gke无法禁用“透明大页面" ...权限被拒绝 [英] gke cant disable Transparent Huge Pages... permission denied
问题描述
我正在尝试在gke中运行redis映像.除了我收到可怕的透明大页面"警告外,它是可行的:
I am trying to run a redis image in gke. It works except I get the dreaded "Transparent Huge Pages" warning:
WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
Redis目前太慢而无法使用...因此我不得不关闭THP:
Redis is currently too slow to be useful... So I tied turning off THP:
sheena@gke-projectwaxd-cluster-default-pool-23593a74-wxrv ~ $ cat /sys/kernel/mm/transparent_hugepage/enabled
always [madvise] never
sheena@gke-projectwaxd-cluster-default-pool-23593a74-wxrv ~ $ echo never > /sys/kernel/mm/transparent_hugepage/enabled
-bash: /sys/kernel/mm/transparent_hugepage/enabled: Permission denied
sheena@gke-projectwaxd-cluster-default-pool-23593a74-wxrv ~ $ sudo echo never > /sys/kernel/mm/transparent_hugepage/enabled
-bash: /sys/kernel/mm/transparent_hugepage/enabled: Permission denied
这些权限错误令人不安. Redis希望关闭THP,以便它可以正常工作.
These permission errors are disconcerting. Redis wants THP off so it can work properly.
我做了一些挖掘,发现Google使用了特殊的OS映像,该映像使/sys/成为只读路径.还有一个基于Debian 7的替代图像.这让我都很兴奋,但最终我遇到了完全相同的问题.
I did a little digging and found that google uses a special os image that makes /sys/ a read-only path. There's an alternative image that's based on Debian 7. It got me all excited but in the end I have exactly the same problem.
那么我该如何阻止THP在Google容器引擎上受到Redis的影响?
So how do I stop redis from being effected by THP on Google container engine?
这不像我在这里做独特的事情.在容器中运行数据库是很正常的.启用THP后,数据库发生故障是很正常的.所以...我在这里想念什么?
It's not like I'm doing something unique here. Running databases in containers is pretty normal. And it's pretty normal for a database to malfunction when THP is enabled. So... what am I missing here?
推荐答案
您的命令略有错误:echo以root用户身份运行,但重定向本身(>)以用户身份运行,因此无法编写/sys/
Your command is slightly incorrect: echo runs as root but the redirection itself (>) runs as user so it can't write /sys/.
以下命令在容器-vm(基于debian)和gci(基于chromeos)上均两者都可以正常运行:
The following command works fine both on container-vm (debian based) and gci (chromeos based):
sudo sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled'
在容器虚拟机上保留此设置
将此内核命令行参数添加到/etc/default/grub中(不要忘记之后再运行sudo update-grub和sudo reboot):
Persisting this setting on container-vm
Add this kernel command line parameter into /etc/default/grub (don't forget to run sudo update-grub and sudo reboot afterwards):
GRUB_CMDLINE_LINUX="... transparent_hugepage=never"
在gci上保留此设置
首先,使用云控制台复制节点池正在使用的实例模板.
Persisting this setting on gci
First, using the cloud console copy the instance template that is in use by the node pool.
第二,在元数据下更改userdata的值:
Second, under metadata change the value for userdata:
#cloud-config
write_files:
- path: /etc/systemd/system/hugepage.service
permissions: 0644
owner: root
content: |
[Unit]
Description=Disable THP
[Service]
Type=oneshot
ExecStart=/bin/sh -c "echo never > /sys/kernel/mm/transparent_hugepage/enabled"
[Install]
WantedBy=kubernetes.target
...
runcmd:
- ...
- systemctl enable hugepage.service
- systemctl start kubernetes.target
第三,将实例模板更改为新创建的模板:
Third, change the instance template to the newly created one:
gcloud compute instance-groups managed set-instance-template \
gke-YOUCLUSTER-YOURPOOL-grp \
--template=YOURNEWTEMPLATENAME \
--zone=...
第四,重新创建实例:
gcloud compute instance-groups managed recreate-instances \
gke-YOUCLUSTER-YOURPOOL-grp \
--zone=... \
--instances=...
实例将丢失所有数据,并禁用了THP.所有新实例(在此节点池中)也将禁用THP.
The instances will loose all data and come up with THP disabled. All new instances will have THP disabled as well (in this node pool).
这篇关于gke无法禁用“透明大页面" ...权限被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
