table of Contents
A .docker Resource Management Overview
III. Optimize memory resources
III. Optimize disk I / O read and write
A .docker Resource Management Overview
- Since the host can put a plurality of containers, by default, there is no limit on the container mirror Docker hardware resources
- When the container load is too high will take up host resources as much as possible, so sometimes we need to use resources to set an upper limit for container
- Use systemctl-cgtop dynamic view of the use of various resources (resource allocation according to the situation of the docker container)
[root@cloud ~]# systemd-cgtop
Path Tasks %CPU Memory Input/s Output/s
/ 55 4.5 2.7G - -
/system.slice - 3.6 468.6M - -
/system.slice/aegis.service 3 3.3 109.5M - -
/user.slice 3 0.9 11.0M - -
/system.slice/containerd.service 1 0.2 83.0M - -
/system.slice/aliyun.service 1 0.0 2.4M - -
/system.slice/tuned.service 1 0.0 13.0M - -
/system.slice/rsyslog.service 1 0.0 2.9M - -
/system.slice/atd.service 1 - - - -
/system.slice/auditd.service 1 - 1.3M - -
/system.slice/chronyd.service 1 - 532.0K - -
/system.slice/crond.service 1 - 716.0K - -
/system.slice/dbus.service 1 - 36.0K - -
/system.slice/docker.service 1 - 228.5M - -
/system.slice/lvm2-lvmetad.service 1 - - - -
/system.slice/network.service 1 - 1.9M - -
/system.slice/polkit.service 1 - 7.9M - -
- Docker resources for the control, respectively, by memory, CPU, disk read and write, etc., described in detail below
The Optimizing .CPU resources
- By default, each container can use all CPU resources on the host, but the resource scheduling system used by most CFS (Completely Fair Scheduler)
- CFS fair scheduling each worker process
- Process is divided into two types of CPU-intensive and intensive IO
- The system kernel will process real-time monitoring system, when a process CPU resources for too long, the kernel will adjust the process priority
- Here are some of the parameters of the docker command limit cpu resources
| parameter name | Explanation |
| --cpu-shares | cpu resources provides a set of containers, the container used in the group scale cpu resources, resource load hit cpu occupied container (compression ratio in accordance with the allocation), Be up and running when idle, cpu resources will be allocated to other containers |
| --cpus=value |
Specifies the number of cpu core |
| --cpuset-cpus | Specified container can only run on the cpu core (binding cpu); core number using 0,1,2,3 |
| --cpu-quota | The upper limit of the specified percentage of cpu |
-
View cpu Linux system details
##查看详细信息
[root@cloud ~]# cat /proc/cpuinfo
##查看CPU的核数
[root@cloud ~]# cat /proc/cpuinfo | grep "processor"
processor : 0
processor : 1
[root@cloud ~]#
-
For the cpu usage restrictions
## --name 指定容器的名字
## --cpu-quota 200000 指定该容器对于cpu的使用率上限是20%
[root@cloud ~]# docker run --name c0 --cpu-quota 200000 nginx:latest
[root@cloud ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a0222c54f1a nginx:latest "nginx -g 'daemon of…" About an hour ago Up 1 second 80/tcp c0
[root@cloud ~]#
-
For the proportional allocation of cpu
##-i表示输入,-t表示绑定终端,-d表示开启守护进程
[root@cloud ~]# docker run -itd --name c1 --cpu-shares 512 httpd
cfa4b5f14f75ef2f30d884d11341582396401c767675a11b43e029a40a1ea207
[root@cloud ~]# docker run -itd --name c2 --cpu-shares 1024 httpd
118e74d7fa84f5d1fcac7e6ed028e185fde6d2c6edceab89a10ab609d7bd9052
[root@cloud ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
118e74d7fa84 httpd "httpd-foreground" 9 seconds ago Up 8 seconds 80/tcp c2
cfa4b5f14f75 httpd "httpd-foreground" 20 seconds ago Up 18 seconds 80/tcp c1
2a0222c54f1a nginx:latest "nginx -g 'daemon of…" 2 hours ago Exited (0) 2 minutes ago c0
[root@cloud ~]#
- For the cpu limit the number of nuclear
[root@cloud ~]# cat /proc/cpuinfo | grep processor
processor : 0
processor : 1
[root@cloud ~]# docker run -itd --name c3 --cpuset-cpus 0,1 httpd
271eaa8de989f1decf23ddada071db801348e607c6a4ed3b6ee2ad0671482d4a
[root@cloud ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
271eaa8de989 httpd "httpd-foreground" 5 seconds ago Up 4 seconds 80/tcp c3
118e74d7fa84 httpd "httpd-foreground" 3 minutes ago Up 3 minutes 80/tcp c2
cfa4b5f14f75 httpd "httpd-foreground" 3 minutes ago Up 3 minutes 80/tcp c1
2a0222c54f1a nginx:latest "nginx -g 'daemon of…" 2 hours ago Exited (0) 6 minutes ago c0
[root@cloud ~]#
III. Optimize memory resources
- By default, the container Docker no memory limit, i.e., the container can be used all the memory provided by the host.
