we can manage cgroup for each service with systemctl command.
for example , for Nginx webservice we want to add some limitations.
fisrt we need to download it:
debian@debian:~$ sudo apt install nginx
debian@debian:~$ sudo systemctl enable --now nginx
By default, each cgroup on the system has no defined resource limits. The first step in defining them is to enable accounting for CPU usage, memory usage and I/O usage. We could do that by hand-edditing the systemd service file for each service that we want to limit, but its easier to just run a systemctl command like:
debian@debian:~$ sudo systemctl set-property nginx.service MemoryAccounting=1 \
CPUAccounting=1 BlockIOAccounting=1
we have just turned on the accounting function for the nginx web server on our debian machine. Now wen we look in the /etc/systemd/system.control/ directory , we will see that we have created an nginx.service.d directory. within that directory are the files that turn on our accounting functions:
debian@debian:/etc/systemd/system.control/nginx.service.d$ ls
50-BlockIOAccounting.conf 50-CPUAccounting.conf 50-MemoryAccounting.conf
inside each file we can see two lines that modify the original nginx.service file in order to turn on accounting.
debian@debian:/etc/systemd/system.control/nginx.service.d$ cat 50-CPUAccounting.conf
# This is a drop-in unit file extension, created via "systemctl set-property"
# or an equivalent operation. Do not edit.
[Service]
CPUAcounting=yes
Now lets say that we want to limit nginx to only 40% of CPU usage and 500 MB of memory usage:
debian@debian:~$ sudo systemctl set-property nginx.service CPUQuota=40% \
MemoryLimit=500M
We can also place resource limits on user accounts. For example , lets limit Arian to 30% of CPU usage and 100MB of memory usage. first we need to get Arian user id :
debian@debian:~$ id arian
uid=1000(arian) gid=1000(arian) groups=1000(arian),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth),117(lpadmin),120(scanner),998(docker)
so his uid is 1000
debian@debian:~$ sudo systemctl set-property user-1000.slice CPUQuota=30% \
MemoryLimit=100M
if we look in the /etc/systemd/system.control/user-1000.slice.d/ directory , we will see that same set of files that were created for nginx service.