Controlling Resource Consumption on a PostgreSQL Server Using Linux cgroup2

Multi-tenancy/co-hosting is always challenging. Running multiple PG instances could help to reduce the internal contention points (scalability issues) within PostgreSQL. However, the load caused by one of the tenants could affect other tenets, which is generally referred to as the “Noisy Neighbor” effect. Luckily, Linux allows users to control the resources consumed by each program using cgroups (Control Groups).  Cgroup was featured in one of the blog posts by Vadim explaining how to use cgroups to Limit MySQL and MongoDB memory usage. However, the landscape has changed a lot in this area in recent years. cgroup2 came as a replacement for cgroup version one, addressing almost all the limitations of the architecture of version one.

We should be able to reliably use cgroup2 if the Linux Kernel Version is 5.2.0 or later. More practically, if we are running a Linux distribution of 2022 or later, your host machine will most probably be ready for cgroup2.

An easy way to check whether the Linux is using cgroup version one or two is to check the number of mounts with cgroup

If the count is one, then we have cgroup2. Because cgroup2 has a unified, single hierarchy, we may see multiple mounts if cgroup version 1 is in effect.

If the kernel version is new, still the cgroup1 is in effect, you may have to use the boot parameter: “systemd.unified_cgroup_hierarchy=1”. On Redhat/OEL systems, we can add this parameter by executing the following

Basically, it adds this to the Kernel parameter as a bootloader option, like

This change requires a restart of the machine

After restarting, you may verify

Please make sure that it is mentioned as “cgroup2”

Now we shall inspect this virtual filesystem for a better understanding

This is the root control group. All Slices come under this. We can see “system.slice” and “user.slice,” which appear as directories because they are the next levels.

We can check what are the cgroup controllers available in the machine as follows:

Putting cgroup2 into practice

Creating a slice

Creating a separate slice for the PostgreSQL instances is a good idea when there are multiple instances. This will allow us to control the overall consumption of resources from a higher level.
Let’s assume that we want to restrict all PostgreSQL services from exceeding 25% of the machine’s CPU. The first step is to create a slice:

For the demonstration, I am adding the following unit configuration:

Save and quit the editor, and then reload.

Anytime we shall check the status of the slice like sudo systemctl status postgres.slice

Modifying PostgreSQL service

We can use the slice that we created in the PostgreSQL service. For which we need to edit the service unit:

Add a specification about the slice, like Slice=postgres.slice, under the [Service] section of the unit file.

Save and exit the editor. This change requires a restart of the PostgreSQL service.

On restarting the PostgreSQL service, PostgreSQL will start running under the new slice.

The same will be visible in service status.

Verification

I tried to create a heavy load on the system by running benchmark suit having many sessions in parallel on a single CPU machine. Irrespective of whatever I tried, the Linux was restricting the PostgreSQL from exceeding the limits specified by the slice.

If we add up all CPU utilization of all the processes of PostgreSQL, we shall see 2.3*4+2*7+1.7 = 24.9!  (To make the counting easier, I used a single CPU core machine.)

The same workload without any cgroup restrictions can bring the server to 100% utilization (0% idle).

*cgroup slice restrictions have reduced the throughput, which is expected.

We can have multiple services in a slice, which will be the next level in the hierarchy.  systemd-cgtop can show us the slice-wise and individual service-wise utilization.

Super cool, isn’t it?  The quick demo concludes here.

Service level control

cgroup2 is very versatile, and many more options exist. For example, you may not want to create separate slices for PostgreSQL services, as demonstrated, especially when there is only one PostgreSQL instance on the host machine. By default, PostgreSQL and all services will be part of  “system.slice”. The easy method in this case will be to specify the cgroup restrictions at the service level rather than at the slice level.

For example:

And specify the resource control configuration directly in the service unit under [Service] section.

*  Changes will be in effect on the next restart.

Summary

Control groups are widely and silently used these days by other programs like Docker and Kubernetes. They are one of the well-proven methods of restricting resource consumption on a machine. The new cgroup2 makes them much simpler to use.

A clear control of the resource usage on a host machine opens up many possibilities. Some of them which come to my mind are:

1. Better multi-tenent environments
   We can prevent the “Noisy Neighbor” effect in a multi-tenant environment by preventing tenants from competing for the same set of resources.
2. Co-hosted application server + database server on the same machine.
   The vast majority of applications are CPU-intensive, while DB servers remain Memory—and I/O-intensive. So, there are cases where putting them together on the same machine makes sense, especially for small and simple applications. A big advantage of co-hosted applications and databases is that they can communicate over local sockets rather than TCP/IP. Practically, we see many cases in which the Network is the silent performance destroyer. How To Measure the Network Impact on PostgreSQL Performance. Yet another advantage is that we don’t have to expose the database service (port) to the network.
3. Protect the system from abuses, service denial attacks, especially unwanted fail-overs
   When the system becomes overloaded, it may become unresponsive for all the programs running on the machine, not just the database. Such situations often result in unwanted failovers by HA Frameworks. A good control of resource usage can prevent this from happening.

Our PostgreSQL Performance Tuning eBook condenses years of database expertise into a practical guide for optimizing your PostgreSQL databases. Inside, you’ll discover our most effective PostgreSQL performance strategies derived from real-world experience.

Download now: Elevate your PostgreSQL Performance

References:

https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html
https://www.redhat.com/en/blog/world-domination-cgroups-rhel-8-welcome-cgroups-v2
https://docs.oracle.com/en/learn/ol-cgroup-v2/#mount-cgroups-v2
https://www.youtube.com/watch?v=kcnFQgg9ToY
https://www.scylladb.com/2019/09/25/isolating-workloads-with-systemd-slices/
https://www.suse.com/support/kb/doc/?id=000019590

About the Author

Jobin Augustine
Jobin Augustine is a PostgreSQL expert and Open Source advocate and has more than 21 years of working experience as a consultant, architect, administrator, writer, and trainer in PostgreSQL, Oracle and other database technologies. He has always been an active participant in the Open Source communities, and his main focus area is database performance and optimization. Jobin is a regular face in many of the PostgreSQL conferences and has presented at various conferences for the last 6+ years. He is a contributor to multiple Open Source Projects, an active blogger, and loves coding in C++ and Python. Jobin holds a Master's in Computer Applications; Currently, he is the PostgreSQL Escalation Specialist for Percona. Previously, he worked at OpenSCG for two years as an architect and was part of the BigSQL core team. Previous to his work at OpenSCG, Jobin worked at Dell as Database Senior Advisor for ten years and another five years with TCS/CMC.

Subscribe

Notify of

new follow-up comments new replies to my comments

Label

{} [+]

Name*

Email*

Website

Δ

Label

{} [+]

Name*

Email*

Website

Δ

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments