pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / doc / manual / administration / control-groups.xml
at 17.09-beta 2.9 kB view raw
1<chapter xmlns="http://docbook.org/ns/docbook" 2 xmlns:xlink="http://www.w3.org/1999/xlink" 3 xmlns:xi="http://www.w3.org/2001/XInclude" 4 version="5.0" 5 xml:id="sec-cgroups"> 6 7<title>Control Groups</title> 8 9<para>To keep track of the processes in a running system, systemd uses 10<emphasis>control groups</emphasis> (cgroups). A control group is a 11set of processes used to allocate resources such as CPU, memory or I/O 12bandwidth. There can be multiple control group hierarchies, allowing 13each kind of resource to be managed independently.</para> 14 15<para>The command <command>systemd-cgls</command> lists all control 16groups in the <literal>systemd</literal> hierarchy, which is what 17systemd uses to keep track of the processes belonging to each service 18or user session: 19 20<screen> 21$ systemd-cgls 22├─user 23│ └─eelco 24│ └─c1 25│ ├─ 2567 -:0 26│ ├─ 2682 kdeinit4: kdeinit4 Running... 27│ ├─ <replaceable>...</replaceable> 28│ └─10851 sh -c less -R 29└─system 30 ├─httpd.service 31 │ ├─2444 httpd -f /nix/store/3pyacby5cpr55a03qwbnndizpciwq161-httpd.conf -DNO_DETACH 32 │ └─<replaceable>...</replaceable> 33 ├─dhcpcd.service 34 │ └─2376 dhcpcd --config /nix/store/f8dif8dsi2yaa70n03xir8r653776ka6-dhcpcd.conf 35 └─ <replaceable>...</replaceable> 36</screen> 37 38Similarly, <command>systemd-cgls cpu</command> shows the cgroups in 39the CPU hierarchy, which allows per-cgroup CPU scheduling priorities. 40By default, every systemd service gets its own CPU cgroup, while all 41user sessions are in the top-level CPU cgroup. This ensures, for 42instance, that a thousand run-away processes in the 43<literal>httpd.service</literal> cgroup cannot starve the CPU for one 44process in the <literal>postgresql.service</literal> cgroup. (By 45contrast, it they were in the same cgroup, then the PostgreSQL process 46would get 1/1001 of the cgroup’s CPU time.) You can limit a service’s 47CPU share in <filename>configuration.nix</filename>: 48 49<programlisting> 50systemd.services.httpd.serviceConfig.CPUShares = 512; 51</programlisting> 52 53By default, every cgroup has 1024 CPU shares, so this will halve the 54CPU allocation of the <literal>httpd.service</literal> cgroup.</para> 55 56<para>There also is a <literal>memory</literal> hierarchy that 57controls memory allocation limits; by default, all processes are in 58the top-level cgroup, so any service or session can exhaust all 59available memory. Per-cgroup memory limits can be specified in 60<filename>configuration.nix</filename>; for instance, to limit 61<literal>httpd.service</literal> to 512 MiB of RAM (excluding swap): 62 63<programlisting> 64systemd.services.httpd.serviceConfig.MemoryLimit = "512M"; 65</programlisting> 66 67</para> 68 69<para>The command <command>systemd-cgtop</command> shows a 70continuously updated list of all cgroups with their CPU and memory 71usage.</para> 72 73</chapter>