Hi,
I want to limit CPUQuota and Memory using "Cgroups". After reading some documents, it seems I need to modify "user.slice" systemd file adding "CPUQuota=25%" (for example) but, after it, if I run a "stress" with other user (not "root"), stress process takes 100% CPU. I have noticed that rebooting system non-root user has % CPU limited... but also root... so is it possible to configure that limits to all users but non root?
Thanks.
On Tue, May 18, 2021 at 08:33:37AM +0000, Gestió Servidors wrote:
I want to limit CPUQuota and Memory using "Cgroups". After reading some documents, it seems I need to modify "user.slice" systemd file adding "CPUQuota=25%" (for example) but, after it, if I run a "stress" with other user (not "root"), stress process takes 100% CPU. I have noticed that rebooting system non-root user has % CPU limited... but also root... so is it possible to configure that limits to all users but non root?
Make sure you also turn on CPUAccounting=true.
Unfortunately, if you put any CPUQuota settings in user.slice, it will apply it as a group to all users (including root). So, every logged in user, in total, will not be able to use more than 25%, not per-user. (so, if two users start stressing the CPU, they'll each only be able to get around 12.5% each)
CentOS 7 doesn't have a mechanism to set per-user CPU quota, that functionality wasn't introduced into a later version of systemd (it does work in CentOS 8, use user-.slice which is a "template" for user-1000.slice, user-1001.slice, user-9999999.slice, etc.)
You can always set the resource control settings per-user by specifically writing a user-1000.slice, user-1001.slice, etc. What I did was write a systemd service that subscribed to the dbus messages for logins and activated the CPUQuota as the user logged in using systemctl --runtime. I had tens of thousands of users logging in via Active Directory, which changed constantly, so I couldn't hard-code anything.
I suggest using the 'systemd-cgtop' command to look at what unit is using resources, it is helpful for debugging.