TLDR Cgroups v2: resource management done even worse the second time around by davmac
Despite an attempt to create clearer API and simplify controllers implementation, v2 got its own quirks, you should probably know about.
It’s with some bemusement that I watch various Linux kernel developers flounder in their attempts to produce decent, process-hierarchy based, resource control.
So, first came Cgroups v1:
- mount a special “cgroup” file system somewhere.
- create directories in it to represent control groups.
- each directory will contain a bunch of files one can use to control the group.
- moving a process into a group is done by writing its PID into the group’s control file.
… there are Cgroup controllers don’t really manage resource utilisation as such (eg the “freezer”).
O_o
It’s just for “grouping” processes together.
Then came Cgroups v2
Read some aspects of why they were needed here and here.
V2 improvements:
- Cgroups v2 have a “unified hierarchy” where you can enable or disable controllers at the group level.
- V1 individual threads might’ve been put to different control groups; v2 operates only with processes . This makes more sense.
- Cgroups v2 do not allows a cgroup to contain both processes and subgroups — an awkward limitation that achieves nothing
..let’s say I want to run a child process with constraints. First, create new cgroup B which is a child of my own cgroup A. Then enable constraint for B. Then I have to create another cgroup C inside B, so that I can move child process into it.
Yes, that’s right: I had to create two cgroups just to control the resource allocation for one process. This wasn’t necessary with the old v1 interface. It got worse.
Also
there is no way to reliably kill off a group. Systemd iterates through the process ids in the group and send a signal to each one; however, this is racy — the process may have died in the meantime, and even worse, the process ID may have been recycled and given to a new process.
That’s right — Systemd potentially kills off the wrong process.
Summary
Cgroups v2 gives us a unified hierarchy, improved “empty group” notification, and an annoying interface quirk which makes it in many respects more complicated than the v1 interface. Two steps forward, one backwards
This week sponsor okmeter.io — cgroups and process monitoring done right.
