What is a container ?
A container is a basic tool, consisting of any device creating a partially or fully enclosed space that can be used to contain, store, and transport objects or materials. In commerce, it includes "any receptacle or enclosure for holding a product used in packaging and shipping". Things kept inside of a container are protected by being inside of its structure.
Humans have used containers for at least 100,000 years, and possibly for millions of years. The first containers were probably invented for storing food, allowing early humans to preserve more of their food for a longer time, to carry it more easily, and to protect it from other animals. The development of food storage containers was "of immense importance to the evolving human populations", and "was a totally innovative behavior" not seen in other primates.
- Control Groups
Veryyyyy simple ?
Control Groups Features
Manage resources for a collection of processes
|Resource limit||Groups can be set to not exceed a memory limit, including file system cache|
|Prioritization||some groups may get a larger share of CPU utilization or disk I/O throughput|
|Accounting||Accounting – measures a group's resource usage, which may be used, for example, for billing purposes|
|Control||freezing groups of processes, checkpointing and restarting|
|Cgroups was originally written by Paul Menage et al. and mainlined into the Linux kernel in 2007. Afterwards this is called cgroups version 1.||Then development and maintenance of cgroups was taken over by Tejun Heo. Tejun Heo redesigned and rewrote cgroups. This rewrite is now called version 2, the documentation of cgroups-v2 first appeared in Linux kernel 4.5 released on March 14, 2016.|
Unlike v1, cgroups-v2 has only a single process hierarchy and discriminates between processes, not threads.
We'll see v1, because docker and lxc which this focuses on use v1.
A cgroup associates a set of tasks with a set of parameters for one or more subsystems.
A subsystem is a module that makes use of the task grouping facilities provided by cgroups to treat groups of tasks in particular ways. A subsystem is typically a "resource controller" that schedules a resource or applies per-cgroup limits, but it may be anything that wants to act on a group of processes, e.g. a virtualization subsystem.
|cpuset||individual CPU and memory nodes|
|freezer||freeze, checkpoint, continue processes|
|blkio||proportional disk time|
|net_cls||tag network packets for tc or netfilter|
|net_prio||priority on each interface|
|devices||open and mknod on device files|
|hugetlb||huge page usage|
|cpuacct||cpu usage accounting|
A hierarchy is a set of cgroups arranged in a tree, such that every task in the system is in exactly one of the cgroups in the hierarchy, and a set of subsystems; each subsystem has system-specific state attached to each cgroup in the hierarchy. Each hierarchy has an instance of the cgroup virtual filesystem associated with it.
At any one time there may be multiple active hierarchies of task cgroups. Each hierarchy is a partition of all tasks in the system.
(cgroup-v2 has only one hierarchy)
- Using the cgroup filesystem directly (examples in linux/Documentation/cgroup-v1/)
- LXC, Docker, Playpen, systemd ...
- mnt: mount points
- pid: processes
- net: network stack
- ipc: System V IPC
- uts: hostnames
- user: uids
- Bullet One
- Bullet Two
- Bullet Three
By James Pic