Centos7 - systemd

最後更新: 2016-08-03

目睹

  •  cgroup 的 mount point
  •  systemd unit types
  •  Resource
  •  service unit file (Persistent Cgroups)
  •  Check status
  •  systemd-run
  •  建立 Unit 及 CPUShares Test
  •  Cheat List

 


cgroup 的 mount point

 

# 找出 cgroup 的 mount point

grep ^cgroup /proc/mounts

cgroup /sys/fs/cgroup/systemd cgroup 
       rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0
cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0
cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,hugetlb 0 0
cgroup /sys/fs/cgroup/net_cls cgroup rw,nosuid,nodev,noexec,relatime,net_cls 0 0
cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,perf_event 0 0
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpuacct,cpu 0 0
cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0
cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0

* mounted automatically by systemd

# 列出 cgroup 的結構

systemd-cgls

├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
├─user.slice
│ └─user-0.slice
│   ├─session-634.scope
│   │ ├─31772 sshd: root@pts/0
│   │ ├─31777 -bash
│   │ ├─31961 systemd-cgls
│   │ └─31962 systemd-cgls
│   └─session-629.scope
│     ├─31530 /usr/sbin/CROND -n
│     ├─31536 /bin/bash /usr/share/clamav/freshclam-sleep
│     └─31551 sleep 765
└─system.slice
  ├─crond.service
  │ └─1064 /usr/sbin/crond -n
  ├─httpd.service
  │ ├─ 1059 /usr/sbin/httpd -DFOREGROUND
  │ ├─ 2499 vlogger (access log
  │ ├─ 2500 /usr/sbin/httpd -DFOREGROUND
  │ ├─ 5718 /usr/bin/php-cgi -d magic_quotes_gpc=off -d session.save_path=/usr/local/ispconfig/interface/temp
  │ ├─ 5720 /usr/bin/php-cgi -d magic_quotes_gpc=off -d session.save_path=/usr/local/ispconfig/interface/temp
  │ ├─ 6295 /usr/bin/php-cgi -d magic_quotes_gpc=off -d session.save_path=/usr/local/ispconfig/interface/temp
  │ ├─ 6299 /usr/bin/php-cgi -d magic_quotes_gpc=off -d session.save_path=/usr/local/ispconfig/interface/temp
  │ ├─27942 /usr/sbin/httpd -DFOREGROUND
  │ ├─30116 /usr/sbin/httpd -DFOREGROUND
  │ ├─30502 /usr/sbin/httpd -DFOREGROUND
  │ ├─31192 /usr/sbin/httpd -DFOREGROUND
.......................

 


systemd unit types

 

Types:

  • Service
  • Scope
  • Slice

Service [name.service]

# 用 unit configureation file 啟動的 proccess

i.e.

/usr/lib/systemd/system/httpd.service

Scope [name.scope]

# A group of externally created processes ( fork() function )

 *  all user sessions are automatically placed in a separated scope unit,

     as well as virtual machines and container processes.

Slice [parent-name.slice]

# Slices do not contain processes, they organize a hierarchy in which scopes and services are placed.

(The actual processes are contained in scopes or in services)

Default 有的 slice

1. root slice called "-.slice"

2. system.slice (the default place for all system services)

3. user.slice (the default place for all user sessions)

4. machine.slice (the default place for all virtual machines and Linux containers)

 


Resource

 

CPUShares: by default at 1024,

MemoryLimit: by default without limit (Unit: K, M, G)

BlockIOWeight: By default 1000 (Value: 10 ~ 1000)

StartupCPUShares and StartupBlockIOWeight:

they work like CPUShares and BlockIOWeight but only apply during system startup.

CPUQuota:

it restricts CPU time to the specified percentage, even if the machine is otherwise idle.

 


service unit file (Persistent Cgroups)

 

# Default 的 Unit file 設定

在目錄 /usr/lib/systemd/system/ 內有不同 Service 的 Unit File

/usr/lib/systemd/system/httpd.service

..............

# To assign the Apache service 800 CPU shares
[Service]

CPUShares=800

MemoryLimit=500M

# a path to a block device node
# allows to limit a specific bandwidth for a unit
# the blkio resource controller does not support buffered write operations.
# Implies "BlockIOAccounting=yes"
# 它要指定 partition
BlockIOReadBandwith=/ 5M
BlockIOWriteBandwidth=/ 5M

# Changing Low-level Cgroup Attributes
ControlGroupAttribute=memory.swappiness 70

# reload systemd's configuration

systemctl daemon-reload

# restart Apache so that the modified

systemctl restart httpd.service

Remark 沒有 "systemctl daemon-reload" 時會見到

Warning: httpd.service changed on disk. Run 'systemctl daemon-reload' to reload units.

