CGroup configuration in CentOS 7

Question

I am using CentOS 7 and I have several users registered in system (UIDs: 1000, 1001, 1002, etc)

I want to restrict memory consumption for each user using cgroup and systemd.

The following commands work pretty well but the user with UID=1000 must be logged in.

systemctl set-property user-1000.slice MemoryLimit=3000M
systemctl daemon-reload

If the user is not login I receive the following error message

Failed to set unit properties on user-1000.slice: Unit user-1000.slice is not loaded.

Imagine I have 20 users and I want to set up memory restrictions for them. Should I log in manually or write some workaround script to do it in order to run systemctl set-property command for each user? Or some elegant and straightforward solution exists?

Answer 1

This issues were based on the manner of configuration, it did not mean the cgroup can not limit the non-login users.

systemctl set-property ... command just supported for resource setting control at runtime. Failed to set unit properties on user-1000.slice: Unit user-1000.slice is not loaded. is just runtime issue. You can solve the issue by using the static manner.

Examples>

# vim /etc/systemd/system/user-1000.slice

Create the specific user slice file or slice.d.

[Unit]
Description=1000 user.slice

[Slice]
MemoryAccounting=true
MemoryLimit=3000M

Reload the systemd.

# systemctl daemon-reload

Check the cgroup resource control setting.

1.Login as id=1000 user. (The cgroup setting is applied dynamically if user-1000 login)

2.Check cgroup limit status

# cd /sys/fs/cgroup/memory/user.slice/

# ls -ld *.slice
  ...snip...
  user-1000.slice
  ...snip...

# cd ./user-1000.slice
# cat ./memory.limit_in_bytes
3145728000

I hope this will help you.