**Control Groups (cgroups)** are a Linux kernel feature that allows for the allocation,

prioritization, and monitoring of resources among different processes and containers. They
play a crucial role in managing system resources and ensuring that applications and services
run efficiently and reliably. Here’s an in-depth look at cgroups:

Overview of cgroups

- **Purpose**: Cgroups are used to manage system resources like CPU, memory, disk I/O,
and network bandwidth among groups of processes. This ensures that no single process or
group of processes can monopolize system resources, leading to better system stability and
performance.

- **Structure**: Cgroups organize processes into hierarchical groups, with each group having
its own resource limits and accounting. This hierarchy allows for flexible resource
management and monitoring.

### Key Features of cgroups

1. **Resource Limiting**:
- **CPU**: Control the amount of CPU time a group of processes can use. You can set
limits on CPU usage or prioritize certain processes over others.
- **Memory**: Set limits on how much memory a group of processes can consume. This
prevents processes from using more memory than allocated and helps avoid out-of-memory
(OOM) situations.
- **Disk I/O**: Regulate the read and write operations to the disk. This prevents a single
process from overwhelming the disk I/O subsystem.
- **Network Bandwidth**: Manage network bandwidth usage by setting limits on the
amount of data that can be sent or received.

2. **Resource Accounting**:
- Cgroups provide detailed statistics about resource usage, such as how much CPU time or
memory a group of processes has used. This data is useful for monitoring and
troubleshooting.

3. **Process Hierarchy**:
- Processes can be organized into hierarchical groups, where each group inherits resource
constraints from its parent. This allows for hierarchical resource management and isolation.
4. **Resource Isolation**:
- Cgroups ensure that processes in different groups do not interfere with each other’s
resource allocation. This isolation is critical for running multiple containers or services on
the same system without conflicts.

5. **Dynamic Adjustment**:
- Resource limits and priorities can be adjusted dynamically without restarting processes.
This flexibility helps in responding to changing workloads and system conditions.

### Components of cgroups

1. **Cgroup Controllers**: These are modules that manage specific resources. Each
controller manages a different aspect of resource allocation, such as `cpu`, `memory`,
`blkio` (block I/O), `net_cls` (network classification), etc.

2. **Cgroup Filesystems**: Cgroups use special filesystems (like `cgroupfs`) to configure

and manage groups. These filesystems expose configuration files where limits and policies
are set.

### Practical Applications

1. **Containers**: Cgroups are fundamental to container technologies like Docker and

Kubernetes. They ensure that containers run with specified resource limits and isolation
from other containers.

2. **System Administration**: System administrators use cgroups to manage server

resources, ensuring fair allocation among multiple users or services.

3. **Performance Management**: By setting resource limits and priorities, cgroups help in

maintaining system performance and responsiveness, especially in multi-tenant
environments.

### Example Usage

1. **Creating a cgroup**:
```bash
mkdir /sys/fs/cgroup/cpu/mygroup
 echo 50000 > /sys/fs/cgroup/cpu/mygroup/cpu.cfs_quota_us
```

This example creates a cgroup named `mygroup` and limits its CPU usage to 50% of one
core.

2. **Adding a Process to a cgroup**:

```bash
echo <pid> > /sys/fs/cgroup/cpu/mygroup/cgroup.procs
```

This command adds a process with a specific PID to the `mygroup` cgroup.

### Summary

Cgroups are a powerful feature of the Linux kernel that help in managing and controlling
system resources among groups of processes. They provide essential capabilities for resource
limiting, accounting, isolation, and dynamic adjustment, making them crucial for
containerization, system administration, and performance management. By using cgroups,
administrators can ensure that resources are allocated fairly and efficiently, improving
overall system stability and performance.

----------------------------------------------------------------------------

Let’s dive deeper into **cgroups** (Control Groups) and explore their finer details, focusing
on how they work, their components, and their usage.

### 1. **Deeper Understanding of cgroups**

Cgroups provide fine-grained resource control in Linux by grouping processes into
hierarchical structures and assigning limits on system resources. Each group can have its
own resource allocations, and you can monitor and modify these allocations dynamically.

Cgroups manage resources at the kernel level, making them efficient and scalable for a
variety of workloads, from individual applications to large-scale containerized environments
like Kubernetes.

### 2. **Hierarchy and Subsystems**

Cgroups operate in a hierarchical structure, where each group can have child groups that
inherit the resource policies of the parent. A **cgroup hierarchy** consists of the following:
- **Root cgroup**: Every system starts with a single root cgroup. All processes are in this
root cgroup by default until they are assigned to a specific group.
- **Child cgroups**: Subgroups can be created within the root, with different or inherited
resource limits.

