gke 无法禁用透明大页面...权限被拒绝 [英] gke cant disable Transparent Huge Pages... permission denied
问题描述
我正在尝试在 gke 中运行 redis 映像.它有效,但我收到可怕的透明大页面"警告:
I am trying to run a redis image in gke. It works except I get the dreaded "Transparent Huge Pages" warning:
WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
Redis 目前太慢而无法使用...所以我绑定了关闭 THP:
Redis is currently too slow to be useful... So I tied turning off THP:
sheena@gke-projectwaxd-cluster-default-pool-23593a74-wxrv ~ $ cat /sys/kernel/mm/transparent_hugepage/enabled
always [madvise] never
sheena@gke-projectwaxd-cluster-default-pool-23593a74-wxrv ~ $ echo never > /sys/kernel/mm/transparent_hugepage/enabled
-bash: /sys/kernel/mm/transparent_hugepage/enabled: Permission denied
sheena@gke-projectwaxd-cluster-default-pool-23593a74-wxrv ~ $ sudo echo never > /sys/kernel/mm/transparent_hugepage/enabled
-bash: /sys/kernel/mm/transparent_hugepage/enabled: Permission denied
这些权限错误令人不安.Redis 想要关闭 THP 以便它可以正常工作.
These permission errors are disconcerting. Redis wants THP off so it can work properly.
我做了一些挖掘,发现谷歌使用了一个特殊的 os 映像,使/sys/成为只读路径.有一个基于 Debian 7 的替代映像.它让我很兴奋,但最终我遇到了完全相同的问题.
I did a little digging and found that google uses a special os image that makes /sys/ a read-only path. There's an alternative image that's based on Debian 7. It got me all excited but in the end I have exactly the same problem.
那么如何阻止 redis 在 Google 容器引擎上受到 THP 的影响?
So how do I stop redis from being effected by THP on Google container engine?
我在这里并不是在做一些独特的事情.在容器中运行数据库是很正常的.当启用 THP 时,数据库出现故障是很正常的.那么......我在这里错过了什么?
It's not like I'm doing something unique here. Running databases in containers is pretty normal. And it's pretty normal for a database to malfunction when THP is enabled. So... what am I missing here?
推荐答案
您的命令有点不正确:echo 以 root 身份运行,但重定向本身 (>) 运行作为用户,所以它不能写 /sys/.
Your command is slightly incorrect: echo runs as root but the redirection itself (>) runs as user so it can't write /sys/.
以下命令在容器虚拟机(基于 debian)和 gci(基于 chromeos)上两者都能正常工作:
The following command works fine both on container-vm (debian based) and gci (chromeos based):
sudo sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled'
在容器虚拟机上保留此设置
将此内核命令行参数添加到/etc/default/grub(不要忘记运行sudo update-grub 和sudo reboot> 之后):
Persisting this setting on container-vm
Add this kernel command line parameter into /etc/default/grub (don't forget to run sudo update-grub and sudo reboot afterwards):
GRUB_CMDLINE_LINUX="... transparent_hugepage=never"
在 gci 上保持这个设置
首先,使用云控制台复制节点池正在使用的实例模板.
Persisting this setting on gci
First, using the cloud console copy the instance template that is in use by the node pool.
其次,在元数据下更改 userdata 的值:
Second, under metadata change the value for userdata:
#cloud-config
write_files:
- path: /etc/systemd/system/hugepage.service
permissions: 0644
owner: root
content: |
[Unit]
Description=Disable THP
[Service]
Type=oneshot
ExecStart=/bin/sh -c "echo never > /sys/kernel/mm/transparent_hugepage/enabled"
[Install]
WantedBy=kubernetes.target
...
runcmd:
- ...
- systemctl enable hugepage.service
- systemctl start kubernetes.target
三、将实例模板改成新创建的:
Third, change the instance template to the newly created one:
gcloud compute instance-groups managed set-instance-template
gke-YOUCLUSTER-YOURPOOL-grp
--template=YOURNEWTEMPLATENAME
--zone=...
第四,重新创建实例:
gcloud compute instance-groups managed recreate-instances
gke-YOUCLUSTER-YOURPOOL-grp
--zone=...
--instances=...
实例将丢失所有数据并禁用 THP.所有新实例也将禁用 THP(在此节点池中).
The instances will loose all data and come up with THP disabled. All new instances will have THP disabled as well (in this node pool).
这篇关于gke 无法禁用透明大页面...权限被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
