances in the Linux kernel resource management
Recent advances in the Linux kernel resource managementRecent advances in the Linux kernel resource management
Recent advances in the Linux kernel resource managementOpenVZ
 
Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespacesMike Wilson
 
What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...
What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...
What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...OpenVZ
 
Understand and optimize Linux I/O
Understand and optimize Linux I/OUnderstand and optimize Linux I/O
Understand and optimize Linux I/OAndrea Righi
 
ENERGY EFFICIENCY OF ARM ARCHITECTURES FOR CLOUD COMPUTING APPLICATIONS
ENERGY EFFICIENCY OF ARM ARCHITECTURES FOR CLOUD COMPUTING APPLICATIONSENERGY EFFICIENCY OF ARM ARCHITECTURES FOR CLOUD COMPUTING APPLICATIONS
ENERGY EFFICIENCY OF ARM ARCHITECTURES FOR CLOUD COMPUTING APPLICATIONSStephan Cadene
 
Achieving Performance Isolation with Lightweight Co-Kernels
Achieving Performance Isolation with Lightweight Co-KernelsAchieving Performance Isolation with Lightweight Co-Kernels
Achieving Performance Isolation with Lightweight Co-KernelsJiannan Ouyang, PhD
 
Shoot4U: Using VMM Assists to Optimize TLB Operations on Preempted vCPUs
Shoot4U: Using VMM Assists to Optimize TLB Operations on Preempted vCPUsShoot4U: Using VMM Assists to Optimize TLB Operations on Preempted vCPUs
Shoot4U: Using VMM Assists to Optimize TLB Operations on Preempted vCPUsJiannan Ouyang, PhD
 

Viewers also liked (20)

Namespace
NamespaceNamespace
Namespace
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux Kernel
 
Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)
 
Linux Namespace
Linux NamespaceLinux Namespace
Linux Namespace
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
 
Docker & JVM: A Perfect Match
Docker & JVM: A Perfect MatchDocker & JVM: A Perfect Match
Docker & JVM: A Perfect Match
 
Resource Management of Docker
Resource Management of DockerResource Management of Docker
Resource Management of Docker
 
Using cgroups in docker container
Using cgroups in docker containerUsing cgroups in docker container
Using cgroups in docker container
 
Recent advances in the Linux kernel resource management
Recent advances in the Linux kernel resource managementRecent advances in the Linux kernel resource management
Recent advances in the Linux kernel resource management
 
Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespaces
 
LSA2 - 02 Namespaces
LSA2 - 02 NamespacesLSA2 - 02 Namespaces
LSA2 - 02 Namespaces
 
What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...
What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...
What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
 
Linux Namespaces
Linux NamespacesLinux Namespaces
Linux Namespaces
 
Understand and optimize Linux I/O
Understand and optimize Linux I/OUnderstand and optimize Linux I/O
Understand and optimize Linux I/O
 
ENERGY EFFICIENCY OF ARM ARCHITECTURES FOR CLOUD COMPUTING APPLICATIONS
ENERGY EFFICIENCY OF ARM ARCHITECTURES FOR CLOUD COMPUTING APPLICATIONSENERGY EFFICIENCY OF ARM ARCHITECTURES FOR CLOUD COMPUTING APPLICATIONS
ENERGY EFFICIENCY OF ARM ARCHITECTURES FOR CLOUD COMPUTING APPLICATIONS
 
Achieving Performance Isolation with Lightweight Co-Kernels
Achieving Performance Isolation with Lightweight Co-KernelsAchieving Performance Isolation with Lightweight Co-Kernels
Achieving Performance Isolation with Lightweight Co-Kernels
 
Shoot4U: Using VMM Assists to Optimize TLB Operations on Preempted vCPUs
Shoot4U: Using VMM Assists to Optimize TLB Operations on Preempted vCPUsShoot4U: Using VMM Assists to Optimize TLB Operations on Preempted vCPUs
Shoot4U: Using VMM Assists to Optimize TLB Operations on Preempted vCPUs
 
Docker by demo
Docker by demoDocker by demo
Docker by demo
 

Similar to Linux cgroups and namespaces

Java in containers
Java in containersJava in containers
Java in containersMartin Baez
 
2.1 Red_Hat_Cluster1.ppt
2.1 Red_Hat_Cluster1.ppt2.1 Red_Hat_Cluster1.ppt
2.1 Red_Hat_Cluster1.pptManoj603126
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansPeter Clapham
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetesTed Jung
 
HPC and cloud distributed computing, as a journey
HPC and cloud distributed computing, as a journeyHPC and cloud distributed computing, as a journey
HPC and cloud distributed computing, as a journeyPeter Clapham
 