**Subsystems** (or controllers) are specific to each resource type and handle the resource
management within the hierarchy. These controllers are attached to hierarchies and are
responsible for enforcing limits.

For example:
- A `cpu` subsystem controls CPU scheduling.
- A `memory` subsystem limits and accounts for memory usage.

### 3. **Cgroup v1 vs. Cgroup v2**

There are two versions of cgroups in Linux, with significant improvements in **Cgroup v2**:
- **Cgroup v1**: Each resource controller operates independently, and different controllers
can be attached to different hierarchies. This flexibility comes at the cost of complexity
because resources are managed independently for each hierarchy.
- **Cgroup v2**: Controllers are unified, and all subsystems are mounted in a single
hierarchy. This allows for better integration and simplified management.

In **Cgroup v2**, you can control multiple resources together, improving efficiency and
performance monitoring.

### 4. **Cgroup Controllers (Subsystems) in Detail**

Cgroups use specific **controllers** to manage various system resources. Let’s break down
some of the important ones:

#### 1. **CPU Controller**

- **Purpose**: Limits the CPU time a process can use.
- **Key files**:
- `cpu.cfs_quota_us`: Defines the total available CPU time for the cgroup. The value is in
microseconds. For example, a value of `200000` would allocate 200 milliseconds of CPU
time in every 1-second period.
 - `cpu.cfs_period_us`: Defines the time period (in microseconds) over which the `quota`
is distributed.
- **Example**: A group can be limited to 50% CPU time by setting `cpu.cfs_quota_us` to
50000 and `cpu.cfs_period_us` to 100000.

#### 2. **Memory Controller**

- **Purpose**: Controls the memory usage of processes.
- **Key files**:
- `memory.limit_in_bytes`: Sets a hard limit on memory usage for the group. If the
processes in the group try to exceed this limit, they will either swap memory or be killed by
the Out Of Memory (OOM) killer.
- `memory.usage_in_bytes`: Provides real-time memory usage of the group.
- `memory.swappiness`: Controls the relative weight of swap space used by processes.
- **Example**: To restrict memory usage to 1 GB:
```bash
echo 1073741824 > /sys/fs/cgroup/memory/mygroup/memory.limit_in_bytes
```

#### 3. **Blkio (Block I/O) Controller**

- **Purpose**: Controls the I/O bandwidth for block devices (e.g., hard drives, SSDs).
- **Key files**:
- `blkio.throttle.read_bps_device`: Limits the read bandwidth (in bytes per second) from
a specific block device.
- `blkio.throttle.write_bps_device`: Limits the write bandwidth to a block device.
- **Example**: To limit a device `/dev/sda` to 5 MB/s for reads:
```bash
echo "8:0 5242880" > /sys/fs/cgroup/blkio/mygroup/blkio.throttle.read_bps_device
```

#### 4. **PIDs Controller**

- **Purpose**: Limits the number of processes (PIDs) that can be created in the group.
- **Key files**:
- `pids.max`: Sets the maximum number of processes for the group.
- `pids.current`: Shows the current number of processes in the group.
 - **Example**: To limit a cgroup to 100 processes:
```bash
echo 100 > /sys/fs/cgroup/pids/mygroup/pids.max
```

#### 5. **Network Controller** (net_cls, net_prio)

- **Purpose**: Controls network-related resources, such as bandwidth limits and network
priority.
- **Key files**:
- `net_cls.classid`: Assigns a class ID to the group, which can be used to prioritize or limit
traffic through `tc` (traffic control).
- `net_prio.ifpriomap`: Assigns priorities to the group for specific network interfaces.
- **Example**: To set a class ID for traffic shaping:
```bash
echo 0x10001 > /sys/fs/cgroup/net_cls/mygroup/net_cls.classid
```

### 5. **How to Use cgroups**

You can use cgroups directly from the command line or manage them using higher-level
tools. Here’s a basic workflow using cgroup commands:

#### 1. **Creating a cgroup**:

- Create a new cgroup for a resource like `cpu`:
```bash
mkdir /sys/fs/cgroup/cpu/mygroup
```

#### 2. **Assigning a Process to a cgroup**:

- Assign a process (with PID 1234) to the `mygroup` cgroup:
```bash
echo 1234 > /sys/fs/cgroup/cpu/mygroup/cgroup.procs
```

#### 3. **Setting Resource Limits**:

 - Limit CPU usage for the `mygroup` cgroup to 50%:
```bash
echo 50000 > /sys/fs/cgroup/cpu/mygroup/cpu.cfs_quota_us
```

