Skip to main content

A Game Changer for Containers | cgroups v2

Posted on March 8, 2019 by ChadCrowellChadCrowell

Containers are only increasing in popularity. Here at Linux Academy, we’ve seen an over 30% increase in demand for container-related courses.

Containers help simplify building applications by providing a way to package up the software and all the necessary dependencies and components. This consistency speeds up the development and deployment process to keep up with trends and shift your focus toward adding value to your end users as opposed to maintaining disparate systems.

Linux Control Groups (cgroups)

Part of the magic that allows multiple containers to run on the same operating system is called Linux Control Groups (cgroups). Cgroups limit the amount of resources a process can consume (CPU, memory, network bandwidth, etc.) and as far as the container knows, it’s running on an independent machine. More importantly, this container can’t hog all the resources reserved for other containers.

Cgroups have been around for a while (since Linux kernel 2.6.24) and since its inception, there had spawned a whole new version that added features and functionality. Unfortunately, the new version, even though superior to the previous, was never adopted. To this day, version 1 is still enabled in the kernel by default. Fedora hopes to change that and has announced it will be shipping Fedora 31 with cgroups version 2 enabled by default.

In forcing users to use cgroups version 2, Fedora “believes the time is right to try to move these tools along to take advantage of this kernel feature,” as the change proposal states.

Why a New Version

The game changer is the unified hierarchy that version 2 provides. Version 1 allowed an arbitrary number of hierarchies, and each hierarchy could host any number of controllers. Providing a unified hierarchy will update controllers so that they expose minimal and consistent interfaces. Fedora says by doing so, it will allow tools like podman to be able to use cgroups in rootless mode.

Other improvements include helping to define clear boundaries between API exposed to individual applications and system management interface. Also, version 2 will change how an empty cgroup is notified, helping event delivery. As The Linux Unplugged podcast mentioned in episode 289, one of the benefits for memory is that you can have separate memory killers so you can make sure that even if your Java application goes crazy, the kernel will never accidentally shoot SSH by mistake. Also in that episode, Neil has some interesting things to say about cgroups configured in hybrid mode.

Where to Learn More

With all these improvements, it will benefit systemd, Docker, and many application developers. Check out the kernel documentation for control groups v2 and if you’d like to learn more about how to leverage this new improvement to the kernel, check out the hands-on containers training content at Linux Academy.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *