Shulou(Shulou.com)06/02 Report--

I. docker resource restrictions

The ability to run docker depends on two features in the kernel, namespaces and CGroups. By default, the container has no resource restrictions, so it can deplete all the resources allocated to the container by internal nuclear power on the host. Therefore, in order to prevent the operation of a container from exhausting all the resources of the host, resource restrictions are needed. However, some features of resource constraints require the linux kernel to support Linux Capabilities. Before docker version 1.13, only CFS schedule (Completely Fair Scheduler full Fair Scheduler) was supported, and later versions also supported realtime schedule.

CFS schedule: every process has a priority. The priority of non-real-time processes ranges from 100 to 139. Schedule is a scheduler used to schedule these non-real-time processes. High-priority processes will be executed by cpu first.

Realtime schedule: real-time process scheduler. The priority of processes ranges from 0 to 99. Real-time schedule is a scheduler dedicated to scheduling real-time processes.

2. Memory and cpu resource limit parameters of docker

1. Cpu restrictions

-- cpus=: specifies how many available cpu resources a container can use. If it is a 4-core cpu, the container can only use cpu resources of 1.5 cores at most. If-- cpuset-cpus is not set, the 1.5 cores that can be used can be resources of any core. This option can only be used in versions above docker1.3

-- cpu-shares: allocate cpu resources proportionally to the container. If the cpu resources of other containers are free, Container 1 will use all cpu resources if necessary, and assign tasks to any core processing.

-- cpuset-cpus: specify which cpu cores can be used for the container. If cpu is 4 and 3, then each core is distinguished by the number 0-3. Setting this parameter to 0 core 1 means that the first and second cores of cpu can be used.

2. Memory and swap restrictions

Memory=: specifies the maximum amount of memory that can be used for the container. If the memory used by a process exceeds the limit, it may be dropped by kill.

-- memory-swap: specify the maximum amount of swap space that can be used for the container. This option can only be used if the-- memory parameter is used. If the-- memory parameter is not set, this parameter will not take effect.

-- memory-swappiness: sets the container's propensity to use swap, 0-100.

-- memory-reservation: the soft limit of memory used by the container, which means that it must be set to be smaller than-- memory. When the system memory is tight, it will reclaim the memory of this container with the value of reservation, so that the memory usage of the container will be reduced to the standard of reservation.

-- oom-kill-disable: whether to kill the container when oom occurs in the process in the container

Third, use the pressure testing tool for testing

[root@bogon ~] # docker pull lorel/docker-stress-ngUsing default tag: latestlatest: Pulling from lorel/docker-stress-ngc52e3ed763ff: Pull complete a3ed95caeb02: Pull complete 7f831269c70e: Pull complete Digest: sha256:c8776b750869e274b340f8e8eb9a7d8fb2472edd5b25ff5b7d55728bca681322Status: Downloaded newer image for lorel/docker-stress-ng:latest

1. Test memory

1.1.Unrestrict the use of cpu

[root@bogon ~] # docker container run-- name stress- it-- rm lorel/docker-stress-ng:latest-- cpu 8stress-ng: info: [1] defaulting to a 86400 second run per stressorstress-ng: info: [1] dispatching hogs: 8 cpu [root@bogon ~] # docker statsCONTAINER ID NAME CPU% MEM USAGE / LIMIT MEM% NET Imax O BLOCK I PIDS92b0b8d916c1 stress 101.54% 15.81MiB / 983.3MiB 1.61% 648B / 0B 0B / 0B 9 [root@bogon ~] # toptop-19:15:49 up 2 days 2:38, 2 users, load average: 7.02,3.00, 1.15Tasks: 131total, 10 running, 121 sleeping, 0 stopped, 0 zombie%Cpu (s): 99.7 us, 0.3 sy, 0.0 ni, 0.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 stKiB Mem: 1006892 total, 100680 free, 320704 used, 585508 buff/cacheKiB Swap: 2097148 total, 2096628 free, 520 used. 422732 avail Mem PID USER PR NI VIRT RES SHR S% CPU% MEM TIME+ COMMAND 40035 root 20 0 6908 4180 252 R 12.6 0.4 0 stress-ng-cpu 40037 root 20 0 6908 4180 252 R 12.6 0.4 0:12.78 stress-ng-cpu 40038 root 20 0 6908 2136 252 R 12.6 0.2 0:12.78 stress-ng-cpu 40040 root 20 0 6908 2136 252 R 12.6 0.2 0:12.78 stress-ng-cpu 40036 root 20 0 6908 2136 252 R 12.3 0.2 0:12.77 stress-ng-cpu 40039 root 20 0 6908 2136 252 R 12.3 0.2 0:12.78 stress-ng-cpu 40041 root 20 0 6908 4180 252 R 12.3 0.4 0:12.77 stress-ng-cpu 40042 root 20 0 6908 2136 252 R 12.3 0.2 0:12.77 stress-ng-cpu 1 root 20 0 128484 7208 4196 S 0.0 0.7 0:10.12 systemd

As you can see, cpu is full.

1.2. Restart the container to add the memory limit parameter

[root@bogon ~] # docker container run-- name stress--cpus=0.5-it-- rm lorel/docker-stress-ng:latest-- cpu 8stress-ng: info: [1] defaulting to a 86400 second run per stressorstress-ng: info: [1] dispatching hogs: 8 cpu [root@bogon ~] # docker statsCONTAINER ID NAME CPU% MEM USAGE / LIMIT MEM% NET Igamo BLOCK I PIDS845220ef9982 stress 51.57% 20.05MiB / 983.3MiB 2.04% 648B / 0B 0B / 0B 9

The set parameters take effect

2. Test memory

2.1. There is no limit on the use of memory. The pressure test specifies 2 memories, each 128m.

[root@bogon ~] # docker container run-- name stress- it-- rm lorel/docker-stress-ng:latest-- vm 2-- vm-bytes 128mstress-ng: info: [1] defaulting to a 86400 second run per stressorstress-ng: info: [1] dispatching hogs: 2 vm [root@bogon ~] # docker statsCONTAINER ID NAME CPU% MEM USAGE / LIMIT MEM% NET Igamo BLOCK I PIDSbeb3cfa10748 stress 99.29% 256.2MiB / 983.3MiB 26.05% 648B / 0B 0B / 0B 5

256m of memory is actually used.

2.2. Restart the container and add the memory limit

-- memory limits containers to 128m of memory

[root@bogon] # docker container run-- name stress- it-- memory=128m-- rm lorel/docker-stress-ng:latest-- vm 2-- vm-bytes 128mstress-ng: info: [1] defaulting to a 86400 second run per stressorstress-ng: info: [1] dispatching hogs: 2 vm [root@bogon ~] # docker statsCONTAINER ID NAME CPU% MEM USAGE / LIMIT MEM% NET I / O BLOCK 3.19MB O PIDSdecee18cb471 stress 99.47% 126.4MiB / 128MiB 98.77% 648B / 0B 3.19MB / 461MB 5

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.