#### 4. **Monitoring Resource Usage**:

- Monitor memory usage of a cgroup:
```bash
cat /sys/fs/cgroup/memory/mygroup/memory.usage_in_bytes
```

### 6. **User-Space Tools for Managing cgroups**

While you can directly manage cgroups via the filesystem (`/sys/fs/cgroup/`), there are
user-friendly tools available:

1. **`systemd`**: Modern Linux systems use `systemd` to manage cgroups. `systemd`

creates and manages cgroups for services automatically, and you can configure resource
limits for services using `.service` files.
- Example: In a `.service` file, you can limit CPU usage like this:
```ini
[Service]
CPUQuota=50%
```

2. **`cgcreate` and `cgset`**: These are part of the `cgroup-tools` package and provide
commands for managing cgroups in v1.
- Example to create a cgroup:
```bash
cgcreate -g cpu:/mygroup
```

- Example to limit memory:

```bash
 cgset -r memory.limit_in_bytes=1G mygroup
```

3. **`docker` and `Kubernetes`**: Docker and Kubernetes abstract away much of the
complexity of cgroups, but underneath, they use cgroups to manage container resources. For
example, Docker uses the following flags to set resource limits:
```bash
docker run --cpus="1.5" --memory="512m" mycontainer
```

### 7. **Security and Isolation**

- **Security**: Cgroups are often combined with **namespaces** (which provide isolation)
to implement full containerization. Together, cgroups (resource control) and namespaces
(process isolation) are the foundational technologies for containers.
- **Isolation**: Each cgroup operates independently, ensuring that resource constraints in
one group don’t affect others. This guarantees resource isolation between containers or
services.

### 8. **Real-world Use Cases of cgroups**

1. **Containers (Docker, Kubernetes)**: Containers rely heavily on cgroups to enforce
resource limits. For example, Docker uses cgroups to limit memory and CPU consumption
for each container, ensuring fair resource distribution.

2. **Multi-Tenant Environments**: Hosting providers use cgroups to allocate resources to

different users (tenants). Each tenant can be assigned specific CPU, memory, and disk I/O
limits, preventing one user from hogging resources.

3. **High-Performance Computing (HPC)**: Cgroups are used in HPC clusters to allocate

CPU and memory resources to jobs. This ensures that long-running scientific computations
do not exceed their resource quotas.

---

### Summary:
**Cgroups** are a powerful Linux kernel feature that enables fine-grained control over
system resources such as CPU, memory, disk I/O, and more. They allow you to group
processes into hierarchies, apply resource limits, monitor usage, and manage system
performance dynamically. Cgroups are fundamental to modern containerization platforms
like Docker and Kubernetes, as well as for managing resources in multi-tenant or high-
performance.

------------------------------------------------------------------------------

The image shows a hierarchical structure used to organize and control **resources** like
CPU and network bandwidth for different user groups (faculty and students) using
**cgroups** and **namespaces**.

Let me explain it simply:

### **Namespaces:**
Namespaces allow processes to run in an isolated environment, separate from others. For
example:
- You can isolate network endpoints, user IDs, or mount points for each group of processes.
- The idea is that each group feels like it's running on its own private system, even though
they share the same physical machine.

### **cgroups (Control Groups):**

- Cgroups allow you to **limit** resources for different groups of processes (such as CPU,
memory, and I/O usage).
- You can divide processes into **groups** and **subgroups** hierarchically.
- For example, in the image:
- **CPU-Faculty** is a group that gets 40% of CPU resources.
- **CPU-Students** gets 60% of CPU resources.
- Further, within these groups, processes like web browsing can be split into subgroups,
each with its own resource limits.

### **Hierarchical Structure:**

- The structure is divided into **groups** and **subgroups**.
- For example, for CPU:
- **All CPU** is split into **CPU-Faculty** and **CPU-Students**, who get 40% and 60%
of the CPU respectively.
- Similarly, network bandwidth is divided into web and non-web traffic for both groups.

### **Resource Limits:**

- You can specify what **fraction of the resources** can be used by each group. In the
diagram, for example:
- CPU-Faculty gets 40% of the CPU.
- The network (NW) bandwidth is split 50/50 between web and non-web usage.

### **Tasks and Processes:**

- Processes are placed into these groups by writing their **Process ID (PID)** into special
files.
- Once a task (like a browser) is assigned to a cgroup, all child processes of that task inherit
the same resource limits.

### **Filesystem for Management:**

- The cgroups are managed via a special filesystem mounted at `/sys/fs/cgroup`.
- You can create directories for different groups and assign tasks to these directories to
control resources.

This setup is used to ensure that different users or tasks (such as faculty and students) get a
fair share of system resources without affecting each other's performance.