Added new topics on kernel controld groups.

DC-SLES-kernel-control-groups

@@ -0,0 +1,18 @@
+# This file originates from the project https://github.com/openSUSE/doc-kit
+# This file can be edited downstream.
+
+## Basics
+MAIN="kernel-control-groups.asm.xml"
+SRC_DIR="articles"
+IMG_SRC_DIR="images"
+
+## Profiling
+PROFOS="sles"
+PROFCONDITION="16.0"
+#PROFARCH="x86_64;zseries;power;aarch64"
+
+DOCBOOK5_RNG_URI="urn:x-suse:rng:v2:geekodoc-flat"
+
+## stylesheet location
+STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns"
+FALLBACK_STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2021-ns"

articles/kernel-control-groups.asm.xml

@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?xml-model href="https://cdn.docbook.org/schema/5.2/rng/assemblyxi.rnc"
+type="application/relax-ng-compact-syntax"?>
+<!DOCTYPE assembly
+[
+<!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+%entities;
+]>
+<!-- refers to https://github.com/SUSE/doc-sle/blob/main/xml/systemd.xml -->
+<assembly version="5.2" xml:lang="en"
+xmlns:xlink="http://www.w3.org/1999/xlink"
+xmlns:trans="http://docbook.org/ns/transclusion"
+xmlns:its="http://www.w3.org/2005/11/its"
+xmlns="http://docbook.org/ns/docbook">
+<!-- R E S O U R C E S -->
+<!-- concepts -->
+<resources>
+<resource href="../concepts/cgroups-about.xml" xml:id="_cgroups-about"/> 
+</resources>
+<!-- glue 
+<resources><resource></resource></rersources> 
+-->
+<!-- tasks 
+<resources><resource></resource></rersources> 
+-->
+<!-- references 
+ <resources><resource></resource></rersources>
+ -->
+<!-- Appendix-->
+<resources>
+<resource href="../common/legal.xml" xml:id="_legal">
+<description>Legal Notice</description>
+</resource>
+<resource href="../common/license_gfdl1.2.xml" xml:id="_gfdl">
+<description>GNU Free Documentation License</description>
+</resource>
+</resources>
+<structure renderas="article" xml:id="sles-kernel-control-groups">
+<merge>
+<title>Understanding Kernel Control Groups</title>
+<!-- History -->
+<revhistory xml:id="rh-sles-kernel-control-groups">
+<revision><date>2026-09-04</date>
+<revdescription>
+<para>
+Initial version
+</para>
+</revdescription>
+</revision>
+</revhistory>
+<!-- Maintainer -->
+<meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+<!-- Architecture -->
+<meta name="architecture" its:translate="no">
+<phrase>&x86-64;</phrase>
+<phrase>&power;</phrase>
+<phrase>&zseries;</phrase>
+<phrase>&aarch64;</phrase>
+</meta>
+<!-- Productname & Version -->
+<meta name="productname">
+<productname version="16.0" os="sles;sles4sap">&productname;</productname> 
+</meta>
+<!-- Social Media -->
+<meta name="title">Understanding Kernel Control Groups</meta>
+<meta name="description">
+How to use Kernel Control Groups.
+</meta>
+<!-- Search -->
+<meta name="social-descr">Kernel Control Groups</meta>
+<!-- Task -->
+<meta name="task" its:translate="no">
+<phrase>Configuration</phrase>
+<phrase>Storage</phrase>
+<phrase>Maintenance</phrase>
+<phrase>Administration</phrase>
+</meta>
+<!-- Series -->
+<meta name="series" its:translate="no">Products &amp; Solutions</meta>
+
+<dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
+<dm:bugtracker>
+<dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url>
+<dm:component>Documentation</dm:component>
+<dm:product os="sles">SUSE Linux Enterprise Server 16.0</dm:product>
+<dm:product os="sles4sap">SUSE Linux Enterprise Server 16.0</dm:product> 
+<dm:assignee>shalaka.harne@suse.com</dm:assignee>
+</dm:bugtracker>
+<dm:translation>yes</dm:translation>
+</dm:docmanager>
+<abstract>
+<variablelist>
+<varlistentry>
+<term>WHAT?</term>
+<listitem>
+<para>
+From granular resource allocation to real-time performance monitoring and isolation, control groups (cgroups) enable you to manage how system resources like CPU, memory, and network bandwidth are distributed among your processes in an organized way.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>WHY?</term>
+<listitem>
+<para>
+This article provides a comprehensive overview of managing system resources and process isolation through the use of kernel control groups (cgroups).
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>EFFORT</term>
+<listitem>
+<para>
+The average reading time of this article is approximately 30 minutes.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>GOAL</term>
+<listitem>
+<para>
+ You will be able to manage and isolate your system's hardware resources efficiently using kernel control groups (cgroups).
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>REQUIREMENTS</term>
+<listitem>
+    <itemizedlist><listitem><para>System must be configured to use the modern unified hierarchy to access the full range of resource controllers and avoid legacy v1 limitations.</para></listitem>
+<listitem><para>Use use Btrfs, Ext4, or XFS to ensure the kernel can properly track and charge background I/O operations to the correct groups.</para></listitem>
+<listitem><para>Ensure that BFQ scheduler must be active on your block devices to enable the proportional weighting and prioritization of disk traffic.</para></listitem>
+<listitem><para>Ensure that you use systemd as your primary management interface to define resource limits through systemctl or dedicated unit files.</para></listitem>
+<listitem><para>For resource management within non-root user sessions, you must explicitly delegate controllers to the user's systemd instance via drop-in configuration files.</para></listitem>
+</itemizedlist>
+</listitem>
+    </varlistentry>
+</variablelist>
+</abstract>
+</merge>
+<module renderas="section" resourceref="_cgroups-about"/>
+<module resourceref="_legal"/>
+<module resourceref="_gfdl">
+<output renderas="appendix"/>
+</module>
+</structure>
+</assembly>

