Setting up cgroups on Ubuntu 14.04

Published by Frank Solli on

Cgroups on Ubuntu 14.04

Frank Solli

This is a summary of what you can do in order to get Cgroups working on Ubuntu 14.04. Some init scripts have been modified in order to get the userland tools up and running. This guide will make you install the dependencies, place the necessary configuration files, making changes to the init scripts of the userland tools for cgroups.

Install dependencies:

apt-get install cgroup-bin cgroup-lite libcgroup1

cgconfigparser is the program that needs to run in order to set up the configuration put in cgconfig.conf. this program does not start at startup, but it should (create a init script or place in cgroup-lite config script, a sample is located in this post) cgroup-lite service needs to run for cgconfigparser to run correctly cgroup-lite is responsible for mounting the cgroups. It is also possible to manage cgroups with cgexec(1) and mkdir(1), this article wont cover that, but configuration of cgconfig.conf and cgrules.conf

service cgroup-lite start
cgconfigparser -l /etc/cgconfig.conf

cgrulesengd needs to run in order to enforce cgroups policy, it is not started automatically. A init script for cgrulesengd should be created. Start the cgrulesengd with this command:

	cgrulesengd -d -f /tmp/debug.log

Cgrules sample:

# cat /etc/cgrules.conf 
# /etc/cgrules.conf
#Each line describes a rule for a user in the forms:
#  can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for any user or group.
#        - The %, which is equivalent to "ditto". This is useful for
#          multiline rules where different cgroups need to be specified
#          for various hierarchies for a single user.
#  is optional and it can be:
#	 - a process name
#	 - a full command path of a process
#  can be:
# 	 - comma separated controller names (no spaces)
# 	 - * (for all mounted controllers)
#  can be:
# 	 - path with-in the controller hierarchy (ex. pgrp1/gid1/uid1)
# Note:
# - It currently has rules based on uids, gids and process name.
# - Don't put overlapping rules. First rule which matches the criteria
#   will be executed.
# - Multiline rules can be specified for specifying different cgroups
#   for multiple hierarchies. In the example below, user "peter" has
#   specified 2 line rule. First line says put peter's task in test1/
#   dir for "cpu" controller and second line says put peter's tasks in
#   test2/ dir for memory controller. Make a note of "%" sign in second line.
#   This is an indication that it is continuation of previous rule.
#john          cpu		usergroup/faculty/john/
#john:cp       cpu		usergroup/faculty/john/cp
#@student      cpu,memory	usergroup/student/
#peter	       cpu		test1/
#%	       memory		test2/
#@root	    	*		admingroup/
#*		*		default/
# End of file
frank:/home/frank/mem-limit        memory           limitgroup/

frank        memory           limitgroup/
#for all commands

The file /etc/cgconfig.conf

group limitgroup {
perm {
admin {
uid = root;
gid = root;
task {
uid = 1002;
gid = 1002;
cpu {
cpu.shares = "768";
memory {
memory.limit_in_bytes = "30000000";

Now start cgrulesengd with debug and see that everything works as expected

root@vagrant:/etc# cgrulesengd -d -f /tmp/hei.log

tail /tmp/hei.log

CGroup Rules Engine Daemon log started
Current time: Thu May 7 13:16:35 2015

Opened log file: /tmp/hei.log, log facility: 0, log level: 7
Proceeding with PID 5036
Rule: frank:*
UID: 1002
DEST: limitgroup/

Create the cgrulesengd.conf file in /etc/init/

root@vagrant:/etc/init# cat cgrulesengd.conf
# cgrulesengd

description "cgrulesengd"
author "Serge Hallyn <>"

start on started cgroup-lite
stop on stopped cgroup-lite

pre-start script
test -x /usr/sbin/cgrulesengd || { stop; exit 0; }
end script

# get default options
if [ -r "/etc/default/cgrulesengd" ]; then
. /etc/default/cgrulesengd

# Don't run if no configuration file
if [ ! -s "$CGRED_CONF" ]; then
echo "Cgred unconfigured"
exit 0

# Make sure the kernel supports cgroups
# This check is retained from the original sysvinit job, but should
# be superfluous since we depend on cgconfig running, which will
# have mounted this.
grep -q "^cgroup" /proc/mounts || { stop; exit 0; }

exec /usr/sbin/cgrulesengd --nodaemon $OPTIONS
end script

Now create the init script

root@vagrant:~# cat /etc/init/cgroup-lite.conf
description "mount available cgroup filesystems"
author "Serge Hallyn <>"

start on mounted MOUNTPOINT=/sys/fs/cgroup

pre-start script
test -x /bin/cgroups-mount || { stop; exit 0; }
test -d /sys/fs/cgroup || { stop; exit 0; }
/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
end script

post-stop script
if [ -x /bin/cgroups-umount ]
end script

Resources and further reading:

Tags: cgroupsubuntu.