## 检查进程所处 cgroup
root@DESKTOP-UMENNVI:~/cgroup-test/cgroup-1# cat /proc/1945/cgroup
14:name=cgroup-test:/cgroup-1
13:rdma:/
12:pids:/
11:hugetlb:/
10:net_prio:/
9:perf_event:/
8:net_cls:/
7:freezer:/
6:devices:/
5:memory:/
4:blkio:/
3:cpuacct:/
2:cpu:/
1:cpuset:/
0::/
root@DESKTOP-UMENNVI:~/cgroup-test/cgroup-1#
复制代码可以看到当前的1945进程已经被加到cgroup-test:/cgroup-1中了
systemd-run --unit=toptest --slice=test top -b
root@ubuntu:/home/ubuntu# systemctl status test.slice ● test.slice Loaded: loaded Active: active since Sat 2020-10-31 11:10:29 HKT; 53s ago Tasks: 1 CGroup: /test.slice └─toptest.service └─55739 /usr/bin/top -b Oct 31 11:11:09 ubuntu top[55739]: 1004 root 0 -20 Oct 31 11:11:09 ubuntu top[55739]: 1005 root 20 0 Oct 31 11:11:09 ubuntu top[55739]: 1006 root 0 -20 Oct 31 11:11:09 ubuntu top[55739]: 1008 root 0 -20 Oct 31 11:11:09 ubuntu top[55739]: 1021 root 0 -20 Oct 31 11:11:09 ubuntu top[55739]: 1027 root 0 -20 root@ubuntu:/home/ubuntu# cat /proc/55739/cgroup 12:freezer:/ 11:blkio:/test.slice 10:devices:/test.slice 9:net_cls,net_prio:/ 8:hugetlb:/ 7:rdma:/ 6:perf_event:/ 5:pids:/test.slice/toptest.service 4:memory:/test.slice 3:cpuset:/ 2:cpu,cpuacct:/test.slice 1:name=systemd:/test.slice/toptest.service 0::/test.slice/toptest.service root@ubuntu:/home/ubuntu# systemctl set-property toptest.service CPUShares=600 MemoryLimit=500M root@ubuntu:/home/ubuntu# cat /proc/55739/cgroup 12:freezer:/ 11:blkio:/test.slice 10:devices:/test.slice 9:net_cls,net_prio:/ 8:hugetlb:/ 7:rdma:/ 6:perf_event:/ 5:pids:/test.slice/toptest.service 4:memory:/test.slice/toptest.service 3:cpuset:/ 2:cpu,cpuacct:/test.slice/toptest.service 1:name=systemd:/test.slice/toptest.service 0::/test.slice/toptest.service root@ubuntu:/home/ubuntu#
root@ubuntu:/home/ubuntu# cat /proc/51365/cgroup 12:freezer:/ 11:blkio:/user.slice 10:devices:/user.slice 9:net_cls,net_prio:/ 8:hugetlb:/ 7:rdma:/ 6:perf_event:/ 5:pids:/user.slice/user-1000.slice/session-711.scope 4:memory:/user.slice 3:cpuset:/ 2:cpu,cpuacct:/user.slice 1:name=systemd:/user.slice/user-1000.slice/session-711.scope 0::/user.slice/user-1000.slice/session-711.scope root@ubuntu:/home/ubuntu#
在 CPU 和 memory 子系统中都出现了 toptest.service 的名字。同时去查看 /sys/fs/cgroup/memory/test.slice 和 /sys/fs/cgroup/cpu/test.slice 目录,这两个目录下都多出了一个 toptest.service 目录。我们设置的 CPUShares=600 MemoryLimit=500M 被分别写入了这些目录下的对应文件中。
root@ubuntu:/home/ubuntu# ls /sys/fs/cgroup/cpu/test.slice -l total 0 -rw-r--r-- 1 root root 0 Oct 31 11:10 cgroup.clone_children -rw-r--r-- 1 root root 0 Oct 31 11:10 cgroup.procs -r--r--r-- 1 root root 0 Oct 31 11:10 cpuacct.stat -rw-r--r-- 1 root root 0 Oct 31 11:10 cpuacct.usage -r--r--r-- 1 root root 0 Oct 31 11:10 cpuacct.usage_all -r--r--r-- 1 root root 0 Oct 31 11:10 cpuacct.usage_percpu -r--r--r-- 1 root root 0 Oct 31 11:10 cpuacct.usage_percpu_sys -r--r--r-- 1 root root 0 Oct 31 11:10 cpuacct.usage_percpu_user -r--r--r-- 1 root root 0 Oct 31 11:10 cpuacct.usage_sys -r--r--r-- 1 root root 0 Oct 31 11:10 cpuacct.usage_user -rw-r--r-- 1 root root 0 Oct 31 11:10 cpu.cfs_period_us -rw-r--r-- 1 root root 0 Oct 31 11:10 cpu.cfs_quota_us -rw-r--r-- 1 root root 0 Oct 31 11:10 cpu.shares -r--r--r-- 1 root root 0 Oct 31 11:10 cpu.stat -rw-r--r-- 1 root root 0 Oct 31 11:10 notify_on_release -rw-r--r-- 1 root root 0 Oct 31 11:10 tasks drwxr-xr-x 2 root root 0 Oct 31 11:12 