Article Directory
One, Cgroup
Docker controls the resource quotas used by containers through Cgroup, including the three major aspects of CPU, memory, and disk, which basically covers common resource quotas and usage control
Cgroup is the abbreviation of Control Groups. It is a mechanism provided by the Linux kernel to limit, record, and isolate the physical resources (such as CPU, memory, disk IO, etc.) used by process groups.
These specific resource management functions are called Cgroup subsystems, which are implemented by the following major subsystems:
| blkio | Set restrictions on the input and output control of each block device, such as: disk, CD, usb, etc. |
|---|---|
| CPU | Use the scheduler to provide CPU access for cgroup tasks |
| cpuacct | Generate CPU resource report for cgroup tasks |
| cpuset | If it is a multi-core CPU, this subsystem will allocate separate CPU and memory for cgroup tasks |
| devices | Allow or deny cgroup task access to the device |
| freezer | Pause and resume cgroup tasks |
| memory | Set the memory limit of each cgroup and generate memory resource reports |
| net_cls | Mark each network packet for convenient use by cgroup |
| ns | Namespace subsystem |
| perf_event | Added detection and tracking capabilities for each group, which can detect all threads belonging to a specific group and threads running on a specific CPU |
Second, use the stress tool to test
Now start to use the stress test tool to test the CPU and memory usage, and use the stress tool to test the CPU and memory
#使用Dockerfile来创建一个stress镜像
cd /opt
mkdir stress
vim Dockerfile
FROM centos:7
MAINTAINER LIC
RUN yum install -y wget
RUN wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
RUN yum install -y stress
====>:wq
systemctl restart docker
docker build -t centos:stress .
1. Weight--cpu-shares
Use the following command to create a container. The -cpu-shares parameter value in the command does not guarantee 1 cpu or how many GHz of CPU resources can be obtained. It is only a flexible weighted value.
docker run -itd --cpu-shares 100 centos:stress
Note: By default, the CPU share of each Docker container is 1024. The share of a single container is meaningless. Only when multiple containers are running at the same time can the effect of the CPU weighting of the container be reflected.
For example, the CPU shares of two containers A and B are 1000 and 500, respectively. When the CPU allocates time slices, container A has twice the chance of obtaining CPU time slices than container B.
However, the result of the allocation depends on the running status of the host and other containers at the time. In fact, there is no guarantee that container A will get the CPU time slice. For example, the process of container A is always idle, then container B can obtain more CPU time slices than container A. In extreme cases, for example, if there is only one container running on the host, even if its CPU share is only 50, it can monopolize the CPU resources of the entire host.
Example: Open two containers, let them generate 10 sub-function processes, enter the container, and compare the CPU usage percentage with the top command
docker run -itd --name cpu512 --cpu-shares 512 centos:stress stress -c 10
docker run -itd --name cpu1024 --cpu-share 1024 centos:stress stress -c 10
docker ps
docker exec -it 容器id bash
top
2. CPU cycle limit --cpu-period, --cpu-quota
Docker provides two parameters --cpu-period and --cpu-quota to control the CPU clock cycles that the container can allocate.
1. –cpu-period is used to specify how long the container should redistribute the CPU usage.
2. –cpu-quota is used to specify the maximum amount of time that can be used to run the container in this cycle.
3. When –cpu-quota is a multiple of –cpu-period, use multiple CPUs
Unlike –cpu-stress, this configuration refers to an absolute value, and the container's use of CPU resources will never exceed the configured value.
The unit of cpu-period and cpu-quota is microsecond (μs). The minimum value of cpu-period is 1000 microseconds, the maximum value is 1 second (10^6μs), and the default value is 0.1 second (100000μs).
The default value of cpu-quota is -1, which means no control. The cpu-period and cpu-quota parameters are generally used in combination.
For example: the container process needs to use a single CPU for 0.2 seconds every 1 second. You can set the cpu-period to 1000000 (that is, 1 second) and the cpu-quota to 200000 (0.2 seconds).
