docker容器资源控制cgroup

原创

mb63774a171e569 2022-11-20 00:10:43 博主文章分类：docker ©著作权

文章标签 docker ubuntu 文件系统其他 文章分类 代码人生

©著作权归作者所有：来自51CTO博客作者mb63774a171e569的原创作品，请联系作者获取转载授权，否则将追究法律责任

命名空间

六种 namespace

docker容器资源控制cgroup_docker

资源配额[cgroups]

mount -t cgroup

cd /sys/fs/cgroup/

cd memory/

docker容器资源控制cgroup_其他_02

默认是没有限制

现在更改内存使用

free -m

mount -t cgroup

1024*200*1024 算出200M

mkdir x1

cd x1

echo 209715200 > memory.limit_in_bytes

cat tasks 写入需要控制的pid

cd /dev/shm

dd if=/dev/zero of=bigfile bs=1M count=100

这里使用内存就会减少100M

这样不会和其他进程共享内存

yum install -y libcgroup

yum search cgroup

cgexec -g memory:x1 dd of=/dev/zero of=bigfile bs=1M count=1--

采用memory中x1子控制器

docker容器资源控制cgroup_文件系统_03

rm -fr bigfile 取消控制

docker容器资源控制cgroup_其他_04

表示超出限制就不会生成

cgroup

mount -t cgroup

[root@foundation11 ~]# mount -c cgroup
mount: cgroup is already mounted or /sys/fs/cgroup/memory busy
       cgroup is already mounted on /sys/fs/cgroup/systemd
       cgroup is already mounted on /sys/fs/cgroup/blkio
       cgroup is already mounted on /sys/fs/cgroup/net_cls,net_prio
       cgroup is already mounted on /sys/fs/cgroup/perf_event
       cgroup is already mounted on /sys/fs/cgroup/cpuset
       cgroup is already mounted on /sys/fs/cgroup/hugetlb
       cgroup is already mounted on /sys/fs/cgroup/cpu,cpuacct
       cgroup is already mounted on /sys/fs/cgroup/devices
       cgroup is already mounted on /sys/fs/cgroup/pids
       cgroup is already mounted on /sys/fs/cgroup/freezer
       cgroup is already mounted on /sys/fs/cgroup/memory

[root@foundation11 ~]# mount -t cgroup
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_prio,net_cls)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)

cd /sys/fs/cgroup/cpu

mkdir x1

cd x1

[root@foundation11 cpu]# cd x1/
[root@foundation11 x1]# ls
cgroup.clone_children cpu.cfs_quota_us
cgroup.event_control   cpu.rt_period_us
cgroup.procs           cpu.rt_runtime_us
cpuacct.stat           cpu.shares
cpuacct.usage          cpu.stat
cpuacct.usage_percpu   notify_on_release
cpu.cfs_period_us      tasks

docker容器资源控制cgroup_其他_05

docker容器资源控制cgroup_docker_06

在一个周期里面

dd if=/dev/zero of=/dev/null &

top ;按1 查看cpu

找到pid

echo docker容器资源控制cgroup_ubuntu_07 > tasks

[root@foundation11 x1]# ls
cgroup.clone_children cpuacct.stat          cpu.cfs_period_us cpu.rt_runtime_us notify_on_release
cgroup.event_control   cpuacct.usage         cpu.cfs_quota_us   cpu.shares         tasks
cgroup.procs           cpuacct.usage_percpu cpu.rt_period_us   cpu.stat
[root@foundation11 x1]# pwd
/sys/fs/cgroup/cpu/x1

就可以限制cpu

docker run --it --name vm1 --cpu-quota=50000 ubuntu

[root@foundation11 ~]# docker run -it --name vm1 --cpu-quota=50000 ubuntu
root@5973b076bd53:/# dd if=/dev/zero of=/dev/null

44089023+0 records out
22573579776 bytes (23 GB) copied, 65.2087 s, 346 MB/s

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

6496 root 20 0 4368 360 280 R 50.0 0.0 0:05.54 dd

docker容器资源控制cgroup_文件系统_08

控制写入速度

docker run -it --rm --privileged=true ubuntu 超户登入

fdisk -l

cat /proc/partitions

docker run -it --rm --device-write-bps /dev/sda:30MB ubuntu

dd if=/dev/zero of=file bs=1M count=300 oflag=direct

仅支持直连IO 不过文件系统缓存

[root@foundation11 ~]# docker run -it --rm --device-write-bps /dev/sda:30MB ubuntu
root@9a511e976eb3:/# dd if=/dev/zero of=file bs=1M count=300 oflag=direct
300+0 records in
300+0 records out
314572800 bytes (315 MB) copied, 9.92418 s, 31.7 MB/s

/sys/fs/cgroup/freezer/docker

docker pause/unpause 也是对cgoup进行操作

安装lxcfs

yum install lxcfs-2.0.5-3.el7.centos.x86_64.rpm -y

lxcfs /var/lib/lxcfs/ &

出现问题

fuse: mountpoint is not empty

删掉原有文件/var/lib/lxcfs/ lxcfs /var/lib/lxcfs/ &

docker run -it --name vm1 -m 200m -v /var/lib/lxcfs/proc/cpuinfo:/proc/cpuinfo -v /var/lib/lxcfs/proc/diskstats:/proc/diskstats -v /var/lib/lxcfs/proc/meminfo:/proc/meminfo -v /var/lib/lxcfs/proc/stat:/proc/stat -v /var/lib/lxcfs/proc/swaps:/proc/swaps -v /var/lib/lxcfs/proc/uptime:/proc/uptime ubuntu

free -m

root@bac00272ffe3:/# free -m
             total       used       free     shared    buffers     cached
Mem:           200          2        197        299          0          0
-/+ buffers/cache:          2        197
Swap:          200          0        200