toptest.service root@ubuntu:/home/ubuntu# ls /sys/fs/cgroup/memory/test.slice -l total 0 -rw-r--r-- 1 root root 0 Oct 31 11:10 cgroup.clone_children --w--w--w- 1 root root 0 Oct 31 11:10 cgroup.event_control -rw-r--r-- 1 root root 0 Oct 31 11:10 cgroup.procs -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.failcnt --w------- 1 root root 0 Oct 31 11:10 memory.force_empty -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.kmem.failcnt -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.kmem.limit_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.kmem.max_usage_in_bytes -r--r--r-- 1 root root 0 Oct 31 11:10 memory.kmem.slabinfo -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.kmem.tcp.failcnt -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.kmem.tcp.limit_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.kmem.tcp.max_usage_in_bytes -r--r--r-- 1 root root 0 Oct 31 11:10 memory.kmem.tcp.usage_in_bytes -r--r--r-- 1 root root 0 Oct 31 11:10 memory.kmem.usage_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.limit_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.max_usage_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.move_charge_at_immigrate -r--r--r-- 1 root root 0 Oct 31 11:10 memory.numa_stat -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.oom_control ---------- 1 root root 0 Oct 31 11:10 memory.pressure_level -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.soft_limit_in_bytes -r--r--r-- 1 root root 0 Oct 31 11:10 memory.stat -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.swappiness -r--r--r-- 1 root root 0 Oct 31 11:10 memory.usage_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:10 memory.use_hierarchy -rw-r--r-- 1 root root 0 Oct 31 11:10 notify_on_release -rw-r--r-- 1 root root 0 Oct 31 11:10 tasks drwxr-xr-x 2 root root 0 Oct 31 11:12 toptest.service root@ubuntu:/home/ubuntu#
临时 cgroup 的特征是,所包含的进程一旦结束,临时 cgroup 就会被自动释放。比如我们 kill 掉 top 进程,然后再查看 /sys/fs/cgroup/memory/test.slice 和 /sys/fs/cgroup/cpu/test.slice 目录,刚才的 toptest.service 目录已经不见了。
root@ubuntu:/home/ubuntu# kill -9 55739 root@ubuntu:/home/ubuntu# ls /sys/fs/cgroup/memory/test.slice -l total 0 -rw-r--r-- 1 root root 0 Oct 31 11:15 cgroup.clone_children --w--w--w- 1 root root 0 Oct 31 11:15 cgroup.event_control -rw-r--r-- 1 root root 0 Oct 31 11:15 cgroup.procs -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.failcnt --w------- 1 root root 0 Oct 31 11:15 memory.force_empty -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.kmem.failcnt -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.kmem.limit_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.kmem.max_usage_in_bytes -r--r--r-- 1 root root 0 Oct 31 11:15 memory.kmem.slabinfo -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.kmem.tcp.failcnt -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.kmem.tcp.limit_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.kmem.tcp.max_usage_in_bytes -r--r--r-- 1 root root 0 Oct 31 11:15 memory.kmem.tcp.usage_in_bytes -r--r--r-- 1 root root 0 Oct 31 11:15 memory.kmem.usage_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.limit_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.max_usage_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.move_charge_at_immigrate -r--r--r-- 1 root root 0 Oct 31 11:15 memory.numa_stat -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.oom_control ---------- 1 root root 0 Oct 31 11:15 memory.pressure_level -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.soft_limit_in_bytes -r--r--r-- 1 root root 0 Oct 31 11:15 memory.stat -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.swappiness -r--r--r-- 1 root root 0 Oct 31 11:15 memory.usage_in_bytes -rw-r--r-- 1 root root 0 Oct 31 11:15 memory.use_hierarchy -rw-r--r-- 1 root root 0 Oct 31 11:15 notify_on_release -rw-r--r-- 1 root root 0 Oct 31 11:15 tasks root@ubuntu:/home/ubuntu# ls /sys/fs/cgroup/cpu/test.slice -l total 0 -rw-r--r-- 1 root root 0 Oct 31 11:15 cgroup.clone_children -rw-r--r-- 1 root root 0 Oct 31 11:15 cgroup.procs -r--r--r-- 1 root root 0 Oct 31 11:15 cpuacct.stat -rw-r--r-- 1 root root 0 Oct 31 11:15 cpuacct.usage -r--r--r-- 1 root root 0 Oct 31 11:15 cpuacct.usage_all -r--r--r-- 1 root root 0 Oct 31 11:15 cpuacct.usage_percpu -r--r--r-- 1 root root 0 Oct 31 11:15 cpuacct.usage_percpu_sys -r--r--r-- 1 root root 0 Oct 31 11:15 cpuacct.usage_percpu_user -r--r--r-- 1 root root 0 Oct 31 11:15 cpuacct.usage_sys -r--r--r-- 1 root root 0 Oct 31 11:15 cpuacct.usage_user -rw-r--r-- 1 root root 0 Oct 31 11:15 cpu.cfs_period_us -rw-r--r-- 1 root root 0 Oct 31 11:15 cpu.cfs_quota_us -rw-r--r-- 1 root root 0 Oct 31 11:15 cpu.shares -r--r--r-- 1 root root 0 Oct 31 11:15 cpu.stat -rw-r--r-- 1 root root 0 Oct 31 11:15 notify_on_release -rw-r--r-- 1 root root 0 Oct 31 11:15 tasks root@ubuntu:/home/ubuntu#
root@ubuntu:/home/ubuntu# systemctl restart toptest root@ubuntu:/home/ubuntu# systemctl status test.slice ● test.slice Loaded: loaded Active: active since Sat 2020-10-31 11:10:29 HKT; 9min ag Tasks: 1 CGroup: /test.slice └─toptest.service └─58384 /usr/bin/top -b Oct 31 11:20:00 ubuntu top[58384]: 164 root 20 0 Oct 31 11:20:00 ubuntu top[58384]: 166 root 0 -20 Oct 31 11:20:00 ubuntu top[58384]: 167 root 20 0 Oct 31 11:20:00 ubuntu top[58384]: 168 root -51 0 Oct 31 11:20:00 ubuntu top[58384]: 169 root rt 0 Oct 31 11:20:00 ubuntu top[58384]: 170 root 20 0 root@ubuntu:/home/ubuntu#
root@cloud:~# ls /sys/fs/cgroup/cpu/docker cgroup.clone_children cpu.cfs_period_us cgroup.procs cpu.cfs_quota_us cpuacct.stat cpu.shares cpuacct.usage cpu.stat cpuacct.usage_all cpu.uclamp.max cpuacct.usage_percpu cpu.uclamp.min cpuacct.usage_percpu_sys kata_d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56 cpuacct.usage_percpu_user notify_on_release cpuacct.usage_sys tasks cpuacct.usage_user root@cloud:~# ps -elf | grep d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56 0 S root 23321 22795 0 80 0 - 177146 futex_ 14:02 ? 00:00:00 containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56 -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-kata-runtime 4 S root 23380 23321 0 80 0 - 1037498 sys_po 14:02 ? 00:00:00 /usr/bin/virtiofsd --syslog -f -o cache=auto -o no_posix_lock -o source=/run/kata-containers/shared/sandboxes/d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56/shared --fd=3 0 S root 23381 23321 0 80 0 - 2820165 futex_ 14:02 ? 