Open in app

Sign in

Write

Sign in

Managing Cgroups with Systemctl

Arian Fm
2 min readJul 28, 2024

--

we can manage cgroup for each service with systemctl command.

for example , for Nginx webservice we want to add some limitations.

fisrt we need to download it:

debian@debian:~$ sudo apt install nginx

debian@debian:~$ sudo systemctl enable --now nginx

By default, each cgroup on the system has no defined resource limits. The first step in defining them is to enable accounting for CPU usage, memory usage and I/O usage. We could do that by hand-edditing the systemd service file for each service that we want to limit, but its easier to just run a systemctl command like:

debian@debian:~$ sudo systemctl set-property nginx.service MemoryAccounting=1 \ 
CPUAccounting=1 BlockIOAccounting=1

we have just turned on the accounting function for the nginx web server on our debian machine. Now wen we look in the /etc/systemd/system.control/ directory , we will see that we have created an nginx.service.d directory. within that directory are the files that turn on our accounting functions:

debian@debian:/etc/systemd/system.control/nginx.service.d$ ls

50-BlockIOAccounting.conf  50-CPUAccounting.conf  50-MemoryAccounting.conf

inside each file we can see two lines that modify the original nginx.service file in order to turn on accounting.

debian@debian:/etc/systemd/system.control/nginx.service.d$ cat 50-CPUAccounting.conf

# This is a drop-in unit file extension, created via "systemctl set-property"
# or an equivalent operation. Do not edit.
[Service]
CPUAcounting=yes

Now lets say that we want to limit nginx to only 40% of CPU usage and 500 MB of memory usage:

debian@debian:~$ sudo systemctl set-property nginx.service CPUQuota=40% \
MemoryLimit=500M

We can also place resource limits on user accounts. For example , lets limit Arian to 30% of CPU usage and 100MB of memory usage. first we need to get Arian user id :

debian@debian:~$ id arian
uid=1000(arian) gid=1000(arian) groups=1000(arian),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth),117(lpadmin),120(scanner),998(docker)

so his uid is 1000

debian@debian:~$ sudo systemctl set-property user-1000.slice CPUQuota=30% \
MemoryLimit=100M

if we look in the /etc/systemd/system.control/user-1000.slice.d/ directory , we will see that same set of files that were created for nginx service.

Linux
DevOps
Sysadmin
Kernel
Debian

--

--

Arian Fm

Written by Arian Fm

29 Followers

DevOps engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams