Cgroup memory limitations not working for user slices

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Cgroup memory limitations not working for user slices
From: Balthasar Clemens Schlotmann <balthasar.schlotmann@bric.ku.dk>
Date: Thu, 11 Jul 2019 13:20:59 +0000
Message-id: <[🔎] FAA5455182CD0248A85940D2D4190B76A74E366C@P2KITMBX04WC02.unicph.domain>

Hi everyone,

I am trying to limit user resources via systemd slices. While CPU limitations work fine, Memory limitations don't seem to work.

The server runs debian stretch with a 4.9.0-8-amd64 kernel and systemd 232. The config files are in /etc/systemd/system/user-$UID.slice.d/override.conf ($UID is the actual user id for each user). They look like this for every user:

[Slice]
MemoryHigh=250G
MemoryMax=300G
CPUQuota=3200%

Here is the mount of the cgroup filesystems:

cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,clone_children)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)

and here the /proc/cgroups file, as you can see, all cgroups are enabled.

#subsys_name    hierarchy       num_cgroups     enabled
cpuset  3       2       1
cpu     9       117     1
cpuacct 9       117     1
blkio   2       117     1
memory  10      269     1
devices 8       117     1
freezer 7       63      1
net_cls 4       2       1
perf_event      5       2       1
net_prio        4       2       1
pids    6       212     1

Explicitly setting MemoryAccounting=true also doens't help, neither does swap space reduction.
I always logged in and out after editing the slice files.

I use the "stress" programm to test the limits and check the current CPU and RAM usage with top.

CPU limits, as said above, are respected, but the RAM settings are ignored. Unfortunately I don't know what could have been misconfigured. The install is updated from debian Jessie, so there might be some config options that got carried over. On a virtualbox with a fresh debian going over limits defined in such a way resulted in a process kill, and so does it on my personal pc with a different Linux distro.

I hope someone of you could give me a hint what I might have missed in the configuration.
Best regards,
Balthasar

Reply to:

Prev by Date: Re: Looking for a Couple of Programs in Buster
Next by Date: Ansible : User to use
Previous by thread: Re: Looking for a Couple of Programs in Buster
Next by thread: Ansible : User to use
Index(es):
- Date
- Thread