Post on 13-Apr-2017
Presentation By:Mohammadreza Amini
Amir Arsalan
Autumn 2015IRAN OpenStack Users Group
Allocating Resources & Limitation Container
Agenda
Allocating Resources
| Iran Community OpenStack.ir
● Docker Allocating Resources
● CPU
● RAM
● Disk
● Limitation Container
● Linux Capability
● Devices
Allocating Resources
| Iran Community OpenStack.ir
Allocating Resources
Allocation of resources to containers is especially important as containers are less
isolated than virtual machines.
A single runaway container can lead to performance issues and degradation
across the entire host.
In Hypervisors, VMs are normally allocated a fixed amount of CPU resources, RAM,
and disk space, meaning that the applications will work within those set limits no
matter the load to which the VM or application is subjected.
Allocating Resources
| Iran Community OpenStack.ir
Allocating Resources
| Iran Community OpenStack.ir
CPU
Each container is assigned a “share” of the CPU, set to 1024 by default. By itself,
1024 CPU share does not mean anything.
If there is only a single container running, then it can use all the available CPU
resources.
However, if you launch another container and both containers have 1024 CPU
share, then each container can claim at least 50% of the CPU resources.
Allocating Resources
| Iran Community OpenStack.ir
CPU Allocating Resource
Allocating Resources
| Iran Community OpenStack.ir
● Share cpu
$ docker run -ti -c 1024 ubuntu:14.04 /bin/bash
● Cpu period & quota
$ docker run -ti --cpu-period=50000 --cpu-quota=10000 ubuntu:14.04 /bin/bash
Allocating Resources
| Iran Community OpenStack.ir
Memory
Memory Allocating Resource
Allocating Resources
| Iran Community OpenStack.ir
● Memory & Memory swap
$ docker run -ti -m 300M --memory-swap 900M ubuntu:14.04 /bin/bash
Allocating Resources
| Iran Community OpenStack.ir
Disk
Disk space and read/write speed can be limited in Docker. By default, read/write
speed is unlimited. However, if required, it can be limited as needed using cgroups.
Each container is allocated 10GB of space by default.
Allocating Resources
| Iran Community OpenStack.ir
Disk Allocating Resource
Allocating Resources
| Iran Community OpenStack.ir
● Base Size
$ docker -d --storage-opt dm.basesize=20G ubuntu:14.04 /bin/bash
More Details: https://github.com/docker/docker/blob/v1.2.0/daemon/graphdriver/devmapper/README.md#options
Allocating Resources
| Iran Community OpenStack.ir
Limitation Container
Allocating Resources
| Iran Community OpenStack.ir
By default, Docker containers are “unprivileged” and cannot, for example, run a Docker
daemon inside a Docker container. This is because by default a container is not allowed to
access any devices, but a “privileged” container is given access to all devices
More Details: https://docs.docker.com/engine/reference/run/#runtime-constraints-on-resources
Linux capability
Allocating Resources
| Iran Community OpenStack.ir
More Details: http://linux.die.net/man/7/capabilities
● Add capability
$ docker run -ti --cap-add=NET_ADMIN ubuntu:14.04 /bin/bash
● drop capability
$ docker run -ti --cap-add=ALL --cap-drop=NET_ADMIN ubuntu:14.04 /bin/bash
Devices
Allocating Resources
| Iran Community OpenStack.ir
If you want to limit access to a specific device or devices you can use the --device
flag. It allows you to specify one or more devices that will be accessible within the
container.
● Devices
$ docker run -ti --device=/dev/snd:/dev/snd ubuntu:14.04 /bin/bash
Allocating Resources
| Iran Community OpenStack.ir
Any Question?
Allocating Resources
| Iran Community OpenStack.ir
Stay in Touch and Join Us:
● Home Page: OpenStack.ir
● Meetup age: Meetup.com/IranOpenStack
● Mailing List: OpenStackir@Lists.OpenStack.org
● Twitter: @OpenStackIR , #OpenStackIRAN
● IRC Channel on FreeNode: #OpenStack-ir
Allocating Resources
| Iran Community OpenStack.ir
Mohammadreza Amini
Linux Administrator
Mohammadreza@openstack.ir
Amir Arsalan
Python Developer
Arsalan@openstack.ir
Thank You