1. Docker resource control
1.CPU resource control
cgroups is a very powerful Linux kernel tool. It can not only limit resources isolated by namespace, but also set weights for resources, calculate usage, control process start and stop, etc.
All cgroups (Control groups) implement quotas and metrics for resources.
cgroups has four major functions
Resource limit: You can limit the total resources used by the task
Priority allocation: Through the allocated cpu time slice data and disk IO bandwidth size, it is actually equivalent to controlling the task Running priority
Resource statistics: You can count system resource usage, such as CPU time, memory usage, etc.
Task control: cgroup can suspend task execution, Recovery and other operations
①Set the upper limit of CPU usage
Linux uses CFS (Complete Fair Scheduler) to schedule the use of the CPU by each process. The default scheduler period of CFS is 100ms. We can set the scheduling period of each container process and the maximum amount of CPU time each container can use during this period.
Use --cpu-period to set the scheduling period, and use --cpu-quota to set the CPU time that the container can use in each cycle. Both can be used together. The container's CPU quota must be no less than 1ms, that is, the --cpu-quota quota must be >=1000.
[root@host103 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ed597b354adf centos:7 "bash" 21 seconds ago Up 19 seconds test1
[root@host103 ~]# cd \
/sys/fs/cgroup/cpu/docker/ed597b354adf3d4cfd1b572cedb5d106077bcf62a31df44bc8aac3aa3deb5d1b/
[root@host103 ed597.....]# cat cpu.cfs_quota_us
-1
[root@host103 ed597.....]# cat cpu.cfs_period_us
100000
a.cpu.cfs_quota_us: Indicates cgroups limit time (microseconds). The default is -1, which means no limit.
b.cpu.cfs_period_us: The period of cpu allocation (microseconds, so it is represented by us in the file), the default is 100000
c. If set to 50000, it means occupying 50000/100000= 50% cpu
②Perform CPU stress test
[root@host103 ~]# docker exec -it test1 /bin/bash
[root@ed597b354adf /]# vi cpu.sh
#!/bin/bash
i=0
while true
do
let i++
done
[root@ed597b354adf /]# chmod +x /cpu.sh
[root@ed597b354adf /]# ./cpu.sh
③Set the upper limit of CPU usage time
[root@host103 ~]# cd /sys/fs/cgroup/cpu/docker/ed59...../
[root@host103 ed59.....]# echo 50000 > cpu.cfs_quota_us
[root@host103 ed59.....]# top
④Set the CPU resource ratio (valid only when multiple containers are available)
Docker specifies CPU shares through --cpu-shares. The default value is 1024 and the value is a multiple of 1024.
#Stop and delete the previous container first
[root@host103 ~]# docker kill $(docker ps -aq)
[root@host103 ~]# docker rm $(docker ps -aq)
#Create two containers as c1 and c2. If there are only these two containers, set the weight of the container so that the cpu resources of c1 and c2 occupy The ratio is 1/3 and 2/3
[root@host103 ~]# docker run -itd --name c1 --cpu-shares 1024 centos:7
47fa6089f568e616cba8cf05bf22279bd7ff0602cf31d4d685e3a37d4bd27d85
[root@host103 ~]#
[root@host103 ~]# docker run -itd --name c2 --cpu-shares 2048 cent os: 7
25d0d2229f4ea05b5a290fd0a96f364b071826700826378b596e5cdf38f5e72c
#Enter the containers separately and perform stress testing
[root@host103 ~]# docker exec -it c1 bash
[root@47fa6089f568 /]# yum -y install epel-release
[root@47fa6089f568 /]# yum -y install stress
#Generate 4 processes, each process repeatedly listens to the square root of the actuarial random number
[root@47fa6089f568 /]# stress -c 4
[root@host103 ~]# docker exec -it c2 bash
[root@25d0d2229f4e /]# yum -y install epel-release
[root@25d0d2229f4e /]# yum -y install stress
#Generate 4 processes, each process repeatedly listens to the square root of the actuarial random number
[root@25d0d2229f4e / ]# stress -c 4
#View container running status (dynamic update)
[root@host103 ~]# docker stats
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
25d0d2229f4e c2 260.34% 137. 2MiB / 1.938GiB 6.92% 27.8MB / 484kB 25.3MB / 25.3MB 7
47fa6089f568 c1 140.19% 111.8MiB / 1.938GiB 5.63% 27.5MB / 416kB 58.1MB / 25.3MB 7
⑤ Specify container binding cpu
#Configure the container to use CPU numbers 1 and 3 (cpu numbers start from 0)
[root@host103 ~]# docker run -itd --name test3 --cpuset -cpus 1,3 centos:7 bash
90666bf2833d3b93bbcc043c66b5dff3f76ca43057aaacd3867d3d47f7e2d640
#Enter the container and perform a stress test
[root@host103 ~] # docker exec -it test3 bash
[root@90666bf2833d /]# yum -y install epel-release
[root@90666bf2833d /]# yum -y install stress
[root@90666bf2833d /]# stress -c 4
#First use the top command, then press 1 to check the CPU usage
[root@host103 ~]# top
2. Limitations on memory usage
The -m (--memory=) option is used to limit the maximum memory that the container can use
--memory-swap Used together with --memory to limit the size of swap.
