Skip to content

chpc-uofu/cgroup-warden

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
control
control
 
 
metrics
metrics
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.go
config.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

cgroup-warden

License: GPL v2 Go Reference

cgroup-warden is a daemon that provides a way to set resource limits on those cgroups. Created to support CHPC's Arbiter.

Installation

Releases

Pre-built binaries can be found on the Releases page.

Build from source

The binary can also be built from source.

git clone https://github.com/chpc-uofu/cgroup-warden.git
cd cgroup-warden
go build .

If non-local user accounts are used, then the binary must be built with CGO_ENABLED=1 for proper username resolution.

Configure

The following flags are passed as environment variables

CGROUP_WARDEN_LISTEN_ADDRESS : Address for the service to listen on. Defaults to :2112.
CGROUP_WARDEN_ROOT_CGROUP : Monitor all cgroups underneath this one. Defaults to /user.slice.
CGROUP_WARDEN_INSECURE_MODE : Whether to run without bearer token authentication and TLS. Defaults to false.
CGROUP_WARDEN_CERTIFICATE : Path to TLS certificate. Required if running in secure mode.
CGROUP_WARDEN_PRIVATE_KEY: Path to TLS private key. Required if running in secure mode.
CGROUP_WARDEN_BEARER_TOKEN : Bearer token to use for authentication. Required if running in secure mode.
CGROUP_WARDEN_META_METRICS : Whether to export metrics regarding the running warden itself. Defaults to true. CGROUP_WARDEN_LOG_LEVEL : Level at which to log messages. Choices are debug, info, warning, and error. Defaults to info.

When passing these to a systemd service, you can put them into an environment file:

CGROUP_WARDEN_LISTEN_ADDRESS=0.0.0.0:2112
CGROUP_WARDEN_BEARER_TOKEN=super-secret-bearer-token
...

Make sure this file is private.

Running as a service

The cgroup-warden is best run as a systemd service. The service must be run as root if the cgroup-warden is to set limits.

Running in secure mode

Because the cgroup-warden runs in a priveledged mode, it is highly recommended to run the program in secure mode. This means enabling HTTPS, and using bearer token authentication. The environment would contain:

...
CGROUP_WARDEN_BEARER_TOKEN=super-secret-bearer-token
CGROUP_wARDEN_CERTIFICATE=/path/to/certificate
CGROUP_WARDEN_PRIVATE_KEY=/path/to/key
CGROUP_WARDEN_INSECURE_MODE=false
...

Contribute

Contributions are welcomed. To contribute, fork this repository on GitHub and submit a pull request with your proposed changes. Bug reports and feature requests are also appreciated, and can be made via GitHub Issues.

About

cgroup monitoring and resource control daemon

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 1

v0.1.9 Latest
Jan 9, 2025

Packages

No packages published

Contributors 2

  •  
  •  

Languages