Linux-Docker container resource control

Others 2021-01-28 06:10:51 views: null

Docker resource control

1.Namespace (name space)

​ The Linux kernel provides 6 Namespce-isolated system call tools.

The main purpose of the Linux kernel to achieve namespace is to achieve lightweight virtualization technology services. Processes under the same namespace are united to perceive each other's changes, but they don't know anything about external processes. In this way, the process in the container can produce an illusion, as if you are in an independent system environment to achieve isolation between the container and the host, and the container and the container.

[root@docker ns]# pwd
/proc/17/ns
[root@docker ns]# ll
总用量 0
lrwxrwxrwx 1 root root 0 8月  26 13:54 ipc -> ipc:[4026531839]
lrwxrwxrwx 1 root root 0 8月  26 13:54 mnt -> mnt:[4026531840]
lrwxrwxrwx 1 root root 0 8月  26 13:54 net -> net:[4026531956]
lrwxrwxrwx 1 root root 0 8月  26 13:54 pid -> pid:[4026531836]
lrwxrwxrwx 1 root root 0 8月  26 13:54 user -> user:[4026531837]
lrwxrwxrwx 1 root root 0 8月  26 13:54 uts -> uts:[4026531838]
Namespce System call parameters Explanation
IPC CLONE_NEWIPC Shared memory, semaphores, and message queues
MNT CLONE_NEWNS Mount point, file system
NET CLONE_NEWNET Network equipment, network stack, port
PID CLONE_NEWPID Process number
USER CLONE_NEWUSER user group
UTS CLONE_NEWUTS Host name, domain name

2. Cgroup (control group)

Docker controls the resource quotas used by containers through Cgroups, including the three major aspects of CPU, memory, and disk, which basically cover common resource quotas and usage control.

Four functions of Cgroup

Features Explanation
Resource limit Cgroup can limit the total amount of resources used by the process group
Priority assignment Through the number of allocated cpu time slices and the size of hard disk IO bandwidth, it is actually equivalent to controlling the priority level of process operation
Resource Statistics Cgroup can count system resource usage, such as cpu usage time, memory usage, etc., for billing by volume. At the same time, it also supports the suspend function, which means that all resources are restricted through cgroups, and no resources can be used, thereby realizing the effect of restriction.
Process control Suspend and resume operations on the process group 
[root@docker ~]# cd /sys/fs/cgroup/
[root@docker cgroup]# cat tasks

PS: The number in the task file is the process number (PID)

[1] Memory limit (Swap)

​ There are two parts of the memory that the container can use: physical memory and swap

​ Docker controls the usage of container memory through the following two sets of parameters

-m or --memory: set memory usage limit

--Memory-swap: set memory + swap (virtual memory) usage limit

grammar:

[root@docker ~]# docker run -itd --name test1 -m 100MB  --memory-swap 200MB  centos:7
9e111ce3fab70649e543abfae484ad421955e61c0999fff1061fa07261ba5b42

PS: This command means to run a test1 container, set the memory limit to 100MB, and the swap limit to 100MB

--Memory-swap 200MB means the limit of physical memory plus the limit of swap

[2] CPU weight

​ Docker sets the CPU weight of the container through -c or --cpu-shares

grammar:

[root@docker ~]# docker run -itd --name  test2 -c 512 centos:7 
78bcc848e492493b2ebbcfd5425acf08375e724e3c8efa4f640cf9b12c80dda0
[root@docker ~]# cat /sys/fs/cgroup/cpu/docker/78bcc848e492493b2ebbcfd5425acf08375e724e3c8efa4f640cf9b12c80dda0/cpu.shares 
512

If the CPU weight is not set, the default value is 1024

[root@docker ~]# docker run -itd --name  test3  centos:7 
33a6f595bfe5e13ec7984924116a01d695ff1babfc945f27c2487d745b762f43
[root@docker ~]# cat /sys/fs/cgroup/cpu/docker/33a6f595bfe5e13ec7984924116a01d695ff1babfc945f27c2487d745b762f43/cpu.shares 
1024

[3] Block IO (disk read and write)

​ Block IO is another resource that can limit the use of containers. Block IO refers to disk read and write, docker can control the bandwidth of the container to read and write disks by setting weights to limit bps and iops.

(1) Block IO weight

By default, all containers can read and write to the disk equally. You can change the priority of the container's Block IO by setting the **–blkio-weight parameter. –blkio-weight** is similar to –cpu-shares , and the relative weight is set Value, the default is 500.

grammar:

[root@docker ~]# docker run -itd  --name  test4 --blkio-weight 600 centos:7 
56f7e1f61515e1ad25d411433b17f0a0c4d9dbed7542fc0b900c72718534c70c
[root@docker ~]# docker run -itd  --name  test5 --blkio-weight 300 centos:7 
773323490ab3551c712d39b92067da8e89f28408c624c353a783e158bffd662e

The meaning of this command is: the bandwidth of test4 to read and write disk is twice that of test5

We can see the value of Block IO under /sys/fs/cgroup/blkio/docker

[root@docker ~]# cd /sys/fs/cgroup/blkio/docker/
[root@docker docker]# ls
33a6f595bfe5e13ec7984924116a01d695ff1babfc945f27c2487d745b762f43
56f7e1f61515e1ad25d411433b17f0a0c4d9dbed7542fc0b900c72718534c70c
773323490ab3551c712d39b92067da8e89f28408c624c353a783e158bffd662e
78bcc848e492493b2ebbcfd5425acf08375e724e3c8efa4f640cf9b12c80dda0
9e111ce3fab70649e543abfae484ad421955e61c0999fff1061fa07261ba5b42
b0367fa81428311db4f253a0e7c7c7867e5274cb5730e5b6d3bf6abe64918a57
......

(2) Limit bps and iops

  • bps is the amount of data read and written per second

  • iops is the number of IO operations per second

The bps and iops of the container can be restricted by the following parameters

parameter Explanation
–device-read-bps Display the bps of reading a device
–device-write-bps Display the bps written to a device
–device-read-iops Display read iops of a device
–device-write-iops Show iops written to a device

grammar:

PS: Set the container of testA, the bps written to the /dev/sda disk per second is 30MB, input from /dev/zero, and then output to the test.out file, each time the size is 1M, a total of 800 times, oflag=direct Used to specify directIO to write files, so that -devicewrite-bps will take effect.

The final 26 seconds can also be calculated by the algorithm 800/30=26, the remainder is 20

[root@docker docker]# docker run -it --name testA  --device-write-bps /dev/sda:30MB centos:7 
[root@cafef7d06315 /]# time dd if=/dev/zero of=test.txt bs=1M count=800 oflag=direct
800+0 records in
800+0 records out
838860800 bytes (839 MB) copied, 26.6187 s, 31.5 MB/s

real	0m26.621s
user	0m0.001s
sys	0m0.540s

When running an unrestricted container, check the rate

[root@docker docker]# docker run -it --name testB  centos:7
[root@21696c42c1e6 /]# time dd if=/dev/zero of=test.txt bs=1M count=800 oflag=direct
800+0 records in
800+0 records out
838860800 bytes (839 MB) copied, 2.95036 s, 284 MB/s

real	0m2.952s
user	0m0.000s
sys	0m0.781s

The syntax of iops is the same as that of bps. Try to figure out the steps by yourself

Guess you like

Origin blog.csdn.net/weixin_45191791/article/details/108285379
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com