在 Docker 中为资源管理挂载 cgroup [英] Mounting cgroups for Resource Management in Docker
问题描述
这是参考https://docs.docker.com/config/containers/resource_constraints/#limit-a-containers-access-to-memory.我已经创建了工作容器,使用 Raspbian Jessie Lite(本质上是无 GUI 的 Debian Jessie)在 Raspberry Pi(64 位)上运行 Docker 版本 18.05.0-ce.
This is in reference to https://docs.docker.com/config/containers/resource_constraints/#limit-a-containers-access-to-memory. I have already created working containers, running Docker version 18.05.0-ce on a Raspberry Pi (64-bit) using Raspbian Jessie Lite (essentially GUI-less Debian Jessie).
文档声称您可以在 docker run 命令上传递内存/cpu 标志.但是当我尝试像 docker run -it --name test --memory=512m container_os 这样的东西时,它说:
The documentation claims that you can just pass memory/cpu flags on the docker run command. But when I try something like docker run -it --name test --memory=512m container_os, it says:
警告:您的内核不支持交换限制功能或未安装 cgroup.无交换内存限制
如果我传递基于 cpu 的标志,例如 --cpuset-cpus,我会收到一条关于未安装 cpuset 的类似消息.这显然意味着我没有为 Docker 安装这些不同的 cgroup 来正确管理资源,对吗?
I get a similar message about not having cpuset mounted if I pass a cpu-based flag, such as --cpuset-cpus. This obviously means that I don't have these different cgroups mounted for Docker to manage resources correctly, right?
现在指的是https://docs.docker.com/config/containers/runmetrics/#control-groups,我阅读了关于 cgroups 的部分,但这对我理解情况并不是很有帮助.因此,不是只是尝试随机的内核命令,有经验的人有没有关于如何以正确的方式执行此操作的分步说明?
Now referring to https://docs.docker.com/config/containers/runmetrics/#control-groups, I read the section about cgroups, but it wasn't super helpful to my understanding of the situation. So rather than just trying random kernel commands, does anyone with experience have a step-by-step explanation of how to do this the right way?
推荐答案
经过大量研究,我想通了,以防其他人遇到同样的问题.
After quite a bit of research, I figured this out, in-case anyone else out there has this same problem.
参考 https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt,这对理解 cgroups 非常有帮助,具有所有适当支持的内核应该默认安装了大多数用于 docker 的 cgroup.如果没有,有一个命令可以这样做:
In reference to https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt, which is extremely helpful on understanding cgroups, a kernel with all of the proper support should have most of the cgroups for docker mounted by default. If not, there's a command to do so:
来自第 2.1 节 - 基本用法
From section 2.1 - Basic Usage
"要挂载包含所有可用子系统的 cgroup 层次结构,请键入:
xxx"不会被 cgroup 代码解释,但会出现在/proc/mounts 所以可能是您喜欢的任何有用的识别字符串.
注意:有些子系统在没有用户输入的情况下无法工作.例如,如果启用了 cpuset,用户将不得不填充 cpu 和 mems 文件对于在可以使用该组之前创建的每个新 cgroup."
然而,对于这种特殊情况,尝试挂载单个 cgroup,例如 cpuset,会导致错误提示cpuset 特殊设备不存在".这是因为 Raspbian Jessie 8 的开发人员没有将内核配置为默认支持 Docker 用于资源管理的 cgroup.这可以通过键入 docker info 命令轻松确定,并在输出底部查看:
For this particular case, however, trying to mount an individual cgroup, such as cpuset, results in an error saying that the "cpuset special device does not exist". This is because the devs of Raspbian Jessie 8 didn't configure the kernel to support the cgroups that Docker uses for resource management by default. This can easily be determined by typing the docker info command, and seeing this at the bottom of the output:
警告:不支持交换限制警告:没有 cpu cfs 配额支持警告:没有 cpu cfs 周期支持警告:不支持cpuset
这些是 Docker 管理容器的内存和 CPU 资源所需的所有 cgroup.测试您的内核是否支持 cpuset 之类的东西很容易.如果文件 /proc/filesystems 有一个条目说 nodev cpuset,那么这意味着你的内核有 cpuset 支持,但如果你正在阅读这个,那么它可能意味着它是只是没有在你的内核中配置.然而,这将需要内核重新配置和重建,这并不容易.
These are all of the cgroups that are needed for Docker to manage memory and CPU resources for containers. Testing to see if your kernel supports something like cpuset is easy. If the file /proc/filesystems has an entry that says nodev cpuset, then that means your kernel has cpuset support, but if you're reading this then it probably means it's just not configured in your kernel. That would call for a kernel reconfiguration and rebuild however, which is not so easy.
使用正确的内核配置,它会像 Docker 文档中显示的那样自动工作.
With the right kernel configurations, it just works automatically like it seems from the Docker Docs.
这篇关于在 Docker 中为资源管理挂载 cgroup的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