concepts/cgroups-about.xml

@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="concept-about-cgroups"
+ role="concept" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>About Kernel Control groups</title>
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract>
+      <para>Kernel control groups provide a hierarchical framework for organizing processes to strictly monitor, isolate, and limit their consumption of system resources like CPU, memory, and I/O.
+      </para>
+    </abstract>
+  </info>
+  <para>
+   Every process is assigned to exactly one administrative control group (cgroup). These cgroups are organized into a unified hierarchical tree structure, allowing you to manage resource allocation for individual processes or entire branches of the hierarchy simultaneously. You can define specific limitations for system resources, including CPU, Memory, Disk I/O, and Network Bandwidth.</para>
+  <para>
+   On &productname;, &systemd; serves as the primary manager for cgroups, organizing all processes into logical units called slices. This integration provides a consistent interface for monitoring and setting resource properties across the OS.</para>
+ <para>To visualize your current system organization, use the <literal>systemd-cgls</literal> command to display the hierarchy tree.</para>
+<section><title>The Modern Unified Hierarchy (cgroup v2)</title>
+  <para>The Linux kernel previously supported two API variants (v1 and v2). &productnameshort; exclusively utilizes the unified (v2) hierarchy as the default and recommended mode.</para>
+  <variablelist><varlistentry><term>Unified (v2)</term>
+  <listitem><para>A single hierarchy where all resource controllers are managed under a unified structure, providing better consistency and easier resource accounting.</para></listitem>
+  </varlistentry>
+<varlistentry><term>Hybrid/Legacy (v1)</term>
+<listitem><para>In this mode controllers are spread across multiple v1 hierarchies—is considered legacy in &productnameshort; .</para></listitem>
+</varlistentry>
+</variablelist>
+</section>
+<section><title>Legacy cgroup Support</title>
+<para><literal>cgroup v1</literal> is functionally obsolete in &productname;. Many modern system features and container runtimes now require the unified v2 hierarchy to operate correctly. Use of the legacy mode should be restricted to environments with strict requirements for aging, incompatible applications.</para>
+<para>To force the system into the legacy hybrid hierarchy, you must append <code>systemd.unified_cgroup_hierarchy=0</code> as a kernel command-line parameter in the GRUB 2 boot loader. For detailed instructions on modifying boot parameters, refer to the &productnameshort; Administration Guide.</para>
+</section>
+<section><title>Resource accounting</title>
+<para>Organizing processes into different <literal>cgroups</literal> can be used to obtain per-cgroup resource consumption data. Activating accounting for one unit also implicitly activates it for all units in the same slice and all parent slices.</para>
+<itemizedlist><listitem><para>For per-unit setting, use directives like <code>MemoryAccounting=</code>.</para></listitem>
+<listitem><para>For global setting, edit <filename>/etc/systemd/system.conf</filename> with <code>DefaultMemoryAccounting=</code>.</para></listitem>
+</itemizedlist>
+</section>
+<section><title>Setting resource limits</title>
+<para>Limitations to <literal>cgroups</literal> are primarily set with the <literal>systemctl</literal> set-property command.</para>
+<screen>systemctl set-property [--runtime] <replaceable>NAME</replaceable> <replaceable>PROPERTY1=VALUE</replaceable><replaceable>[PROPERTY2=VALUE]</replaceable></screen>
+<itemizedlist><listitem><para><literal>NAME</literal>: A &systemd; service, scope, or slice name.</para></listitem>
+<listitem><para><literal>--runtime</literal>: Optional. Use this if you do not want values to persist after reboot.</para></listitem>
+<listitem><para><literal>PROPERTY</literal>: Properties such as <literal>CPU</literal>, <literal>Memory</literal>, <literal>Tasks</literal>, <literal>I/O</literal>, and <literal>Network</literal>.</para></listitem>
+</itemizedlist>
+</section>
+<section id="sec-tuning-cgroups-tasksmax">
+  <title>Preventing Fork Bombs with <literal>TasksMax</literal></title>
+  <para>
+    <systemitem class="daemon">systemd</systemitem> supports configuring task count limits 
+    to prevent runaway processes from crashing the system. While upstream 
+    <systemitem class="daemon">systemd</systemitem> sets strict limits (typically 15% 
+    of the kernel global limit), &slea; defaults to <literal>infinity</literal> 
+    to provide maximum flexibility for diverse workloads.
+  </para>
+
+  <section id="sec-tasksmax-overriding-defaults">
+    <title>Overriding Defaults</title>
+    <para>
+      To prevent system crashes from unintended process proliferation, you can 
+      set a global default limit. For example, to set a limit of 256 tasks per 
+      unit, create a drop-in configuration file at 
+      <filename>/etc/systemd/system.conf.d/90-system-tasksmax.conf</filename>:
+    </para>
+<screen>[Manager]
+DefaultTasksMax=256</screen>
+    <para>
+      After creating the file, reload the <systemitem class="daemon">systemd</systemitem> 
+      manager configuration and verify the change:
+    </para>
+<screen><command>sudo systemctl daemon-reload</command>
+<command>systemctl show --property DefaultTasksMax</command>
+DefaultTasksMax=256</screen>
+    <important>
+      <para>
+        Setting this value too low can cause services like databases or web 
+        servers to fail with "Resource temporarily unavailable" errors. Always 
+        calibrate the <literal>TasksMax</literal> value based on the specific 
+        threading requirements of your application.
+      </para>
+    </important>
+  </section>
+</section>
+</topic>