How can one restrict the number of CPU cores each user can use?

permissions users administration multi-core

We have a computer whose CPU has 32 cores and it's going to be used for running programs by a few different users. Is there any way to restrict the number of cores each user can use at any time so that one user will not monopolize all the CPU power?


Solution 1:

While this is possible, it is complicated and almost certainly a bad idea. If only one user is using the machine at the moment, restricting them to N cores is a waste of resources. A far better approach would be to run everything with nice:

NAME
       nice - run a program with modified scheduling priority

SYNOPSIS
       nice [OPTION] [COMMAND [ARG]...]

DESCRIPTION
       Run  COMMAND  with an adjusted niceness, which affects process scheduling.  With
       no COMMAND, print the current niceness.  Niceness values range  from  -20  (most
       favorable to the process) to 19 (least favorable to the process).

This is a great tool that sets the priority of a process. So if only one user is running something, they'll get as much CPU time as they need, but if someone else launches their own (also niced) job, they will be nice and share with each other. That way, if your users all launch commands with nice 10 command, nobody will be hogging resources (and nobody will bring the server to its knees).

Note that a high nice value means a low priority. This is a measure of how nice we should be and the nicer we are, the more we share.

Also note that this will not help manage memory allocation, it only affectes CPU scheduling. So if multiple users launch multiple memory-intensive processes, you will still have a problem. If that's an issue, you should look into proper queuing systems such as torque.

Solution 2:

TL;DR: From brief research it appears it is possible to restrict commands to specific number of cores, however in all cases you have to use a command which actually enforces the restriction.

cgroups

Linux has cgroups which is frequently used exactly for the purpose of restricting resources available to processes. From a very brief research, you can find an example in Arch Wiki with Matlab ( a scientific software ) configuration set in /etc/cgconfig.conf:

group matlab {
    perm {
        admin {
            uid = username;
        }
        task {
            uid = username;
        }
    }

    cpuset {
        cpuset.mems="0";
        cpuset.cpus="0-5";
    }
    memory {
        memory.limit_in_bytes = 5000000000;
    }
}

In order for such config to take effect, you have to run the process via cgexec command, e.g. from the same wiki page:

$ cgexec -g memory,cpuset:matlab /opt/MATLAB/2012b/bin/matlab -desktop

taskset

A related question on Ask Ubuntu and How to limit a process to one CPU core in Linux? [duplicate] on Unix&Linux site show an example of using taskset to limit the CPUs for the process. In the first question, it's achieved through parsing all processes for a particular user

$ ps aux | awk '/^housezet/{print $2}' | xargs -l taskset -p 0x00000001

In the the other question, a process is started via taskset itself:

$ taskset -c 0 mycommand --option  # start a command with the given affinity

Conclusion

While it is certainly possible to limit processes, it seems it's not so simple to achieve that for particular users. The example in linked Ask Ubuntu post would require consistent scanning for processes belonging to each user and using taskset on each new one. A far more reasonable approach would be to selectively run CPU intensive applications, either via cgexec or taskset; it also makes no sense to restrict all processes to specific number of CPUS, especially for those that actually make use of parallelism and concurrency to run their tasks faster - limiting them to specific number of CPUs can have the effect of slowing down the processing. Additionally, as terdon's answer mentioned it's a waste of resources

Running select applications via taskset or cgexec requires communicating with your users to let them know what applications they can run, or creating wrapper scripts which will launch select applications via tasksel or cgexec.

Additionally, consider setting number of processes a user or group can spawn instead of setting limit on number of CPUs. This can be achieved via /etc/security/limits.conf file.

See also

  • How to limit resource usage for a given process?

Related

Select -> option abstraction
Return a download and rendered page in one Flask response
Swing's KeyListener and multiple keys pressed at the same time
Rand() % 14 only generates the values 6 or 13
What causes "'void' type not allowed here" error
How to use .jar files in NetBeans?
C++ preprocessor #define-ing a keyword. Is it standards conforming?
What is the difference between auto-fill and auto-fit?
Method 'application:openURL:options:' is not called
Why should I not try to use "this" value after "delete this"?
Why media queries has less priority than no media queries css
CSS3 animation not working in safari