[systemd-devel] Restricting swap usage for a process managed via systemd

Debraj Manna subharaj.manna at gmail.com
Thu Jul 8 11:40:44 UTC 2021 

Thanks Mantas for replying.

I have made the below changes.

Added systemd.unified_cgroup_hierarchy=1 in /etc/default/grub ran sudo
update-grub and rebooted the node.

GRUB_CMDLINE_LINUX="audit=1 rootdelay=180 nousb net.ifnames=0 biosdevname=0
fsck.mode=force fsck.repair=yes ipv6.disable=1
systemd.unified_cgroup_hierarchy=1"

Even after making these changes MemorySwapMax not taking into effect.

support at vrni-platform:~$ cat /proc/cmdline
BOOT_IMAGE=/vmlinuz-4.15.0-143-generic root=/dev/mapper/vg-root ro
audit=1 rootdelay=180 nousb net.ifnames=0 biosdevname=0
fsck.mode=force fsck.repair=yes ipv6.disable=1
systemd.unified_cgroup_hierarchy=1 audit=1

support at vrni-platform:~$ findmnt
TARGET                       SOURCE                       FSTYPE     OPTIONS
/                            /dev/mapper/vg-root          ext4
rw,relatime,errors=panic,data=ordered
├─/sys                       sysfs                        sysfs
rw,nosuid,nodev,noexec,relatime
│ ├─/sys/kernel/security     securityfs                   securityfs
rw,nosuid,nodev,noexec,relatime
│ ├─/sys/fs/cgroup           cgroup                       cgroup2
rw,nosuid,nodev,noexec,relatime,nsdelegate
│ ├─/sys/fs/pstore           pstore                       pstore
rw,nosuid,nodev,noexec,relatime
│ ├─/sys/kernel/config       configfs                     configfs   rw,relatime
│ ├─/sys/fs/fuse/connections fusectl                      fusectl    rw,relatime
│ └─/sys/kernel/debug        debugfs                      debugfs    rw,relatime
├─/proc                      proc                         proc
rw,nosuid,nodev,noexec,relatime
│ └─/proc/sys/fs/binfmt_misc systemd-1                    autofs
rw,relatime,fd=28,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1935
├─/dev                       udev                         devtmpfs
rw,nosuid,relatime,size=8182012k,nr_inodes=2045503,mode=755
│ ├─/dev/pts                 devpts                       devpts
rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000
│ ├─/dev/shm                 tmpfs                        tmpfs
rw,nosuid,nodev,noexec
│ ├─/dev/hugepages           hugetlbfs                    hugetlbfs
rw,relatime,pagesize=2M
│ └─/dev/mqueue              mqueue                       mqueue     rw,relatime
├─/run                       tmpfs                        tmpfs
rw,nosuid,noexec,relatime,size=1642560k,mode=755
│ ├─/run/lock                tmpfs                        tmpfs
rw,nosuid,nodev,noexec,relatime,size=5120k
│ ├─/run/rpc_pipefs          sunrpc                       rpc_pipefs rw,relatime
│ ├─/run/shm                 none                         tmpfs
rw,nosuid,nodev,noexec,relatime
│ ├─/run/user/116            tmpfs                        tmpfs
rw,nosuid,nodev,relatime,size=1642556k,mode=700,uid=116,gid=122
│ ├─/run/user/998            tmpfs                        tmpfs
rw,nosuid,nodev,relatime,size=1642556k,mode=700,uid=998,gid=998
│ ├─/run/user/118            tmpfs                        tmpfs
rw,nosuid,nodev,relatime,size=1642556k,mode=700,uid=118,gid=124
│ ├─/run/user/1001           tmpfs                        tmpfs
rw,nosuid,nodev,relatime,size=1642556k,mode=700,uid=1001,gid=1001
│ └─/run/user/121            tmpfs                        tmpfs
rw,nosuid,nodev,relatime,size=1642556k,mode=700,uid=121,gid=127
├─/boot                      /dev/sda1                    ext4
rw,relatime,data=ordered
├─/tmp                       /dev/mapper/vg-tmp           ext4
rw,nosuid,nodev,relatime,data=ordered
├─/home                      /dev/mapper/vg-home          ext4
rw,nodev,relatime,data=ordered
└─/var                       /dev/mapper/vg-var           ext4
rw,relatime,errors=panic,data=ordered
  ├─/var/log                 /dev/mapper/vg-var+log       ext4
rw,relatime,data=ordered
  │ └─/var/log/audit         /dev/mapper/vg-var+log+audit ext4
rw,relatime,data=ordered
  └─/var/tmp                 /dev/mapper/vg-tmp           ext4
rw,nosuid,nodev,relatime,data=ordered
support at vrni-platform:~$

Any other suggestions?


On Mon, Jul 5, 2021 at 1:46 AM Mantas Mikulėnas <grawity at gmail.com> wrote:

> Looks like your Ubuntu version is using the "hybrid" cgroup mode by
> default. Cgroup v2 is indeed *enabled* in your kernel, but not necessarily
> *in use* – in the hybrid mode, systemd still mounts all resource
> controllers (cpu, memory, etc.) in v1 mode and only sets up its own process
> tracking in the v2 tree. See `findmnt`.
>
> You could boot with the systemd.unified_cgroup_hierarchy=1 kernel option
> to switch everything to cgroups v2, but if you're using container software
> (docker, podman) make sure those are cgroups v2-compatible.
>
> On Sun, Jul 4, 2021 at 10:36 AM Debraj Manna <subharaj.manna at gmail.com>
> wrote:
>
>> Hi
>>
>> I am trying to restrict the swap usage of a process using MemorySwapMax as
>> mentioned in the doc
>> <http://manpages.ubuntu.com/manpages/bionic/man5/systemd.resource-control.5.html> with
>> Ubuntu 18.04.
>>
>> Environment
>> ------------
>>
>> ubuntu at vrni-platform:/usr/lib/systemd/system$ uname -a
>> Linux vrni-platform 4.15.0-143-generic #147-Ubuntu SMP Wed Apr 14 16:10:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
>>
>> ubuntu at vrni-platform:/usr/lib/systemd/system$ systemctl --version
>> systemd 237
>> +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid
>>
>> My systemd unit file looks like below
>>
>> [Unit]
>> Description=My service
>> After=network.target
>> StartLimitIntervalSec=0
>> [Service]
>> Type=simple
>> Restart=always
>> RestartSec=1
>> User=support
>> MemoryMax=2000M
>> KillMode=process
>> MemoryAccounting=true
>> OOMScoreAdjust=1000
>> MemorySwapMax=1M
>> ExecStart=/usr/bin/java -cp /home/support -XX:NativeMemoryTracking=summary -Xmx10000m MemoryConsumer 100 200 1
>>
>> MemoryMax is working as expected but MemorySwapMax seems to be not taking effect and I am seeing the process, MemoryConsumer still using swap more than the one specified in MemorySwapMax,
>>
>> MemorySwapMax documentation states "This setting is supported only if the unified control group hierarchy is used and disables MemoryLimit=."
>>
>> As mentioned here <https://unix.stackexchange.com/a/471495/364181> I can see cgroup v2 enabled on my setup.
>>
>> ubuntu at vrni-platform:/tmp/tuk$ sudo mount -t cgroup2 none /tmp/tuk
>> ubuntu at vrni-platform:/tmp/tuk$ ls -l /tmp/tuk/
>> total 0
>> -r--r--r--  1 root root 0 Jul  2 17:13 cgroup.controllers
>> -rw-r--r--  1 root root 0 Jul  2 17:13 cgroup.max.depth
>> -rw-r--r--  1 root root 0 Jul  2 17:13 cgroup.max.descendants
>> -rw-r--r--  1 root root 0 Jun 30 14:42 cgroup.procs
>> -r--r--r--  1 root root 0 Jul  2 17:13 cgroup.stat
>> -rw-r--r--  1 root root 0 Jul  2 17:13 cgroup.subtree_control
>> -rw-r--r--  1 root root 0 Jul  2 17:13 cgroup.threads
>> drwxr-xr-x  2 root root 0 Jun 30 14:42 init.scope
>> drwxr-xr-x 87 root root 0 Jul  2 15:05 system.slice
>> drwxr-xr-x  7 root root 0 Jun 30 15:22 user.slice
>> ubuntu at vrni-platform:/tmp/debraj$ sudo umount /tmp/tuk
>>
>> Can someone suggest what configuration I am missing?
>>
>>
>> _______________________________________________
>> systemd-devel mailing list
>> systemd-devel at lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>>
>
>
> --
> Mantas Mikulėnas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210708/d2bbd176/attachment-0001.htm>

More information about the systemd-devel mailing list