Resource Management with systemd LinuxCon North America 2013

Lennart Poettering

September 2013

Lennart Poettering Resource Management with systemd Resource Management?

Lennart Poettering Resource Management with systemd On embedded: limited resources, lots of things to run On servers: a lot of resources, maximization of density Underlying technology for systemd: Linux kernel control groups

Distributing available CPU, IO, and memory resources between services/applications

Lennart Poettering Resource Management with systemd On servers: a lot of resources, maximization of density Underlying technology for systemd: Linux kernel control groups

Distributing available CPU, IO, and memory resources between services/applications On embedded: limited resources, lots of things to run

Lennart Poettering Resource Management with systemd Underlying technology for systemd: Linux kernel control groups

Distributing available CPU, IO, and memory resources between services/applications On embedded: limited resources, lots of things to run On servers: a lot of resources, maximization of density

Lennart Poettering Resource Management with systemd Distributing available CPU, IO, and memory resources between services/applications On embedded: limited resources, lots of things to run On servers: a lot of resources, maximization of density Underlying technology for systemd: Linux kernel control groups

Lennart Poettering Resource Management with systemd First used by systemd merely for grouping processes Original purpose from the kernel side though: resource management

Control Groups

Lennart Poettering Resource Management with systemd Original purpose from the kernel side though: resource management

Control Groups First used by systemd merely for grouping processes

Lennart Poettering Resource Management with systemd Control Groups First used by systemd merely for grouping processes Original purpose from the kernel side though: resource management

Lennart Poettering Resource Management with systemd cgroups are now an implementation detail

systemd hides the fact that cgroups is used underneath

Lennart Poettering Resource Management with systemd systemd hides the fact that cgroups is used underneath cgroups are now an implementation detail

Lennart Poettering Resource Management with systemd (Why is this a job for systemd?)

(Can I still use cgroups without systemd?)

Lennart Poettering Resource Management with systemd (Can I still use cgroups without systemd?) (Why is this a job for systemd?)

Lennart Poettering Resource Management with systemd Services, Scopes, Slices

systemd’s resource management is based on units

Lennart Poettering Resource Management with systemd systemd’s resource management is based on units Services, Scopes, Slices

Lennart Poettering Resource Management with systemd Scope = A group of processes, which others have started and registered using runtime APIs (Example: fedora17.scope) Slice = A unit to build a hierarchy to place service and scope units in (Example: customer1.slice) (User sessions, containers, VMs are exposed as scopes.) Slices do not contain process, they simply organize a hierarchy in which scopes and services may be placed, which in turn contain the processes

Service = A group of processes, which systemd started based on unit configuration. (Example: apache.service)

Lennart Poettering Resource Management with systemd Slice = A unit to build a hierarchy to place service and scope units in (Example: customer1.slice) (User sessions, containers, VMs are exposed as scopes.) Slices do not contain process, they simply organize a hierarchy in which scopes and services may be placed, which in turn contain the processes

Service = A group of processes, which systemd started based on unit configuration. (Example: apache.service) Scope = A group of processes, which others have started and registered using runtime APIs (Example: fedora17.scope)

Lennart Poettering Resource Management with systemd (User sessions, containers, VMs are exposed as scopes.) Slices do not contain process, they simply organize a hierarchy in which scopes and services may be placed, which in turn contain the processes

Service = A group of processes, which systemd started based on unit configuration. (Example: apache.service) Scope = A group of processes, which others have started and registered using runtime APIs (Example: fedora17.scope) Slice = A unit to build a hierarchy to place service and scope units in (Example: customer1.slice)

Lennart Poettering Resource Management with systemd Slices do not contain process, they simply organize a hierarchy in which scopes and services may be placed, which in turn contain the processes

Service = A group of processes, which systemd started based on unit configuration. (Example: apache.service) Scope = A group of processes, which others have started and registered using runtime APIs (Example: fedora17.scope) Slice = A unit to build a hierarchy to place service and scope units in (Example: customer1.slice) (User sessions, containers, VMs are exposed as scopes.)

Lennart Poettering Resource Management with systemd Service = A group of processes, which systemd started based on unit configuration. (Example: apache.service) Scope = A group of processes, which others have started and registered using runtime APIs (Example: fedora17.scope) Slice = A unit to build a hierarchy to place service and scope units in (Example: customer1.slice) (User sessions, containers, VMs are exposed as scopes.) Slices do not contain process, they simply organize a hierarchy in which scopes and services may be placed, which in turn contain the processes

Lennart Poettering Resource Management with systemd Examples: foo.slice, foo-bar.slice customer1.slice, customer1-departmentA.slice, customer1-departmentA-projectalpha.slice systemd-cgls is your friend!

Slices are organized in a hierarchy, the name of a slice unit corresponds with the path to the location in the hierarchy.

Lennart Poettering Resource Management with systemd systemd-cgls is your friend!

Slices are organized in a hierarchy, the name of a slice unit corresponds with the path to the location in the hierarchy. Examples: foo.slice, foo-bar.slice customer1.slice, customer1-departmentA.slice, customer1-departmentA-projectalpha.slice

Lennart Poettering Resource Management with systemd Slices are organized in a hierarchy, the name of a slice unit corresponds with the path to the location in the hierarchy. Examples: foo.slice, foo-bar.slice customer1.slice, customer1-departmentA.slice, customer1-departmentA-projectalpha.slice systemd-cgls is your friend!