Of course, in the case of multi-core, if the container process is allowed to completely occupy two CPUs, you can set the cpu-period to 100000 (that is, 0.1 second) and the cpu-quota to 200000 (0.2 seconds).
docker run -tid --cpu-period 100000 --cpu-quota 200000 centos:stress
docker ps
docker exec -it 容器id bash
cat /sys/fs/cgroup/cpu/cpu.cfs_period_us
cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us
3. CPU Core control--cpuset-spus
For servers with multi-core CPUs, Docker can also control which CPU cores the container runs, that is, use the –cpuset-cpus parameter. This is especially useful for servers with multiple CPUs, and can configure the best performance for containers that require high-performance computing.
docker run -itd --name cpu1 --cpuset-cpus 0-1 centos:stress
Executing the above command requires the host machine to be dual-core, which means that the created container can only use two cores of 0 and 1. After entering the container, you can use the following command to detect
cat /sys/fs/cgroup/cpuset/cpuset.cpus
The following command can view the binding relationship between the container process and the CPU core
docker exec 容器id taskset -c -p 1
3. Mixed use of CPU quota control parameters
Use the cpuset-cpus parameter to specify that container A uses CPU core 0, and container B only uses CPU core 1
on the host. Only these two containers use the corresponding CPU cores. They each occupy all the core resources, and cpu-shares have no obvious effect.
cpuset-cpus. The cpuset-mems parameter is only valid on servers with multi-core and multi-memory nodes, and must match the actual physical configuration, otherwise the purpose of resource control cannot be achieved.
When the system has multiple CPU cores, it is necessary to set the container CPU core through the cpuset-cpus parameter to facilitate the test.
docker stop `docker ps -qa`
docker run -itd --name cpu3 --cpuset-cpus 0 --cpu-shares 512 centos:stress stress -c 1
docker run -itd --name cpu4 --cpuset-cpus 2 --cpu-shares 1024 centos:stress stress -c 1
Four, memory limit
Similar to the operating system, the memory that the container can use includes two parts: physical memory and Swap.
Docker uses the following two sets of parameters to control the usage of container memory.
-m or –memory: Set the usage limit of (physical) memory, such as 100M, 1024M.
–memory-swap: Set the usage limit of memory + swap.
Executing the following command allows the container to use up to 200M of memory and 300M of swap
docker run -it -m 200M --memory-swap=300M progrium/stress --vm 1 --vm-bytes 280M
--vm 1:启动一个内存工作线程
--vm-bytes 280M:每个线程分配280M内存
By default, the container can use all the free memory on the host.
Similar to the cgroups configuration of the CPU, Docker will automatically create the corresponding cgroup configuration file for the container in the directory /sys/fs/cgroup/memory/docker/<container complete id>
If the memory allocated by the thread is greater than or equal to the set 300M, the stress thread reports an error and the container exits.
docker run -it -m 200M --momory-swap=300M progrium/stress --vm 1 --vm-bytes 300M
Five, Block IO restrictions
By default, all containers can read and write to the disk equally. You can change the priority of container block 10 by setting the -blkio-weight parameter.
–Blkio-weight is similar to –cpu-shares. It sets the relative weight value and the default is 500.
In the following example, the bandwidth of container A to read and write to the disk is twice that of container B.
docker run -it --name container_A --blkio-weight 600 centos:stress
cat /sys/fs/cgroup/blkio/blkio.weight
docker run -it --name container_B --blkio-weight 300 centos:stress
cat /sys/fs/cgroup/blikio.weight
1. Limitations of bps and iops
bps is byte per second, the amount of data read and written per second.
iops is io per second, the number of reads and writes per second.
The bps and iops of the container can be controlled by the following parameters:
–Device-read-bps, limit reading of bps of a certain device
–device-write-bps, limit writing of bps of a certain device
–device-read-iops, limit reading of iops of a certain device
–device-write-iops, limit Write the iops of a certain device
Example: Limit the rate at which the container writes /dev/sda to 5 MB/s.
docker run -it --device-write-bps /dev/sda:5MB centos:stress
dd if=/dev/zero of=test bs=1M count=1024 oflag=direct
//可以按ctrl+ c中断查看
docker run -it centos:stress
dd if=/dev/zero of=test bs=1M count=1024 oflag=direct
