28.7 Controlling Container Resources

Linux containers use cgroups in their implementation, and you can use the lxc-cgroup command to control the access that a container has to system resources relative to other containers. For example, to display the CPU cores to which a container can run on, enter:

[root@host ~]# lxc-cgroup -n ol6ctr1 cpuset.cpus

To restrict a container to cores 0 and 1, you would enter a command such as the following:

[root@host ~]# lxc-cgroup -n ol6ctr1 cpuset.cpus 0,1

To change a container's share of CPU time and block I/O access, you would enter:

[root@host ~]# lxc-cgroup -n ol6ctr2 cpu.shares 256
[root@host ~]# lxc-cgroup -n ol6ctr2 blkio.weight 500

Limit a container to 256 MB of memory when the system detects memory contention or low memory; otherwise, set a hard limit of 512 MB:

[root@host ~]# lxc-cgroup -n ol6ctr2 memory.soft_limit_in_bytes 268435456
[root@host ~]# lxc-cgroup -n ol6ctr2 memory.limit_in_bytes 53687091

To make the changes to a container's configuration permanent, add the settings to the file /container/name/config, for example:

# Permanently tweaked resource settings

For more information about the resources that can be controlled, see http://www.kernel.org/doc/Documentation/cgroups/.