How to limit an entire user to less than 10% of cpu, not just process?
Have you tried Cgroups?
- Install the service
sudo yum install libcgroupand start itsudo service cgconfig start. - After which view the subsystem configuration for the cgroups by
running
sudo ls /cgroup
Create a cgroup named limitcpu. Lines that start with group create cgroups and set subsystem parameters.
Example /etc/cgconfig.conf:
group limitcpu{
cpu {
cpu.shares = 200;
# cpu.cfs_period_us
# cpu.cfs_quota_us
}
memory {
}
}
For CPU limiting there are a couple of tunable parameters that you can use to limit blatant CPU usage
If tasks in a cgroup should be able to access a single CPU for 0.1 (10%) seconds out of every 1 second, set cpu.cfs_quota_us to 100000 and cpu.cfs_period_us to 1000000.
Cgred is a service (which starts the cgrulesengd service) that moves tasks into cgroups according to parameters set in the /etc/cgrules.conf file. Entries in the /etc/cgrules.conf file can take one of these two forms:
user subsystems control_group
user:command subsystems control_group
Where user with a user name or a group name prefixed with the "@" character. Replace subsystems with a comma‑separated list of subsystem names, control_group represents a path to the cgroup, and command stands for a process name or a full command path of a process.
Example etc/cgrules.conf:
*:firefox cpu,memory browsers/
@admin:memhog memory limitmem/
cpuhog cpu limitcpu/
firefoxprocesses run by any user will be automatically added to the browserscgroupand limited in cpu and memory subsystems.memhogprocesses run by anyone in theadmingroup will be added to the cgrouplimitmemand limited in memory subsystem.- Your user,
cpuhog, will be added to cgroup 'limitcpu' and limited in cpu subsystems.
In advance use cases, you can try utilizing a template instead.
For example, specify the following template in /etc/cgconfig.conf:
template users/%g/%u {
cpuacct{
}
cpu {
cpu.shares = "1000";
}
}
Then use the users/%g/%u template in the third row of a /etc/cgrules.conf entry, which can look as follows:
peter:ftp cpu users/%g/%u
The %g and %u variables used above are automatically replaced with group and user name depending on the owner of the ftp process.
If the process belongs to peter from the adminstaff group, the above path is translated to users/adminstaff/peter.
The cgred service then searches for this directory, and if it does not exist, cgred creates it and assigns the process to users/adminstaff/peter/tasks.
Note that template rules apply only to definitions of templates in configuration files, so even if "group users/adminstaff/peter" was defined in /etc/cgconfig.conf, it would be ignored in favor of "template users/%g/%u".
Tutorial by Digital Ocean.
Introduction to Control Groups.