Fix cgroup.

deleted:    install_shell/cgroup-d5000-install/cgconfig.conf
	deleted:    install_shell/cgroup-d5000-install/cgrules.conf
	deleted:    install_shell/cgroup-d5000-install/install.sh
	new file:   install_shell/cgroup-d5000-install/set_libcgroup.sh
	modified:   setup.sh

install_shell/cgroup-d5000-install/cgconfig.conf

@@ -1,78 +0,0 @@
-#
-#  Copyright IBM Corporation. 2007
-#
-#  Authors:	Balbir Singh <balbir@linux.vnet.ibm.com>
-#  This program is free software; you can redistribute it and/or modify it
-#  under the terms of version 2.1 of the GNU Lesser General Public License
-#  as published by the Free Software Foundation.
-#
-#  This program is distributed in the hope that it would be useful, but
-#  WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-#
-#group daemons/www {
-#	perm {
-#		task {
-#			uid = root;
-#			gid = webmaster;
-#		}
-#		admin {
-#			uid = root;
-#			gid = root;
-#		}
-#	}
-#	cpu {
-#		cpu.shares = 1000;
-#	}
-#}
-#
-#group daemons/ftp {
-#	perm {
-#		task {
-#			uid = root;
-#			gid = ftpmaster;
-#		}
-#		admin {
-#			uid = root;
-#			gid = root;
-#		}
-#	}
-#	cpu {
-#		cpu.shares = 500;
-#	}
-#}
-#
-#mount {
-#	cpu = /mnt/cgroups/cpu;
-#	cpuacct = /mnt/cgroups/cpuacct;
-#}
-group d5000_limits {
-	perm {
-		task {
-			uid = d5000;
-			gid = d5000;
-		}
-		admin {
-			uid = sysadmin;
-			gid = sysadmin;
-		}
-	}
-	cpuset {
-		cpuset.cpus = 0-0;
-		cpuset.mems = 0-0;
-	}
-	memory {
-		memory.limit_in_bytes = 900M;
-		memory.memsw.limit_in_bytes = 962M;
-	}
-}
-
-mount {
-	cpu = /lxcg;
-	cpuset = /lxcg;
-	cpuacct = /lxcg;
-	memory = /lxcg;
-	freezer = /lxcg;
-	net_cls = /lxcg;
-	devices = /lxcg;
-}

install_shell/cgroup-d5000-install/cgrules.conf

@@ -1,76 +0,0 @@
-# /etc/cgrules.conf
-#
-#Each line describes a rule for a user in the forms:
-#
-#<user>			<controllers>		<destination>
-#<user>:<process name>	<controllers>		<destination>
-#
-#Where:
-# <user> can be:
-#        - an user name
-#        - a group name, with @group syntax
-#        - the wildcard *, for any user or group.
-#        - The %, which is equivalent to "ditto". This is useful for
-#          multiline rules where different cgroups need to be specified
-#          for various hierarchies for a single user.
-#
-# <process name> is optional and it can be:
-#	 - a process name
-#	 - a full command path of a process
-#
-# <controller> can be:
-# 	 - comma separated controller names (no spaces)
-# 	 - * (for all mounted controllers)
-#
-# <destination> can be:
-# 	 - path with-in the controller hierarchy (ex. pgrp1/gid1/uid1)
-#
-# Note:
-# - It currently has rules based on uids, gids and process name.
-#
-# - Don't put overlapping rules. First rule which matches the criteria
-#   will be executed.
-#
-# - Multiline rules can be specified for specifying different cgroups
-#   for multiple hierarchies. In the example below, user "peter" has
-#   specified 2 line rule. First line says put peter's task in test1/
-#   dir for "cpu" controller and second line says put peter's tasks in
-#   test2/ dir for memory controller. Make a note of "%" sign in second line.
-#   This is an indication that it is continuation of previous rule.
-#
-#
-#<user>  	<controllers>  	<destination>
-#
-#john          cpu		usergroup/faculty/john/
-#john:cp       cpu		usergroup/faculty/john/cp
-#@student      cpu,memory	usergroup/student/
-#peter	       cpu		test1/
-#%	       memory		test2/
-#@root	    	*		admingroup/
-#*		*		default/
-# End of file
-bin * d5000_limits
-daemon * d5000_limits
-sys * d5000_limits
-audadmin * d5000_limits
-#sysadmin * d5000_limits
-secadmin * d5000_limits
-netadmin * d5000_limits
-nobody * d5000_limits
-mail * d5000_limits
-postfix * d5000_limits
-dhcp * d5000_limits
-named * d5000_limits
-httpd * d5000_limits
-squid * d5000_limits
-samba * d5000_limits
-#sshd * d5000_limits
-nfs * d5000_limits
-mysql * d5000_limits
-snort * d5000_limits
-ftp * d5000_limits
-cron * d5000_limits
-messagebus * d5000_limits
-mfs * d5000_limits
-#root:inetd * d5000_limits
-d5000 * d5000_limits

install_shell/cgroup-d5000-install/install.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-USER_NAME=$1
-USER_HOME=$2
-USER_SHELL=$3
-
-sed -i "s#d5000#${USER_NAME}#g" /etc/cgconfig.conf
-sed -i "s#d5000#${USER_NAME}#g" /etc/cgrules.conf
-grep ^${USER_NAME} /etc/security/limits.conf|grep nproc &>/dev/null
-if [ $? -ne 0 ];then
-	echo "${USER_NAME}        soft    nproc           10240">>/etc/security/limits.conf
-	echo "${USER_NAME}        hard    nproc           10240">>/etc/security/limits.conf
-fi

