4

I have a Debian 10 server and I am trying to limit the memory + swap of a user using cgroups2.

Using memory.limit_in_bytes works fine, but I want to limit the memory+swap using memory.memsw.limit_in_bytes which isn't working.

I get this error when I run cgconfigparser:

root@server:~# cgconfigparser -l /etc/cgconfig.conf
Error: failed to set /sys/fs/cgroup/memory/group1/memory.memsw.limit_in_bytes: Invalid argument
cgconfigparser; error loading /etc/cgconfig.conf: Failed to remove a non-empty group
root@server:~#

Here is the group:

group group1 {
  memory {
    memory.memsw.limit_in_bytes = 512m;
  }
}

Any idea on what's wrong?

EDIT: I've enabled cgroups memory and swapaccount in the GRUB command already but still the issue occurs.

Mario
  • 181
  • 7
  • Could you post the additions to the kernel commandline you added to GRUB, and also the output of cat /proc/cmdline please? Apart from that, try as mentioned in this answer: https://unix.stackexchange.com/a/125024/83329 – doktor5000 Apr 12 '20 at 09:18
  • @doktor5000 - root@server:~# cat /proc/cmdline BOOT_IMAGE=/boot/vmlinuz-5.4.0-0.bpo.2-amd64 root=/dev/sda2 ro rd.driver=raid1,ahci,dm_mod,part_gpt domdadm dolvm rd.lvm.vg=vg00 rd.lvm.lv=vg00/usr console=ttyS0,57600 console=tty0 net.ifnames=0 biosdevname=0 quiet cgroup_enable=memory swapaccount=1 – Mario Apr 12 '20 at 09:29
  • 1
    Just to be clear: you say you're trying to limit a user using cgroup v2, but this is legacy cgroup v1, which has a significant number of deficiencies :-) – Chris Down Apr 12 '20 at 11:46
  • @ChrisDown - The system supports cgroup v2 but idk why it uses v1 – Mario Apr 12 '20 at 12:04
  • It's not the system, you're explicitly using cgroupv1 with that stanza. For cgroupv2, have a look at e.g. https://facebookmicrosites.github.io/cgroup2/docs/memory-controller.html you would probably want memory.max and memory.swap.max @ChrisDown good catch ;) – doktor5000 Apr 12 '20 at 12:09
  • 1
    @doktor5000 Heh, linked to my own documentation ;-) If your system is forcing v1 controllers, you might want to use cgroup_no_v1=all on the kernel command line. – Chris Down Apr 12 '20 at 12:12

1 Answers1

4

Thanks to @doktor5000 for providing the answer Limit memory usage for a single Linux process

I concluded the following from that answer: memory.limit_in_bytes must be set before memory.memsw.limit_in_bytes, and memory.memsw.limit_in_bytes must be bigger than or equal to memory.limit_in_bytes

So in my case, this group configuration worked:

group group1 {
  memory {
    memory.limit_in_bytes = 512m;
    memory.memsw.limit_in_bytes = 512m;
  }
}

which seens to limit the memory+swap of the user to 512MB. I've tested it with https://github.com/julman99/eatmemory

Mario
  • 181
  • 7