On Tue, May 18, 2021 at 08:33:37AM +0000, Gesti? Servidors
wrote:> I want to limit CPUQuota and Memory using "Cgroups". After
reading
> some documents, it seems I need to modify "user.slice" systemd
file
> adding "CPUQuota=25%" (for example) but, after it, if I run a
> "stress" with other user (not "root"), stress process
takes 100%
> CPU. I have noticed that rebooting system non-root user has % CPU
> limited... but also root... so is it possible to configure that
> limits to all users but non root?
Make sure you also turn on CPUAccounting=true.
Unfortunately, if you put any CPUQuota settings in user.slice, it will
apply it as a group to all users (including root). So, every logged
in user, in total, will not be able to use more than 25%, not
per-user. (so, if two users start stressing the CPU, they'll each
only be able to get around 12.5% each)
CentOS 7 doesn't have a mechanism to set per-user CPU quota, that
functionality wasn't introduced into a later version of systemd (it
does work in CentOS 8, use user-.slice which is a "template" for
user-1000.slice, user-1001.slice, user-9999999.slice, etc.)
You can always set the resource control settings per-user by
specifically writing a user-1000.slice, user-1001.slice, etc.
What I did was write a systemd service that subscribed to the dbus
messages for logins and activated the CPUQuota as the user logged in
using systemctl --runtime. I had tens of thousands of users logging
in via Active Directory, which changed constantly, so I couldn't
hard-code anything.
I suggest using the 'systemd-cgtop' command to look at what unit is
using resources, it is helpful for debugging.
--
Jonathan Billings <billings at negate.org>