install_shell/cgroup-d5000-install/set_libcgroup.sh

@@ -0,0 +1,126 @@
+#!/bin/sh
+
+#设置开机启动项
+echo "Starting set the boot startup..."
+
+ln -s /etc/rc.d/init.d/cgconfig /etc/rc.d/rc3.d/S100cgconfig 
+ln -s /etc/rc.d/init.d/cgconfig /etc/rc.d/rc5.d/S100cgconfig 
+ln -s /etc/rc.d/init.d/cgred /etc/rc.d/rc3.d/S105cgred
+ln -s /etc/rc.d/init.d/cgred /etc/rc.d/rc5.d/S105cgred
+
+#设置cgconfig和cgred服务的配置文件
+total_mem=`free -m | grep -i "mem" | awk '{print $2}'`
+total_swap=`free -m | grep -i "swap" | awk '{print $2}'`
+
+cpus=`cat /proc/cpuinfo | grep processor | wc -l`
+((cpus=cpus-2))
+if [ ${cpus} -lt 0 ]; then
+	cpus=0
+fi
+
+numa=`numactl --show`
+if [ $? -eq 0 ]; then
+#	memory_nodes=`numactl --hardware | sed -n '1p' | awk '{print $2}'`
+	memory_nodes=`numactl --hardware | grep "nodes" | awk '{print $4}' | sed -e "s/(//g" | sed -e "s/)//g"`
+else
+	memory_nodes=0
+fi
+
+#if [ ${memory_nodes} -ne 0 ]; then
+#	((memory_nodes--))
+#fi
+
+echo "Starting set the cgconfig.conf..."
+
+cgconfig="group $1_limits {
+	perm {
+		task {
+			uid = $1;
+			gid = $1;
+		}
+		admin {
+			uid = sysadmin;
+			gid = sysadmin;
+		}
+	}
+	cpuset {
+		cpuset.cpus = 0-var_cpus;
+		cpuset.mems = var_nodes;
+	}
+	memory {
+		memory.limit_in_bytes = var_memM;
+		memory.memsw.limit_in_bytes = var_swapM;
+	}
+	cpu {
+	  cpu.rt_runtime_us = 950000;
+	}
+}
+
+mount {
+	cpuset = /lxcg;
+	cpu = /lxcg;
+	cpuacct = /lxcg;
+	memory = /lxcg;
+	devices = /lxcg;
+	freezer = /lxcg;
+	net_cls = /lxcg;
+}"
+
+cgrules="*:start_kdeinit * /
+*:startkde * /
+*:kdeinit * /
+*:kded * /
+*:scim-launcher * /
+*:scim-helper-manager * /
+*:scim-panel-gtk * /
+*:gam_server * /
+*:kwrapper * /
+*:artsd * /
+*:korgac * /"
+
+	if [ ${total_mem} -le 500 ]; then 
+		mem_root=100
+	else
+		mem_root=$((${total_mem}/10))	
+		if [ ${mem_root} -lt 100 ]; then
+			mem_root=100
+		elif [ ${mem_root} -ge 100 ] && [ ${mem_root} -le 500 ]; then
+			mem_root=500
+		elif [ ${mem_root} -gt 2000 ]; then
+			mem_root=2000
+		fi
+	fi
+
+	mem=$((${total_mem}-${mem_root}))
+	swap=$((${total_swap}/2))
+
+	sed -i "/^[^#]/d" /etc/cgconfig.conf
+	sed -i "/^$/d" /etc/cgconfig.conf
+
+	echo "$cgconfig" >> /etc/cgconfig.conf
+
+ 	sed -i "s/var_cpus/${cpus}/g" /etc/cgconfig.conf
+ 	sed -i "s/var_nodes/${memory_nodes}/g" /etc/cgconfig.conf
+ 	sed -i "s/var_mem/${mem}/g" /etc/cgconfig.conf
+ 	sed -i "s/var_swap/$(($mem+$swap))/g" /etc/cgconfig.conf
+
+echo "Starting set cgrules.conf..."
+
+sed -i "/^[^#]/d" /etc/cgrules.conf
+sed -i "/^$/d" /etc/cgrules.conf
+
+echo "$cgrules" >> /etc/cgrules.conf
+
+users=`cut -d ':' -f1 /etc/passwd | sed -e '/root/d'`
+for username in ${users}
+do
+	if [ ${username} != "sysadmin" ] && [ ${username} != "sshd" ]; then
+		echo "${username}: * $1_limits" >> /etc/cgrules.conf
+	fi
+done
+
+#设置进程能力
+echo "Starting set process capabilities..."
+setcap "=eip" /usr/sbin/cgconfigparser
+setcap "=eip" /usr/sbin/cgclear
+setcap "=eip" /usr/sbin/cgrulesengd

setup.sh

@@ -49,7 +49,7 @@ echo "===Set other==="
 
 
 cd cgroup-d5000-install
-./install.sh $1 $2 $3
+./set_libcgroup.sh $1 $2 $3
 echo "===Set cgroup==="