Understand how docker works
Understand how docker worksUnderstand how docker works
Understand how docker worksLi Jingtian
 
Understand how docker works
Understand how docker worksUnderstand how docker works
Understand how docker worksJustin Li
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1sprdd
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1sprdd
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroupsKernel TLV
 
Build cloud native solution using open source
Build cloud native solution using open source Build cloud native solution using open source
Build cloud native solution using open source Nitesh Jadhav
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxWO Community
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introductionkanedafromparis
 
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPostgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPivotalOpenSourceHub
 
Grabbing the PostgreSQL Elephant by the Trunk
Grabbing the PostgreSQL Elephant by the TrunkGrabbing the PostgreSQL Elephant by the Trunk
Grabbing the PostgreSQL Elephant by the TrunkHarold Giménez
 
PostgreSQL and Linux Containers
PostgreSQL and Linux ContainersPostgreSQL and Linux Containers
PostgreSQL and Linux ContainersJignesh Shah
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 
Kubernetes Internals
Kubernetes InternalsKubernetes Internals
Kubernetes InternalsShimi Bandiel
 
virtualization-vs-containerization-paas
virtualization-vs-containerization-paasvirtualization-vs-containerization-paas
virtualization-vs-containerization-paasrajdeep
 

Similar to Linux cgroups and namespaces (20)

Java in containers
Java in containersJava in containers
Java in containers
 
2.1 Red_Hat_Cluster1.ppt
2.1 Red_Hat_Cluster1.ppt2.1 Red_Hat_Cluster1.ppt
2.1 Red_Hat_Cluster1.ppt
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
 
HPC and cloud distributed computing, as a journey
HPC and cloud distributed computing, as a journeyHPC and cloud distributed computing, as a journey
HPC and cloud distributed computing, as a journey
 
Understand how docker works
Understand how docker worksUnderstand how docker works
Understand how docker works
 
Understand how docker works
Understand how docker worksUnderstand how docker works
Understand how docker works
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroups
 
Build cloud native solution using open source
Build cloud native solution using open source Build cloud native solution using open source
Build cloud native solution using open source
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS Linux
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introduction
 
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPostgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh Shah
 
Grabbing the PostgreSQL Elephant by the Trunk
Grabbing the PostgreSQL Elephant by the TrunkGrabbing the PostgreSQL Elephant by the Trunk
Grabbing the PostgreSQL Elephant by the Trunk
 
PostgreSQL and Linux Containers
PostgreSQL and Linux ContainersPostgreSQL and Linux Containers
PostgreSQL and Linux Containers
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
Kubernetes Internals
Kubernetes InternalsKubernetes Internals
Kubernetes Internals
 
virtualization-vs-containerization-paas
virtualization-vs-containerization-paasvirtualization-vs-containerization-paas
virtualization-vs-containerization-paas
 

More from Locaweb

Random testing
Random testingRandom testing
Random testingLocaweb
 
Princípios de Concorrência em Ruby e Além
Princípios de Concorrência em Ruby e AlémPrincípios de Concorrência em Ruby e Além
Princípios de Concorrência em Ruby e AlémLocaweb
 
AngularJS
AngularJSAngularJS
AngularJSLocaweb
 
Celery for SysAdmins
Celery for SysAdminsCelery for SysAdmins
Celery for SysAdminsLocaweb
 
Testes utilizando cucumber + PhantomJs
Testes utilizando cucumber + PhantomJsTestes utilizando cucumber + PhantomJs
Testes utilizando cucumber + PhantomJsLocaweb
 
Isolamento e mvcc
Isolamento e mvccIsolamento e mvcc
Isolamento e mvccLocaweb
 
Overview Sobre Varnish
Overview Sobre VarnishOverview Sobre Varnish
Overview Sobre VarnishLocaweb
 
Tech talkrubocop
Tech talkrubocopTech talkrubocop
Tech talkrubocopLocaweb
 
Ambient Light Events- Wylkon Queiroz
Ambient Light Events- Wylkon QueirozAmbient Light Events- Wylkon Queiroz
Ambient Light Events- Wylkon QueirozLocaweb
 
Lua tech talk
Lua tech talkLua tech talk
Lua tech talkLocaweb
 
Uso de estatísticas pelo postgre sql
Uso de estatísticas pelo postgre sqlUso de estatísticas pelo postgre sql
Uso de estatísticas pelo postgre sqlLocaweb
 
Sistemas Distribuidos
Sistemas DistribuidosSistemas Distribuidos
Sistemas DistribuidosLocaweb
 