Lennart Poettering Resource Management with systemd Default:

+ system.slice | + systemd-udevd.service | + systemd-logind.service | + systemd-journald.service | + apache.service | + mysql.service + user.slice | + user-100.slice | + session-1.scope + machine.slice + fedora-20.scope

Lennart Poettering Resource Management with systemd Example:

+ customer1.slice | + customer1-apache.service | + customer1-mariadb.service + customer2.slice + customer2-departmentA.slice | + customer2-departmentA-apache.service | + customer2-departmentA-mariadb.service + customer2-departmentB.slice + customer2-departmentA-postgresql.service + customer2-departmentA-rhel7.scope + customer2-departmentA-rhel6.scope

Lennart Poettering Resource Management with systemd Every user session automatically gets its own scope within that slice Every templated service automatically gets a slice for grouping all instances

Every user automatically gets his own slice when he logs in

Lennart Poettering Resource Management with systemd Every templated service automatically gets a slice for grouping all instances

Every user automatically gets his own slice when he logs in Every user session automatically gets its own scope within that slice

Lennart Poettering Resource Management with systemd Every user automatically gets his own slice when he logs in Every user session automatically gets its own scope within that slice Every templated service automatically gets a slice for grouping all instances

Lennart Poettering Resource Management with systemd Example:

+ customer1.slice + customer1-apache.slice + [email protected] + [email protected]

Lennart Poettering Resource Management with systemd Slice=

Arranging units in slices

Lennart Poettering Resource Management with systemd Arranging units in slices Slice=

Lennart Poettering Resource Management with systemd CPUAccounting=1, CPUShares= MemoryAccounting=1, MemoryLimit=, MemorySoftLimit= BlockIOAccounting=1, BlockIOWeight=, BlockIODeviceWeight=, BlockIOReadBandwidth=, BlockIOWriteBandwidth= DeviceAllow=, DevicePolicy=

Setting resources on units

Lennart Poettering Resource Management with systemd MemoryAccounting=1, MemoryLimit=, MemorySoftLimit= BlockIOAccounting=1, BlockIOWeight=, BlockIODeviceWeight=, BlockIOReadBandwidth=, BlockIOWriteBandwidth= DeviceAllow=, DevicePolicy=

Setting resources on units CPUAccounting=1, CPUShares=

Lennart Poettering Resource Management with systemd BlockIOAccounting=1, BlockIOWeight=, BlockIODeviceWeight=, BlockIOReadBandwidth=, BlockIOWriteBandwidth= DeviceAllow=, DevicePolicy=

Setting resources on units CPUAccounting=1, CPUShares= MemoryAccounting=1, MemoryLimit=, MemorySoftLimit=

Lennart Poettering Resource Management with systemd DeviceAllow=, DevicePolicy=

Setting resources on units CPUAccounting=1, CPUShares= MemoryAccounting=1, MemoryLimit=, MemorySoftLimit= BlockIOAccounting=1, BlockIOWeight=, BlockIODeviceWeight=, BlockIOReadBandwidth=, BlockIOWriteBandwidth=

Lennart Poettering Resource Management with systemd Setting resources on units CPUAccounting=1, CPUShares= MemoryAccounting=1, MemoryLimit=, MemorySoftLimit= BlockIOAccounting=1, BlockIOWeight=, BlockIODeviceWeight=, BlockIOReadBandwidth=, BlockIOWriteBandwidth= DeviceAllow=, DevicePolicy=

Lennart Poettering Resource Management with systemd [Unit] Description=Foobar Daemon

[Service] ExecStart=/usr/bin/foobard CPUShares=600 MemoryLimit=500M

For services and slices in unit files or drop-ins:

Lennart Poettering Resource Management with systemd For services and slices in unit files or drop-ins:

[Unit] Description=Foobar Daemon

[Service] ExecStart=/usr/bin/foobard CPUShares=600 MemoryLimit=500M

Lennart Poettering Resource Management with systemd $ systemctl set-property httpd.service CPUShares=600 MemoryLimit=500M

At runtime with systemctl:

Lennart Poettering Resource Management with systemd At runtime with systemctl: $ systemctl set-property httpd.service CPUShares=600 MemoryLimit=500M

Lennart Poettering Resource Management with systemd . . . from your app via bus calls

Lennart Poettering Resource Management with systemd systemd-cgtop Don’t forget to enable CPU/Memory/BlockIO accounting!

Monitoring

Lennart Poettering Resource Management with systemd Don’t forget to enable CPU/Memory/BlockIO accounting!

Monitoring systemd-cgtop

Lennart Poettering Resource Management with systemd Monitoring systemd-cgtop Don’t forget to enable CPU/Memory/BlockIO accounting!

Lennart Poettering Resource Management with systemd Not dynamically changable for units

There’s more to resource management! Nice=, IOSchedulingClass=, IOSchedulingPriority=, CPUSchedulingPolicy=, CPUSchedulingPriority=, CPUAffinity=, TimerSlackNS=, LimitCPU=, . . . ,

Lennart Poettering Resource Management with systemd There’s more to resource management! Nice=, IOSchedulingClass=, IOSchedulingPriority=, CPUSchedulingPolicy=, CPUSchedulingPriority=, CPUAffinity=, TimerSlackNS=, LimitCPU=, . . . , Not dynamically changable for units

Lennart Poettering Resource Management with systemd That’s all, folks!

Lennart Poettering Resource Management with systemd