Hello all,
I am in an academic environment here, and lots of poor code gets written
and then run. Memory leaks are a constant problem. So with RHEL6, I used
cgconfig and cgred to create 3 cgroups partitions:
/students: 80 CPU ticks, 80% of available memory total
/staff: 10 CPU ticks
/system: 10 CPU ticks
Everyone in groups "grad", "ugrad", "visitor", etc all got put into
/students. Anyone in @staff got put into the staff cgroup, and all the
rest went into /system.
The main goal was that no single user can hog all of the memory and kill
off system/sysadmin processes. I believe I have achieved this with systemd:
[root@example ~]# cat
/etc/systemd/system/system.slice.d/systemcpureserve.conf
[Slice]
CPUShares=10
[root@example ~]# cat /etc/systemd/system/user.slice.d/limitusers.conf
[Slice]
CPUShares=80
MemoryLimit=14G
But the other benefit that my cgred setup had was that no single user
could also use more than 50% of the available memory, so that one user
was less likely to kill other people's processes if the OOM was invoked.
This is in addition to the group constraint. Said another way - I don't
want one bad apple user in user.slice to be able to kill off every other
process in user.slice. I also want anyone in the group @staff to be
exempt from these memory limits, like in my setup for 6. It was nice to
be able to SSH in to an otherwise overloaded machine as myself and see
what was going on. In this solution above, root is put into user.slice
and is bound by the same resource limits as the students.
As far as I can tell, systemd-logind when included through PAM, only
makes a cgroup like "user-<uid>" under the user slice. But I am looking
to make this based not only on user ID, but also group ID. Is there any
way to achieve all of this within systemd? I guess there is an option of
doing something like this:
[root@prometheus system]# cat /etc/systemd/system/user-0.slice
[Slice]
CPUShares=10
MemoryLimit=16G
But I'm not even sure that would work (since user.slice limit is only
14G), let alone that I would need to create one of them for every UID of
every sysadmin on our network? And still, how to make sure that each
person can never use more than 50% of total system memory, while still
reserving 10%-20% of the overall resources for system/sysadmin functions.
Any help would be appreciated!
Thanks,
Ben
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
