一、安装cgroup服务

• centos7直接用yum可以直接安装cgroup。

yum -y install libcgroup libcgroup-devel libcgroup-pam libcgroup-tools

• 启动cgroup服务

systemctl start cgconfig.service
systemctl enable cgconfig.service
systemctl start cgred.service
systemctl start cgred.service

二、安装web服务-nginx

安装过程省略。
nginx的systemctl的服务文件路径，/usr/lib/systemd/system/nginx.service

三、配置如何限制nginx服务资源

3.1、创建策略文件

我们必须在/usr/lib/systemd/system/目录下创建一个cgroup的策略文件，这里创建的策略文件名为nginx_cpus.slice,侧略文件的扩展名必须为.slice，文件名随意。策略文件的格式类似于nginx.service,可以参照，策略文件的编写规则可以参照帮助文件。可以通过man systemd.resource-control。

策略文件模板

[Unit]
Description=nginx_cgroup

[Slice]
CPUShares=512
CPUAccounting=true

查看帮助-查看策略文件可以配置那些参数

]# man systemd.resource-control
OPTIONS
       Units of the types listed above can have settings for resource
       control configuration:

       CPUAccounting=
           Turn on CPU usage accounting for this unit. Takes a boolean
           argument. Note that turning on CPU accounting for one unit
           will also implicitly turn it on for all units contained in
           the same slice and for all its parent slices and the units
           contained therein. The system default for this setting may
           be controlled with DefaultCPUAccounting= in systemd-
           system.conf(5).

       CPUShares=weight, StartupCPUShares=weight
           Assign the specified CPU time share weight to the processes
           executed. These options take an integer value and control
           the "cpu.shares" control group attribute. The allowed range
           is 2 to 262144. Defaults to 1024. For details about this
           control group attribute, see sched-design-CFS.txt[2]. The
           available CPU time is split up among all units within one
           slice relative to their CPU time share weight.
.......

3.2、创建配置文件应用策略

就是把创建的策略文件中的规则应用到nginx服务中。使之生效。
必须在/usr/lib/systemd/system/nginx.service同目录下创建/usr/lib/systemd/system/nginx.service.d目录，然后在新创建的目录/usr/lib/systemd/system/nginx.service.d下创建配置文件，配置文件必须是".conf"结尾的文件。这里配置文件命名为10-nginx-cpus.conf
配置文件模板

]# cd nginx.service.d
]# vim 10-nginx-cpus.conf
[Service]
Slice=nginx_cpus.slice

• 重新加载systemctl，重启nginx服务

]# systemctl daemon-reload
]# systemctl restart nginx.service

3.3、验证cgroup配置是否成功

• 查看nginx服务有没有加载10-nginx-cpus.conf配置文件

]# systemctl status nginx.service
● nginx.service - nginx
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/nginx.service.d
           └─10-nginx-cpus.conf
   Active: active (running) since Tue 2022-06-14 22:46:10 CST; 8s ago
  Process: 50072 ExecStop=/usr/local/nginx/sbin/nginx -s stop (code=exited, status=0/SUCCESS)
  Process: 50075 ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 50076 (nginx)
   CGroup: /nginx_cpus.slice/nginx.service
           ├─50076 nginx: master process /usr/local/nginx/sbin/nginx ...
           └─50077 nginx: worker process

Jun 14 22:46:10 CentOS7.9 systemd[1]: Starting nginx...
Jun 14 22:46:10 CentOS7.9 systemd[1]: Started nginx.
]#

Drop-In: /usr/lib/systemd/system/nginx.service.d,证明配置文件加载成功

• 查看/sys/fs/cgroup/systemd/nginx_cpus.slice目录中是否存在nginx.service服务

  
  
  查看cgroup组中是否存在nginx服务
• 查看cpu限制策略中是否生效
  查看对nginx服务的cpu限制策略是否和我们设置的策略一致，CPUShares=512是否生效。

[root@CentOS7 nginx_cpus.slice]# pwd
/sys/fs/cgroup/cpu/nginx_cpus.slice                      # nginx服务CPU限制策略的路径
[root@CentOS7 nginx_cpus.slice]# cat cpu.shares    # 查看CPUShares的值
512                  # 与设置的值一致，限制策略生效。
[root@CentOS7 nginx_cpus.slice]#

查看生效的策略中CPUShares的值为512，和我们设置的值一样，表示cgroup的生效。