Soluções para sua empresa vender na Internet
Soluções para sua empresa vender na InternetSoluções para sua empresa vender na Internet
Soluções para sua empresa vender na InternetLocaweb
 
Comercio eletronico - Dicas práticas
Comercio eletronico - Dicas práticasComercio eletronico - Dicas práticas
Comercio eletronico - Dicas práticasLocaweb
 
API Do Email Marketing Locaweb
API Do Email Marketing LocawebAPI Do Email Marketing Locaweb
API Do Email Marketing LocawebLocaweb
 

More from Locaweb (16)

Random testing
Random testingRandom testing
Random testing
 
Princípios de Concorrência em Ruby e Além
Princípios de Concorrência em Ruby e AlémPrincípios de Concorrência em Ruby e Além
Princípios de Concorrência em Ruby e Além
 
AngularJS
AngularJSAngularJS
AngularJS
 
Celery for SysAdmins
Celery for SysAdminsCelery for SysAdmins
Celery for SysAdmins
 
Testes utilizando cucumber + PhantomJs
Testes utilizando cucumber + PhantomJsTestes utilizando cucumber + PhantomJs
Testes utilizando cucumber + PhantomJs
 
Isolamento e mvcc
Isolamento e mvccIsolamento e mvcc
Isolamento e mvcc
 
Overview Sobre Varnish
Overview Sobre VarnishOverview Sobre Varnish
Overview Sobre Varnish
 
Freenas
FreenasFreenas
Freenas
 
Tech talkrubocop
Tech talkrubocopTech talkrubocop
Tech talkrubocop
 
Ambient Light Events- Wylkon Queiroz
Ambient Light Events- Wylkon QueirozAmbient Light Events- Wylkon Queiroz
Ambient Light Events- Wylkon Queiroz
 
Lua tech talk
Lua tech talkLua tech talk
Lua tech talk
 
Uso de estatísticas pelo postgre sql
Uso de estatísticas pelo postgre sqlUso de estatísticas pelo postgre sql
Uso de estatísticas pelo postgre sql
 
Sistemas Distribuidos
Sistemas DistribuidosSistemas Distribuidos
Sistemas Distribuidos
 
Soluções para sua empresa vender na Internet
Soluções para sua empresa vender na InternetSoluções para sua empresa vender na Internet
Soluções para sua empresa vender na Internet
 
Comercio eletronico - Dicas práticas
Comercio eletronico - Dicas práticasComercio eletronico - Dicas práticas
Comercio eletronico - Dicas práticas
 
API Do Email Marketing Locaweb
API Do Email Marketing LocawebAPI Do Email Marketing Locaweb
API Do Email Marketing Locaweb
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

