Cgroups: The Next Generation RHEL 8 & Cgroups v2 Marc Richter Principal Technical Account Manager 1 What we’ll be discussing toda" Intros Cgroup Basics What’s %ew in v2 &e'o %e(t Steps 2 /whois unclemarc Linux Nerd since 1998 RHCE, cause that’s fun Red Hatter since 2015 - Principal Technical Account Manager Scout Leader since 2009 1 wife, 4 kids, 3 dogs = mild chaos 3 Wh" Cgroups* Moving Parts Modern computers are pretty dang bus"+ Even so,called -serverless. applications are but one of man" jobs running on a single piece of hardware+ We need tools to manage the balance o/ all the critical resources on the s"ste'+ Cgroups are an important tool for performance tuning+ 4 Per/or'ance Tuning? Har!1 Do not want! 5 A Real World Problem Database Server Clustered database server, load would vary during the workday+ Mandatory Security Scanner Periodic 0ob to loo3 for malware and other nastiness+ Takes all the processor time it can get. Cluster Agent #f on the same core as the scanner, woul! get starved for CP4 during us" times+ This would cause a fencing event 6 A Real World Problem. Fixed Create a control group )"stem was RHEL 62 so we used the libcgroup tools to create a cgroup under the CP4 controller. Set CPU Quota for new cgroup We set the maxium CP4 allowed to 667 of a single core+ Scanning Agent When launche!2 the agent gets placed into the new control group+ It can NE8ER e(ceed the CP4 9uota Pro!t" The server stopped being fence!2 as the cluster agent was never starved for CP4 time+ 7 “Tell me more about these wondrous cgroups...! $ernel %ased Controllers :/;ciall" appeared in RHEL 6+ Re<uired manual con;guration to enable and use+ Core syste&d co&ponent RHEL 7 and 8 both use cgroups v> (same concept as cgroups in RHEL 6@ as their default in s"ste'!+ %ot optional2 re<uire! /or proper s"ste' operation+ Not all controllers used by s"ste'!+ 'equired for containers Cgroups are a foundational component for containers2 along with kernel namespaces and SELinu(+ # "ersion 1 Default in all '*+, #t’s the onl" version available in RHEL 6 and RHEL = and is the default in RHEL8 Controlled via a virtual !lesystem Mounted at As"sAfsAcgroup B this can be anal"Ced for current state and modi;ed to change state+ Man" actions have co'man!s or APIs rather than 'anuall" manipulating this ;les"ste' Cgroups are arranged under controllers Each controller has a hierarch" under it. A process can en! up e(isting in one or more cgroups at the same ti'e+ This can lead to some confusion ) "ersion 2 /ptional in '*+L # Can be enabled with a kernel boot option+ Most co''ands are supporte!2 so'e use cases are not yet in place+ Controlled via a virtual !lesystem Mounted at As"sAfsAcgroup B this can be anal"Ced for current state and modi;ed to change state+ Man" actions have co'man!s or APIs rather than 'anuall" manipulating this ;les"ste' Single 0ierarc0y There is a single hierarch" for all cgroups+ Controllers are enabled for su trees in the hierarch"+ A process can onl" e(ist in one cgroup at a ti'e+ This si'pl;es managing the processes a bit. -. "ersion 2 Controllers in RHEL 8 1our currently supported CP4 Me'ory $LD#: P#&s -- Exploring the virtual files"ste' -2 Exploring the virtual files"ste' -3 Exploring the virtual files"ste' -4 Exploring the virtual files"ste' 15 )emo Using syste&ctl and cgroups v2 #n this de'onstration2 we’ll use the s"ste'ctl co''and to change the CP4 quota o/ user “mrichter” on the fl"+ We’ll see what changes happen in the virtual files"ste'+ You’ll also 'eet Mr+ Scope2 an interesting character. -6 *+ Mar Forgot to Mention During the Demo... Persistence )etting a property writes it to the AetcAs"ste'!As"ste'+control directory+ This overrides drop,ins in AetcAs"ste'!As"ste'A -7 So un lemar . should we be using cgroups v$0 4ot fully i&plemented for all use cases libvirt runc Dubernetes Version 1 remains t0e default )upport for v1 will re'ain /or lifespan of RHEL 8 an! will always be the default libcgroup tools A'E &ost li6ely going away #t is ti'e to move off of tooling that relies on the ol!,school RHEL 6 flavored libcgroup packages -# Next -teps Cgroups %log Series httpsGAAwww+redhat+co'AenAblogAauthorsA'arc-richter '*+L # Syste& Docu&entation httpsGAAaccess+redhat.co'AdocumentationAen,usA re!Hhat_enterpriseHlinu(A8A Cgroups $ernel Doc httpsGAAwww+3ernel+orgAdoc/&ocu'entationAcgroup,v2+txt -) Questions0 2. CONFIDENTIAL &esignator Thank you lin3e!in+co'/co'pany/red,hat youtu e+co'/userARe!Hat8i!eos Re! Hat is the worl!’s lea!ing provi!er o/ enterprise open source so/tware solutions. Awar!,winning /ace oo3+co'Aredhatinc support2 training, an! consulting services 'a3e Re! Hat a trusted a!viser to the Iortune J66+ twitter+co'ARe!Hat $#.