00:00:01 /usr/bin/cloud-hypervisor --api-socket /run/vc/vm/d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56/clh-api.sock --seccomp false 0 S root 23539 23321 0 80 0 - 309216 futex_ 14:02 pts/1 00:00:00 /usr/libexec/kata-containers/kata-shim -agent hvsock:///run/vc/vm/d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56/clh.sock:1024 -container d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56 -exec-id d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56 -terminal 0 R root 23568 23522 0 80 0 - 1451 - 14:07 pts/2 00:00:00 grep --color=auto d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56 root@cloud:~# ls /sys/fs/cgroup/cpu/docker -l total 0 -rw-r--r-- 1 root root 0 Oct 21 17:34 cgroup.clone_children -rw-r--r-- 1 root root 0 Oct 21 17:34 cgroup.procs -r--r--r-- 1 root root 0 Oct 21 17:34 cpuacct.stat -rw-r--r-- 1 root root 0 Oct 21 17:34 cpuacct.usage -r--r--r-- 1 root root 0 Oct 21 17:34 cpuacct.usage_all -r--r--r-- 1 root root 0 Oct 21 17:34 cpuacct.usage_percpu -r--r--r-- 1 root root 0 Oct 21 17:34 cpuacct.usage_percpu_sys -r--r--r-- 1 root root 0 Oct 21 17:34 cpuacct.usage_percpu_user -r--r--r-- 1 root root 0 Oct 21 17:34 cpuacct.usage_sys -r--r--r-- 1 root root 0 Oct 21 17:34 cpuacct.usage_user -rw-r--r-- 1 root root 0 Oct 21 17:34 cpu.cfs_period_us -rw-r--r-- 1 root root 0 Oct 21 17:34 cpu.cfs_quota_us -rw-r--r-- 1 root root 0 Oct 21 17:34 cpu.shares -r--r--r-- 1 root root 0 Oct 21 17:34 cpu.stat -rw-r--r-- 1 root root 0 Oct 21 17:34 cpu.uclamp.max -rw-r--r-- 1 root root 0 Oct 21 17:34 cpu.uclamp.min drwxr-xr-x 2 root root 0 Oct 30 14:02 kata_d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56 -rw-r--r-- 1 root root 0 Oct 21 17:34 notify_on_release -rw-r--r-- 1 root root 0 Oct 21 17:34 tasks root@cloud:~# ls /sys/fs/cgroup/cpu/docker/kata_d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56/ cgroup.clone_children cpuacct.usage_all cpuacct.usage_sys cpu.shares notify_on_release cgroup.procs cpuacct.usage_percpu cpuacct.usage_user cpu.stat tasks cpuacct.stat cpuacct.usage_percpu_sys cpu.cfs_period_us cpu.uclamp.max cpuacct.usage cpuacct.usage_percpu_user cpu.cfs_quota_us cpu.uclamp.min root@cloud:~#
root@cloud:~# docker exec -it kata-test mount kataShared on / type virtiofs (rw,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev type tmpfs (rw,nosuid,size=65536k,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666) sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,name=systemd) cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (ro,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/pids type cgroup (ro,nosuid,nodev,noexec,relatime,pids) cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio) mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime) shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k) kataShared on /etc/resolv.conf type virtiofs (rw,relatime) kataShared on /etc/hostname type virtiofs (rw,relatime) kataShared on /etc/hosts type virtiofs (rw,relatime) devpts on /dev/console type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666) proc on /proc/bus type proc (ro,relatime) proc on /proc/fs type proc (ro,relatime) proc on /proc/irq type proc (ro,relatime) proc on /proc/sys type proc (ro,relatime) tmpfs on /proc/timer_list type tmpfs (rw,nosuid,size=65536k,mode=755) tmpfs on /sys/firmware type tmpfs (ro,relatime) root@cloud:~# mount | grep d14f6333c23f4e0c1dfa358ca62d9f2868513614500c39af0d942ee6ff314c56 | grep kataShared root@cloud:~# ps -elf | grep kataShared 0 S root 23650 23522 0 80 0 - 1418 pipe_r 14:19 pts/2 00:00:00 grep --color=auto kataShared root@cloud:~#