Linux cgroups and namespaces

  • 1. Introduction toLinux Control Groups and NamespacesAndre Ferraz @deferrazLuiz Viana @luizxxDelivery Engineering Team
  • 2.
  • 3. What is it? • Basically, a kernel feature that allows you to allocate resources among groups of tasks running on a system. • Provides a way to hierarchically group and label processes, and to apply resource limits them.
  • 4. Resource allocation• CPU time and scheduling• System memory / swap area• Network bandwidth and namespaces• Block devices bandwidth and IOPS• Device access and isolation
  • 7. Implications• Because a task can belong to only single cgroup, there is one way that be limited or affected by any single subsystem. This is logical: a feature, not limitation. • You can group several subsystems together so that they affect all tasks in a single hierarchy. Because cgroups in that hierarchy have different parameters set, those tasks will be affected differently. • Conversely, if the need for splitting subsystems among separate hierarchies is reduced, you can remove a hierarchy and attach its subsystems to an existing one. • The design allows for simple cgroup usage, such as setting a few parameters specific tasks in single hierarchy, such as one with just the cpu and memorysubsystems attached. • The design also allows for highly specific configuration: each task (process) on a system could be a member of each hierarchy, which has single attached subsystem. Such configuration would give the system administrator absolute control over all parameters for every single task. • If you are limiting resources from a user, he will have more processes waiting for and due to this, load average on your server will have higher values constantly.
  • 9. Using control groups: command line
  • 10. Using control groups: cgconfig• The cgconfig service installed with the libcgroup package provides a convenient way to create hierarchies, attach subsystems to and manage cgroups within those hierarchies. • It is recommended that you use cgconfig to manage hierarchies and cgroups on your system. • The default /etc/cgconfig.conf file installed with the libcgroup package creates and mounts an individual hierarchy for each subsystem, and attaches the subsystems to these hierarchies. The cgconfig service also allows to create configuration files in the /etc/cgconfig.d/ directory and invoke them from /etc/cgconfig.conf. • If you stop the cgconfig service (with stopcommand), it unmounts all the hierarchies that it mounted.
  • 12. Using control groups: cgred• Cgred (cgrulesengd daemon) is a service that moves tasks into cgroups according to parameters set in the /etc/cgrules.conf file. • Entries in the /etc/cgrules.conffile can take one of the two forms: user subsystems control_groupuser:command subsystems control_group• Group names can be specified prefixing the "@" character. • More than one subsystem can be specified in a comma-separated list• Commands are identified by the process name or full command path of a process.
  • 14. Using control groups: reaper• Reaper allows you to manage groups dynamically on shared multi-user environments. • Can be extended to work on any environment by creating a function validate users. • Entirely written in Python and easy to modify. • Limit exceptions can be created using the command line interface. • Does not depend on external agents. • Use of standard items from libcgroups available in most Linux distributions. Available on Github, https://github.com/lviana/reaper
  • 15. Obtaining cgroups information• Listing controllers• # lssubsys -m controllers• # cat /proc/cgroups• Finding control groups• # lscgroup• # lscgroup cpuset:adminusers• Display parameters• # cgget -r parameter list_of_cgroups• # cgget -g cpuset /
  • 16. Future... Actually, not so future anymore!
  • 17. Systemd• System service manager for Linux that provides parallelization capabilities, keeps track of processes using Linux control groups, offers on-demand starting of daemons and implements an elaborated transactional dependency-based service control logic. • A cgroup is bound to a system unit configurable with file and manageable with systemd's command-line utilities. • Cgroups in systemd can be transient or persistent.
  • 18. Transient cgroups• Using transient cgroups, you can set limits on resources consumed by the service during its runtime. • Applications can create transient cgroups dynamically by using API calls to systemd. • Commands are started directly from the systemd-runprocess and thus inherit the execution environment of caller. • Commands are run in scope units synchronous execution.
  • 19. Persistent cgroups• You can assign apersistent cgroup to a systemd service, editting its unit configuration file. • It can be used to manage services that are started automatically. • Unit configuration files are available on /usr/lib/systemd/system/ directory. • Temporary changes can be set using systemctl command.
  • 20. Where the f*ck do I use it? • Prioritizing database io• Limit resources available to end users• Optimizing processor usage• Control network access• Isolate process from devices• Optimize available physical resources• Set network traffic priority
  • 21. Projects using it• Linux Containers / LXC (https://linuxcontainers.org/) • Docker (http://docker.io) • Apache Mesos (http://mesos.apache.org) • Openstack (http://www.openstack.org) • Locaweb (http://github.com/locaweb)
  • 23. Namespaces,what is it? • Lightweight process isolation• Processes can have different views of the system than other processes• Old Concept: 1992 on plan9 (http://www.cs.bell- labs.com/sys/doc/names.html) • No hypervisor• setns() syscall
  • 24. Namespaces, types• mountpoints / fs (MNT) [First created on 2002 by Al Viro] • processes (PID) • network (NET) • System V IPC• Hostname (UTS) • User (UIDS)
  • 25. Namespaces,flags• CLONE_NEWNS 2.4.19 CAP_SYS_ADMIN• CLONE_NEWUTS 2.6.19 CAP_SYS_ADMIN• CLONE_NEWIPC 2.6.19 CAP_SYS_ADMIN• CLONE_NEWPID 2.6.24 CAP_SYS_ADMIN• CLONE_NEWNET 2.6.29 CAP_SYS_ADMIN• CLONE_NEWUSER 3.8 No cap Required
  • 26. Namespaces, syscallsclone () -create new process and namespaceunshare() -create new namespace and attaches current processsetns() -join an existing namespace
  • 27. Namespaces, network ns example# ip netns add newnet# ip link add veth0 type veth peer name veth1# ip link set veth1 netns newnet# ip netns exec newnet link list# ip netns exec newnet bash
  • 29. Namespaces, application server support• uWSGI got full namespaces support in 1.9/2.0• Additional isolated filesystems• You can detach single components to increase isolationMore information on: http://uwsgi-docs.readthedocs.org/en/latest/Namespaces.html
  • 30. Reference• https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.tree/Documentation/cgroups/ • https://access.redhat.com/documentation/en- US/Red_Hat_Enterprise_Linux/7/ • https://access.redhat.com/documentation/en- US/Red_Hat_Enterprise_Linux/6/ • http://uwsgi-docs.readthedocs.org/en/latest/Namespaces.html