CGroups for simple resources isolation and management

During migration from bare metal servers to cloud VMs I have met some problem with performance of puppet services. Basically every puppet-agent run consumes a lot of resources like CPU and memory. For any small box at AWS, Softlayer or any other 1 CPU, 1GB RAM machine there is 100% resources usage if puppet runs (ruby needs). The easiest way to control that resources usage was actually to introduce some of technologies used by virtualisation itself!

The best known technology is CGroups. Most of virtualisation techniques (like LXC, Docer) use Cgroups for resource isolation and management. It allows to control cpu shares, memory, devices and many more. It is easy, configurable and built in into Linux kernel. Also allows to run simple daemon which apply CGroups rules in real time for each new PID.

I have prepared some basic CGroups Puppet module and test so please have a look if you meet that needs as well.

Resource summary: