Shulou(Shulou.com)06/02 Report--

Docker underlying technology:

The two underlying core technologies of docker are Namespaces and Control groups.

Namespace: is the core technology of container virtualization, which is used to isolate containers and resolve conflicts between containers.

It is mainly realized through the following six isolation technologies:

There are two pseudo file systems: / proc and / sys/

UTS: allows each container to have its own hostname (hostname) and domainname (domain name) so that it can be treated on the network as a separate node rather than a process on the Host. Process interaction in IPC:contaner still adopts the common inter-process interaction methods of linux, including common semaphores, message queues and shared memory. The inter-process interaction of container is actually the process interaction in the same pid on host. PID: processes of different users are isolated by pid namesapce, and different namespace can have the same pid. The parent process of all LXC (linux containers) processes in docker is the docker process, and each LXC process has a different namespace. NET: processes of different users are isolated by pidnamespace, and different namespace can have the same pid. The parent process of all LXC processes in docker is the docker process, and each lxc process has a different namespace. MNT: the mount point of the file system. USRE: each container can have different user and groupid, which means that programs can be executed within the container with users within the container instead of users on the Host. As long as these six items are decoupled, even if other system resources are shared, the computer thinks that they are in two different systems.

Cgroup (control program's occupation of resources)

The main purpose of implementing cgroup is to provide a unified interface for resource management at different user levels. From resource control of a single process to virtualization at the operating system level.

The role of cgroup:

1) Resource restrictions: cgroup can limit the total amount of resources used by the process group.

2) priority allocation: through the number of cpu time slices allocated and the disk IO bandwidth, it is actually equivalent to controlling the priority of the process.

3) Resource statistics: Cgroup can count the usage of system resources. For example, cpu usage time, memory usage and so on.

Can be used for postpaid.

4) process control: suspend, resume and other operations can be performed on the process group.

Application of cgroup:

1) restrictions on memory and swap partitions:

The container consists of two parts: physical memory and swap

In docker, you can use parameters to control the use of container memory:-m or-- memory: set memory usage limit-- memory-swap: set swap (swap partition) usage limit

/ / based on centos image, the memory is limited to 200m, and the memory of swap partition is 300m.

[root@sqm-docker01] # docker run-it-m 200m-- memory-swap 300m centos

Enter the container to view the limited memory:

[root@05a0be7b870a /] # cat / sys/fs/cgroup/memory/memory.limit_in_bytes 209715200 # shows the byte [root@05a0be7b870a /] # cat / sys/fs/cgroup/memory/memory.memsw.limit_in_bytes 314572800

2) Container limits on cpu:

Set the weight of the container experiment cpu through-c or-- cpu-shares. If it is not set, the default is 1024.

/ / based on centos image, run a container named containerB,cpu with a weight limit of 512: [root@sqm-docker01 ~] # docker run-it-- name containerB-c 512 centos [root@b2cf9f28ce1d /] # cat / sys/fs/cgroup/cpu/cpu.shares 512

3) limit the Block io of the container (disk read and write):

Bps: the amount of data read and written per second. Byte per second

Iops: the number of io per second. Io per second

-- device-read-bps: sets the bps of the reading device

-- device-write-bps: sets the bps of the writing device

-- device-read-iops: sets the iops of the reading device

-- device-write-iops: sets the iops of the writing device

/ / create a container named testA and limit the number of writes to the disk per second to 30MB. [root@sqm-docker01] # docker run-it-- name testA-- device-write-bps / dev/sda:30MB centos

Write data for testing:

Parameter explanation:

Infile= is extracted from / dev/zero

Outfile= customizes a name

The bs=1M file size is 1m

Count=800 wrote a total of 800 times.

Oflag=direct: used to specify the directory IO way to write the file, so that-- device-write-bps will take effect.

You can find that the number of writes per second is 80m, which takes about 26s.

When writing normally to disk:

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.