Hello, On Thu, Mar 05, 2020 at 02:13:58PM +0100, Benjamin Berg wrote: > A major discussion point seemed to be that cgroups should be grouped by > their resource management needs rather than a logical hierarchy. I > think that the resource management needs actually map well enough to > the logical hierarchy in our case. The hierarchy looks like: Yeah, the two layouts share a lot of commonalities in most cases. It's not like we usually wanna distribute resources completely unrelated to how the system is composed logically. > root > / \ > system.slice user.slice > / | | \ > cron journal user-1000.slice user-1001.slice > | \ > user@1000.service [SAME] > | | > apps.slice session.slice > | | > unprotected protected > ... > I think this actually makes sense. Both from an hierarchical point of > view and also for configuring resources. In particular the user-.slice > layer is important, because this grouping allows us to dynamically > adjust resource management. The obvious thing we can do there is to > prioritise the currently active user while also lowering resource > allocations for inactive users (e.g. graphical greeter still running in > the background). Changing memory limits dynamically can lead to pretty abrupt system behaviors depending on how big the swing is but memory.low and io/cpu weights should behave fine. > Note, that from my point of view the scenario that most concerns me is > a resource competition between session.slice and its siblings. This > makes the hierarchy above even less important; we just need to give the > user enough control to do resource allocations within their own > subtree. > > So, it seems to me that the suggested mount option should work well in > our scenario. Sounds great. In our experience, what would help quite a lot is using per-application cgroups more (e.g. containing each application as user services) so that one misbehaving command can't overwhelm the session and eventually when oomd has to kick in, it can identify and kill only the culprit application rather than the whole session. Thanks. -- tejun
