Hi.
On Mon, 22 Feb 2016 11:01:29 +0000 (UTC)
Mark Johnson <johnsonmark...@yahoo.ie> wrote:
> Hi all.
>
> My name is Mark, and I try since a few days to implement outbound traffic
> shaping with cgoups and its podsystems (especially - "net_cls", "net_prio")
> and iptables. The problem is to enable cgroups (subsystems "net_cls" and
> daemons like "cgrulesengd") Spent many hours looking for education stuff, but
> everything was time wasting only. In my opinion something must be wrong with
> Kernel ( set-up?, patching?, upgrade? )
> My Kernel - 3.16.If you could explain how-to in a few words, it would be
> really great news for me. We all belongs to big "Debian Family" are we not?
A case study:
1) Ensure that you're *not* running systemd as PID=1. It *will* screw
things up, do not try it.
2) Ensure that you don't have any services in enabled state that try to
configure cgroups on their own. libvirtd or cgmanager, for instance.
3) Write a configuration file /etc/cgconfig.conf with the contents like
this:
mount {
cpuset = /sys/fs/cgroup/cpuset;
cpu = /sys/fs/cgroup/cpu;
cpuacct = /sys/fs/cgroup/cpuacct;
devices = /sys/fs/cgroup/devices;
freezer = /sys/fs/cgroup/freezer;
net_cls = /sys/fs/cgroup/net_cls;
blkio = /sys/fs/cgroup/blkio;
perf_event = /sys/fs/cgroup/perf_event;
}
group mynet {
net_cls {
net_cls.classid="122541";
}
}
4) Invoke:
mount -t tmpfs cgroup_root /sys/fs/cgroup
/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
5) If all goes well you should see a bunch of mounted filesystems of
type cgroup, one for each controller.
6) Create a configuration file /etc/cgrules.conf with the contents
like this:
*:/bin/bash net_cls mynet
7) Start cgrulesengd for debugging:
/usr/sbin/cgrulesengd -nv
8) Observe all instances of bash to migrate to mynet cgroup.
Double-check it with:
cat /sys/fs/cgroup/net_cls/nonet/tasks
9) Clean up:
/usr/sbin/cgclear
umount /sys/fs/cgroup
Reco