# 由 command 設定

# 它是直接有效, 不用 "systemctl daemon-reload" 及 "systemctl restart httpd", Reboot 後依然有效 !!

systemctl set-property httpd.service MemoryLimit=300M

systemctl set-property httpd.service CPUShares=800

systemctl set-property httpd.service BlockIOReadBandwith='/ 5M'

# Limit Swap

systemctl set-property httpd.service ControlGroupAttribute="memory.swappiness 30"

systemctl set-property httpd.service ControlGroupAttribute="memory.memsw.limit_in_bytes 524288000"

此 command 會建立

/etc/systemd/system/httpd.service.d/50-MemoryLimit.conf

[Service]
MemoryLimit=314572800

 


Check status

 

# list all active units on the system

systemctl [list-units]

Column

LOAD — indicates if the unit configuration file was properly loaded.
ACTIVE — the high-level unit activation state, which is a generalization of SUB.
SUB — the low-level unit activation state.

... loaded active running ...

# display detailed information about a system unit

systemctl status httpd

  Drop-In: /etc/systemd/system/httpd.service.d
           └─50-CPUShares.conf, 50-MemoryLimit.conf

# a cgroup tree of the memory resource controller

systemd-cgls memory

memory:
├─   1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
├─1382 /sbin/agetty --noclear tty1 linux
├─user.slice
│ ├─24215 sshd: root@pts/0
│ ├─24221 -bash
│ ├─25579 systemd-cgls memory
│ └─25580 systemd-cgls memory
└─system.slice
  ├─pure-ftpd.service
  │ └─739 pure-ftpd (SERVER)
...

# Tasks   %CPU   Memory  Input/s Output/s

systemd-cgtop

# To get the current CPUShares service

systemctl show -p CPUShares httpd.service

CPUShares=???

# -p, --property=     comma-separated list

# systemctl show will show all available properties.

systemctl show -p MemoryLimit

# Unit: bytes

MemoryLimit=???

 


systemd-run

 

start a transient service or scope unit and run a custom command in this unit.

Usage

systemd-run --unit=unit_name --scope --slice=slice_name command

optional:

--unit         # not specified => a unit name will be generated automatically
--scope        # Default: service (running in the background)
--slice        # Default: system.slice

i.e.

systemd-run --unit=dd-test dd if=/dev/mapper/centos-root of=/dev/null

systemctl status dd-test

● dd-test.service - /usr/bin/dd if=/dev/mapper/centos-root of=/dev/null
   Loaded: loaded (/run/systemd/system/dd-test.service; static; vendor preset: disabled)
  Drop-In: /run/systemd/system/dd-test.service.d
           └─50-Description.conf, 50-ExecStart.conf
   Active: active (running) since Thu 2016-08-04 10:01:59 HKT; 1min 2s ago
 Main PID: 3403 (dd)
   Memory: 323.5M
   CGroup: /system.slice/dd-test.service
           └─3403 /usr/bin/dd if=/dev/mapper/centos-root of=/dev/null

"static" => does not have permanent unit configuration

# 設定 runtime value

Transient cgroups are released automatically as soon as the processes they contain finish.

systemctl set-property --runtime unit_name property=value

i.e.

# 1Mbyte/s

systemctl set-property --runtime dd-test BlockIOReadBandwidth='/dev/mapper/centos-root 1M'

# 查看 dd status

kill -USR1 $(pgrep ^dd)

# To terminate unit

systemctl kill dd-test.service

systemctl status dd-test

● dd-test.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

 


Test: 建立 Unit 去測試 CPUShares

 

/etc/systemd/system/sha1sum.service

[Unit]
Description=The sha1sum service that does nothing useful
After=remote-fs.target nss-lookup.target

[Service]
ExecStart=/usr/bin/sha1sum /dev/zero
ExecStop=/bin/kill -WINCH ${MAINPID}

[Install]
WantedBy=multi-user.target

/etc/systemd/system/md5sum.service

[Unit]
Description=The md5sum service that does nothing useful
After=remote-fs.target nss-lookup.target

[Service]
ExecStart=/usr/bin/md5sum /dev/zero
ExecStop=/bin/kill -WINCH ${MAINPID}

[Install]
WantedBy=multi-user.target

systemctl start md5sum

systemctl start sha1sum

systemctl set-property md5sum CPUShares=700

systemctl set-property sha1sum CPUShares=300

# 找出它們的 pid

systemctl show md5sum | grep MainPID

systemctl show md5sum | grep MainPID

# 查看 CPU 情況

ps -p 2662,2668 -o pid,comm,cputime,%cpu

  PID COMMAND             TIME %CPU
 2662 md5sum          02:01:35 69.7
 2668 sha1sum         00:52:32 30.1

 


Cheat List

 

systemctl set-property httpd.service MemoryLimit=300M

systemctl set-property httpd.service CPUShares=800

systemctl set-property httpd.service BlockIOReadBandwith='/ 5M'

systemctl set-property httpd.service ControlGroupAttribute="memory.swappiness 30"

systemctl set-property httpd.service ControlGroupAttribute="memory.memsw.limit_in_bytes 524288000"

 


user sessions

 

user-1000.slice

 


Other

 

machinectl - used to introspect and control the state of the systemd(1) virtual machine and container registration manager systemd-machined.service

 


Doc

 

https://www.freedesktop.org/software/systemd/man/systemd.directives.html

man systemd.exec

man systemd.resource-control

man systemd-system.conf