- If the container does not restrict the memory, it will cause some danger. For example, a container of memory consumption to run malicious software, or code has memory leaks, is likely to lead host memory is exhausted, resulting in service is unavailable.
- For the above case, the docker daemon Docker sets OOM (out of memory) value, so as to decrease the priority low memory killed. Further, the upper limit of the memory may be provided for each container, once exceeded this limit, the container will be killed, without consuming the memory of the host
- Although, even though it can limit memory limit to protect the host, but it could also hurt the container service. If the memory is too small to set the upper limit of the service, will lead the service still works fine when he was killed OOM. If set too large, because wasting memory scheduler algorithm. Reasonable approach include:
1. The memory for the application to do stress tests, to understand memory when used under normal business needs, then use to enter the build environment
2. The upper limit memory use container
3. as far as possible to ensure adequate resources to host, once found by monitoring the lack of resources, it is for expansion or migration of the container
4. If sufficient memory resources, minimize the use of swap, the swap would cause a memory computational complexity of the scheduler very unfriendly
- In docker boot parameters, and memory limitations associated comprise (parameter generally refers to the memory size, the memory units respectively b (bytes), k (kb), m (mb), g (gb)), the parameters are as follows :
| parameter | Explanation |
| -m or --memory | The maximum memory size of the container can be used, for the minimum 4m |
| --memory-swap | size of the container can be used to swap |
| --memory-swappiness | By default, the host may use anonymous containers page (anonymous page) swap out, you can be set a value between 0-100, representatives Allowing the swap out of proportion |
| --memory-reservation | Setting a soft limit memory usage, if found insufficient docker host memory, OOM will perform the operation. This value must be less than the set value -m |
| --kernel-memory | kernel memory size of the container can be used, for the minimum 4m |
| --oom-kill-disable | Time is running OOM kill container. Only set -m, you can put this option is false, otherwise the container will run out of host memory, and causing the host application is killed |
- Examples are as follows
[root@cloud ~]# free -m
total used free shared buff/cache available
Mem: 3789 223 664 0 2900 3282
Swap: 0 0 0
[root@cloud ~]# docker run -itd --name c4 -m 512m httpd:latest
a1834d69cb55e6809211d381d6ca7c2acfe52cbc11be37293f48c2bfb52e2d0a
[root@cloud ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a1834d69cb55 httpd:latest "httpd-foreground" 5 seconds ago Up 4 seconds 80/tcp c4
271eaa8de989 httpd "httpd-foreground" 28 minutes ago Exited (0) 27 minutes ago c3
118e74d7fa84 httpd "httpd-foreground" 32 minutes ago Exited (0) 27 minutes ago c2
cfa4b5f14f75 httpd "httpd-foreground" 32 minutes ago Exited (0) 27 minutes ago c1
2a0222c54f1a nginx:latest "nginx -g 'daemon of…" 2 hours ago Exited (0) 34 minutes ago c0
[root@cloud ~]#
- Observe resource usage docke container
[root@cloud ~]# docker stats
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
a1834d69cb55 c4 0.00% 14.1MiB / 512MiB 2.75% 0B / 0B 0B / 0B 82
III. Optimize disk I / O read and write
- IO resources, the operating system is also a very important resource, often contain read and write to the hard drive, network data exchange, etc.
- The method of controlling write hard container:
1. Set the hard disk to read and write resources container weight
2. limit bps (data amount) and IOPS (times)
bps: byte per second, number of bytes to read per second (, i.e., read and write rates)
iops: the number of io per second, IO per second
- Set weight
When using docker run starting container supply parameters --blkio-weight int priority can help us to control container disk read and write (block IO) of
- Restrictions bps and iops
1 .-- device-read-bps (restrictions reading a device bps)
2 .-- device-write-bps (bps writing a restriction device)
3 .-- device-read-iops (restrictions reading a device iops)
4 .-- device-write-iops (iops a limit writing device)
- Examples
