Docker 讀書心得小記 - Resource limit - Memory limit
OS: openSUSE Leap 42.3 in Azure
根據書上的練習, 要針對 container 來進行 cpu 與 memory 的限制
# docker run -d --name nginx-test --cpu-shares 512 --memory 128M -p 8080:80 nginx
WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.
77af042d43b9e19cab169c369de3f47b0011bf1677df76c40d0df4536581cd5c
Swap limit 搜尋了一下解法要去修改 /etc/default/grub
在GRUB_CMDLINE_LINUX 內加入 cgroup_enable=memory swapaccount=1
openSUSE Leap 42.3 in Azure 的 /etc/default/grub
GRUB_DISTRIBUTOR=openSUSE-Leap-42.3-Azure\ \[\ VMX\ \]
GRUB_DEFAULT=0
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=10
GRUB_CMDLINE_LINUX=" root=/dev/disk/by-uuid/1c5711ac-7841-42e0-9517-88997b16cd30 disk=/dev/sda resume=swap USE_BY_UUID_DEVICE_NAMES=1 earlyprintk=ttyS0 console=ttyS0 rootdelay=300 net.ifnames=0 quiet"
GRUB_TERMINAL=gfxterm
GRUB_GFXMODE=800x600
GRUB_GFXPAYLOAD_LINUX=keep
GRUB_THEME="/boot/grub2/themes/openSUSE/theme.txt"
GRUB_BACKGROUND="/boot/grub2/themes/openSUSE/background.png"
我桌機的 openSUSE Leap 42.3 的 /etc/default/grub
# cat /etc/default/grub | egrep -v '^#|^$'
GRUB_DISTRIBUTOR=
GRUB_DEFAULT=saved
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=8
GRUB_CMDLINE_LINUX_DEFAULT="resume=/dev/sda1 splash=silent quiet showopts"
GRUB_CMDLINE_LINUX=""
GRUB_TERMINAL="gfxterm"
GRUB_GFXMODE="auto"
GRUB_BACKGROUND=/boot/grub2/themes/openSUSE/background.png
GRUB_THEME=/boot/grub2/themes/openSUSE/theme.txt
SUSE_BTRFS_SNAPSHOT_BOOTING="true"
GRUB_DISABLE_OS_PROBER="false"
GRUB_ENABLE_CRYPTODISK="n"
GRUB_CMDLINE_XEN_DEFAULT="vga=gfx-1024x768x16"
修改後的
openSUSE Leap 42.3 in Azure 的 /etc/default/grub
GRUB_DISTRIBUTOR=openSUSE-Leap-42.3-Azure\ \[\ VMX\ \]
GRUB_DEFAULT=0
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=10
GRUB_CMDLINE_LINUX=" root=/dev/disk/by-uuid/1c5711ac-7841-42e0-9517-88997b16cd30 disk=/dev/sda resume=swap USE_BY_UUID_DEVICE_NAMES=1 earlyprintk=ttyS0 console=ttyS0 rootdelay=300 net.ifnames=0 quiet cgroup_enable=memory swapaccount=1"
GRUB_TERMINAL=gfxterm
GRUB_GFXMODE=800x600
GRUB_GFXPAYLOAD_LINUX=keep
GRUB_THEME="/boot/grub2/themes/openSUSE/theme.txt"
GRUB_BACKGROUND="/boot/grub2/themes/openSUSE/background.png"
然後如何更新 grub2 呢?
update-grub 不是 openSUSE 內的指令( 應該是 ubuntu 那邊的 )
要使用 grub2-mkconfig -o /boot/grub2/grub.cfg 這樣的指令方式來更新 grub
更新之前先觀察 grub.cfg 內有沒有 cgroup 設定
# grep cgroup /boot/grub2/grub.cfg
然後把設定檔備份下來等等比較
# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak
接下來更新 grub.cfg
# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found theme: /boot/grub2/themes/openSUSE/theme.txt
Found linux image: /boot/vmlinuz-4.4.104-39-default
Found initrd image: /boot/initrd-4.4.104-39-default
done
再次觀察設定, 這個時候就會發現剛剛寫在 /etc/default/grub 的設定更新到 grub.cfg 了
# grep cgroup /boot/grub2/grub.cfg
linux /boot/vmlinuz-4.4.104-39-default root=UUID=1c5711ac-7841-42e0-9517-88997b16cd30 root=/dev/disk/by-uuid/1c5711ac-7841-42e0-9517-88997b16cd30 disk=/dev/sda resume=swap USE_BY_UUID_DEVICE_NAMES=1 earlyprintk=ttyS0 console=ttyS0 rootdelay=300 net.ifnames=0 quiet cgroup_enable=memory swapaccount=1
linux /boot/vmlinuz-4.4.104-39-default root=UUID=1c5711ac-7841-42e0-9517-88997b16cd30 root=/dev/disk/by-uuid/1c5711ac-7841-42e0-9517-88997b16cd30 disk=/dev/sda resume=swap USE_BY_UUID_DEVICE_NAMES=1 earlyprintk=ttyS0 console=ttyS0 rootdelay=300 net.ifnames=0 quiet cgroup_enable=memory swapaccount=1
linux /boot/vmlinuz-4.4.104-39-default root=UUID=1c5711ac-7841-42e0-9517-88997b16cd30 root=/dev/disk/by-uuid/1c5711ac-7841-42e0-9517-88997b16cd30 disk=/dev/sda resume=swap USE_BY_UUID_DEVICE_NAMES=1 earlyprintk=ttyS0 console=ttyS0 rootdelay=300 net.ifnames=0 quiet cgroup_enable=memory swapaccount=1
重新開機讓他生效
# reboot
重新嘗試執行 docker run 加上限制
# docker run -d --name nginx-test --cpu-shares 512 --memory 128M -p 8080:80 nginx
9b49816193d4513dc3d52ef079c2d360ffc6b3ea559fa66bdcee51c31e548807
透過 docker stats 觀察
發現該 container 記憶體的部份就有 128MiB 限制了
# docker stats
CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
9b49816193d4 0.00% 9.078MiB / 128MiB 7.09% 1.3kB / 0B 8.04MB / 0B 2
想要實驗是否真的會限制到那個量
所以使用另外一個視窗 啟動 opensuse 的 container 並限制 128M 記憶體
# docker run -d -it --cpu-shares 512 --memory 128M opensuse /bin/bash
使用 docker exec 指令呼叫另外一個 /bin/bash
# docker exec -it CONTAINER_ID /bin/bash
在 container 內安裝 stress-ng
bash-4.3# zypper -y install stress-ng
使用 stress-ng 指令進行壓力測試
bash-4.3# stress-ng --vm 1 --vm-bytes 200M
觀察是否會超過 128M 使用量
:)
Reference:
~ enjoy it