3

When some cpu-intensive processes are running on the server, chances are that we could not log in to this machine with error 'operation timeout' via ssh command.

According to this post answered by peterph, there should be a way to guarantee sshd service on any circumstances. But I just don't know how to create a group for sshd, give it some non-negligible CPU time share, and give this "remote access" processes much higher CPU share then the rest.

Could anyone tell me how can I configure it in /etc/cgconfig.conf and /etc/cgrules.conf? Many thanks.

Community
  • 1
KAs
  • 205
  • 1
  • 2
  • 8

1 Answers1

3

Did you try the man pages? Both cgconfig.conf(5) and cgrules.conf(5) have nice examples, it shouldn't be difficult modifying those to match your needs. You will probably want to start from something like (be warned I have not tested it):

In /etc/cgrules.conf:

root:sshd       *               sshdcg/
*               *               default/

and /etc/cgconfig.conf:

mount {
    cpu = /mnt/cgroups/cpu;
    cpuacct = /mnt/cgroups/cpu;
}

group sshdcg {
    cpu {
        cpu.shares = "128";
    }
}

Remember you will also need to have cgrulesengd running.

peterph
  • 30,520
  • 2
  • 69
  • 75
  • Hey, I'm wondering, will it be the same whether I login as root or a common user? If I control `root:sshd`, does all the ssh login procedures will be 'protected' by the group sshdcg? – KAs Jun 12 '15 at 15:22
  • cgroups are inherited by children processes. Thus when `sshd` forks to handle your connection, I would expect it to stay in the same group (especially since the fork is done with the credentials running the listener process. However, the way OpenSSH handles the connections is a bit more complicated - I won't tell you off the top of my head whether there is a place in the login process where it will end up in the default group (with the above setup). – peterph Jun 13 '15 at 10:35