OpenRC/CGroups

From Gentoo Wiki
< OpenRC
Jump to:navigation Jump to:search

OpenRC includes support for cgroups. Cgroup support is implemented following the recommendations from freedesktop.org.

OpenRC creates its own cgroup controller named openrc in which the service processes are put. If set in the service's options a new cgroup controller named openrc_${service_name} is created to hold its process inclusive all its child services' processes. The result is a hierarchical tree of cgroups containing the service processes.

Configuration

Activating cgroup feature support

The cgroup feature is only available on Linux.

To use cgroups in OpenRC turn on the following option in the main rc configuration file:

FILE /etc/rc.confTurn on the cgroup feature support
rc_controller_cgroups="YES"

Each cgroup controller is mounted at: /sys/fs/cgroup

All other features described in this wiki page will work only if you have set this option to YES.

CGroups version 2

CGroups version 2 can be used exclusively or in hybrid mode. Some programs like docker only work when cgroups version 1 are available (since 20.10 docker supports CGroups version 2)[1].

FILE /etc/rc.confUse both cgroups version 1 and 2
rc_cgroup_mode="hybrid"

Controllers for cgroups version 2 need to be enabled explicitly. If hybrid mode is being used, controllers listed here will not be available for cgroups version 1.

FILE /etc/rc.confEnable controllers for cgroups version 2
rc_cgroup_controllers="cpuset cpu io memory hugetlb pids"

Setting limits

CGroups version 1

For each cgroup controller one can set options in the form of:

FILE /etc/rc.confSet cgroup controller option globally for all services
rc_cgroup_${CONTROLLER_NAME}="${CONTROLLER_NAME}.${OPTION_NAME} ${OPTION_VALUE}"

or

FILE /etc/conf.d/${service_name}Set cgroup controller option for one service
rc_cgroup_${CONTROLLER_NAME}="${CONTROLLER_NAME}.${OPTION_NAME} ${OPTION_VALUE}"

For example, you would use this to set the cpu.shares setting in the CPU controller to 512 for the service.

FILE /etc/conf.d/${service_name}
rc_cgroup_cpu="cpu.shares 512"

For more information about the adjustments that can be made with cgroups, see Documentation/cgroups/* in the Linux kernel source tree.

CGroups version 2

This example limits the service to the power of 1.5 cpu cores (1500000 / 1000000), puts it under heavy reclaim pressure if 4 GiB of memory is exceeded and invokes the OOM killer if the memory consumption exceeds 5 GiB.

FILE /etc/conf.d/${service_name}Set cgroup settings option for one service
rc_cgroup_settings="
    cpu.max 1500000 1000000
    memory.high 4G
    memory.max 5G
"

For more information about cgroups version 2, see Documentation/admin-guide/cgroup-v2.rst[2] in the Linux kernel source tree.

Service cleanup

It is possible to trigger the killing of the whole service's process tree inside the same process cgroup if the service gets stopped or restarted. This is achieved by setting the following option in the service's rc script:

FILE /etc/conf.d/${service_name}an example of triggering cgroup cleanup
rc_cgroup_cleanup="yes"

This option should not be set globally as it will kill all service's child processes e.g. SSH connections or apache workers, as OpenRC doesn't support automatic process cgroup-relocation as it is done in logind services.

Service death notification

TBD

Possible improvements

  • System notification about cleared cgroups (can be done via sh user script).
  • Grouping cgroups subsystems together.
  • Support for userlevel cgroups.

OpenRC cgroup architecture

TODO: shortly describe architecture

References

  1. https://github.com/docker/docs/blob/872f6850207ba97fa966c34fc906a05235783c5e/engine/release-notes/index.md#runtime
  2. https://www.kernel.org/doc/html/v5.14-rc1/admin-guide/cgroup-v2.html
Retrieved from "https://wiki.gentoo.org/index.php?title=OpenRC/CGroups&oldid=1160603"