Article Directory
First, take a look first to see how these three indicators
1, first enter the docker container
docker exec -it b6bac438271d /bin/bash
2, view disk
3, view memory
4, see the cpu
Physical cpu: cpu number actually inserted on the motherboard, can not be repeated a number of physical id has several (physical id)
cpu Audit: Number chipset monolithic CPU can process data above
logic cpu: In general, the logic cpu = × number of physical CPU core pieces per
1.物理cpu数:[root@server ~]# grep 'physical id' /proc/cpuinfo|sort|uniq|wc -l
2.cpu核数:[root@server ~]# grep 'cpu cores' /proc/cpuinfo|uniq|awk -F ':' '{print $2}'
Note: the top command input, the following interface, then one can see the logic cpu, cpu utilization, and each core.
Note: The above look like this and look through these commands on the host, you will find docker container and the host are the same, Why is this?
First of all we need to know, share all the cpu, memory, disk and container resources of the default host docker, so this view is the same. In order to prevent individual containers because under attack, wantonly consume resources, but also caused the collapse of other containers, each container resources we need to limit how much. So there are two issues: how to look at it exactly? How these resources to limit the use of containers it?
Second, how accurate view of resource consumption of each container it?
Check Disk: Only the top like this look!
Check each container of memory, cpu consumption:
#宿主机上输入命令
docker stats #这是实时查看cpu、内存消耗情况
docker stats --no-stream #查看瞬间的cpu、内存消耗情况
Third, how to limit the use of each of these container resources it?
If we bought a cloud host, each host cloud disk, cpu, memory configuration have a clear, for example, I bought Ali cloud host is 40G hard drive, 1-core cpu, 2G of memory. The next step is we need the containers such restrictions.
1, cpu, memory limits
docker run -itd --cpuset-cpus=0-0 -m 4MB docker.io/jdeathe/centos-ssh /bin/bash
--cpuset-cpus:设置cpu的核数,0-0、1-1、2-2...(这种是绑定cpu,把本虚拟机绑定在一个逻辑cpu上);0-1、0-2、0-3和0,1、0,2、0,3(这两种形式都是指定多个逻辑cpu,每次随机使用一个逻辑cpu,相当于是共享cpu)
#注意:一个docker容器绑定一个逻辑cpu便于监控容器占用cpu的情况;而共享cpu可以更好利用cpu资源,而且要选好cpu调度算法!
-m:设置内存的大小
I set up two core cpu, its error: the
error means: error response daemon: CPU requested is not available - request 0-1, are available: 0.
Description our vmware virtual machine creation only gave 1-core, so there can not give two nuclear!
View cpu, memory limit if successful:
memory, cpu limit success! This view of the container of the way the number of cpu core does not know what to see! I later added a cpu, and then try the next, top command and by looking at cpuinfo文件
can not see the actual situation of a vessel occupied cpu resources!
2, disk size limit
(1) backup image container file
- Backup image
docker save docker.io/centos >/root/centos-image.tar
- Backup docker container
先docker commit把容器提交成镜像,再备份镜像即可
(2) modify the configuration file docker
docker configuration file: / etc / sysconfig / docker ( note not docker-storage file ), add the following code after the parameter OPTIONS:
OPTIONS='--storage-opt overlay2.size=40G'
Restart docker, given:
systemctl status docker.service -l
Note: project Quota (directory quotas)
explained: Overlay2 Docker disk drive mode, if you want to resize, need to make Linux file system is set to xfs, and directory-level disk quota feature;
(3) Next, we do support the directory-level disk quota feature
First, understand what support disk quotas directory?
A: The support is allocated in fixed size disk size directory. How to understand the size of the directory? A fixed-size hard disk will mount this directory, the directory size is the size of the hard disk. Contents can then allocate resources to specify the size of its hard disk files under
-
Add a new hard disk
Note: / dev / sdb is the disk I add! -
Xfs file system to format the hard disk format
mkfs.xfs -f /dev/sdb
- Create a data directory, data directory docker as follow;
mkdir /data/ -p
- Mounting data directory, and open the disk quota feature (default xfs support the quota function)
mount -o uquota,prjquota /dev/sdb /data/
#把/dev/sdb这块新建硬盘挂载到/data/,且让/data/目录支持目录级别和用户级别的配额!
The figure proves / size of the data directory has been limited! !
Then the directory-enabled disk directory quota is in support of the 20G / data / directory that can be allocated 20G disk size!
- View quota - configuration details, the command is as follows:
xfs_quota -x -c 'report' /data/
After running this command xfs_quota, displayed above, description, / data / directory has supported directory quota feature!
(4) from / data / docker / as a soft link to the / var / lib
mkdir /data/docker
rm -rf /var/lib/docker/
ln -s /data/docker/ /var/lib/
Like this, does not support the directory level disk quota feature of / var / lib / docker / directory, it becomes a support level directory of the disk quota feature soft link to / / var / lib / docker / directories under data / docker / directory
(5) docker load to load the backup image and run the container, view disk size
docker load < /root/centos-image.tar
docker run -itd --privileged --cpuset-cpus=0-1 -m 4048M docker.io/centos /bin/bash
Disk size is limited to 10G success!
4G memory size is limited to success!
3, the last point of attention
Whether it is to limit the size of the disk, or cpu, memory, they can not exceed the size of actually owning!
For example, I have this vmware memory is 4G, cpu two-core, hard disk 20G (because there can be quotas / data / directory only 20G), because the system is running centos also need to account for part of the memory, the container should not exceed the specified memory 3G , cpu no more than two cores (i.e., 0-0,1-1; can be 0-1), a hard disk not exceed 20G (15G less preferably)