Under normal circumstances, the value of --memory-swap includes the container's available memory and available swap.
Therefore, the meaning of -m 300m --memory-swap=1g is: The container can use 300M of physical memory and can use 700M (1G-300M) swap
If --memory-swap is set to 0 or not set, the container can use swap size twice the value of -m
If the value of --memory-swap is equal to - If the m value is the same, the container cannot use swap
If the value of --memory-swap is -1, it means that the memory used by the container program is limited, but the swap space that can be used is not limited ( The container can use as much swap as the host has)
3.Restrictions on disk IO configuration control
--device-read-bps: Limit the read speed bps (data volume) on a certain device, the unit can be kb, mb (M) or gb.
eg: docker run -itd --name test --device-read-bps /dev/sda:1M centos:7 /bin/bash
--device-write-bps: Limit the write speed (data amount) on a certain device, the unit can be kb, mb (M) or gb.
eg: docker run -itd --name test --device-write-bps /dev/sda:1M centos:7/bin/bash
--device-read-iops: Limit the iops (number of times) of reading a device
--device-write-iops: Limit writing iops (number of times) to a certain device
#Create a container and limit the write speed
[root@host103 ~]# docker run -it --name test4 --device-write-bps /dev/sda:1mb centos:7 bash
#Verify writing speed through dd
[root@98dbd982b24c /]# dd if=/dev/zero of=test.out bs= 1M count=10 oflag=direct
10+0 records in
10+0 records out
10485760 bytes (10 MB) copied, 10.0035 s, 1.0 MB/s
2. Docker data management
In Docker, in order to conveniently view the data generated in the container or share the data in multiple containers, it involves the data management operation of the container.
There are two main ways to manage data in Docker containers: Data Volumes and DataVolumes Containers.
1. Data volume
The data volume is a special directory used by the container. It is located in the container. The directory of the book host can be mounted to the data volume. Modification operations on the data volume are immediately visible, and updating the data will not affect the mirror, thus realizing data on the host. Migration between hosts and containers. The data volume uses a mount operation similar to the directory under Linux.
#The current host does not have the /var/www directory
[root@host103 ~]# ls /var/www
ls: Unable to access / var/www: There is no such file or directory
#Host directory/var/www is mounted to the container/data1.
#Note: Host local directory The path must be an absolute path. If the path does not exist, Docker will automatically create the corresponding path.
#-v option can create a data volume within the container
[root@host103 ~]# docker run -v /var/www:/data1 --name web1 -it centos:7 bash
#The docker container has the data1 directory
[root@d66def26bb22 /]# ls
anaconda-post.log data1 etc lib media opt root sbin sys usr
bin dev home lib64 mnt proc run srv tmp var [root@d66def26bb22 /]# exit this is web 1 [root @host103 ~]# cat /var/www/web1.txt #The host has /var/www, and there is web1.txt in this directory, and there is content exit
[root@d66def26bb22 /]# echo "this is web 1" >> /data1/web1.txt
2. Data volume container
If you need to share some data between containers, the easiest way is to use a data volume container. The data volume container is an ordinary container that specifically provides data volumes for other containers to mount and use.
#Create a container as a data volume container
[root@host103 ~]# docker run --name web2 -v /data1 -v /data2 -it centos:7 bash< /span> this is web2 data [root@bdbbd457daea /]# cat data2/ABC .txt this is web2 data1 [root@bdbbd457daea /]# ls data1 data2< /span> ABC.txt data2: abc.txt data1: anaconda-post.log bin data1 data2 dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var [root@bdbbd457daea /]# ls a> #Use --volumes-from to mount the data volumes in the web2 container to the new container this is web2 data2 [root@63ec486d5683 /]# cat / data2/ABC.txt this is web2 data1 [root@63ec486d5683 /]# cat /data1/abc.txt [root@63ec486d5683 /]# [root@63ec486d5683 /]# echo "this is web2 data2" > /data2/ABC.txt [root@63ec486d5683 /]# [root@63ec486d5683 /]# echo "this is web2 data1" > /data1/abc.txt anaconda-post.log bin data1 data2 dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@63ec486d5683 /]# ls
3. Container interconnection (using centos image)
Container interconnection is to establish a dedicated network communication tunnel between containers through the name of the container. To put it simply, a tunnel will be established between the source container and the receiver, and the receiving container can see the information specified by the source container.
#Create and run the container, named web4
[root@host103 ~]# docker run -itd -P --name web4 centos:7 bash< a i=2> bc1caf5b2f441c834e70eb3307dab72bdb597568e1af6070f2b45f1cf8d9196e [root@host103 ~]# #Create and run the container, named web5. --link Container name: alias of the connection [root@host103 ~]# docker run -itd --name web5 --link web4:WEB4 centos:7 bash 107f5c583c1db9c456c47952081a084efd66de762a905f471776dd65949bb892 [root@host103 ~]# #Enter the container, ping the container name, ping the alias, and you can ping successfully [root@host103 ~]# docker exec -it web5 bash [root@107f5c583c1d /]# ping web4 [root@107f5c583c1d /]# ping WEB4
