SlideShare ist ein Scribd-Unternehmen logo

Resource Management of Docker

Als PPT, PDF herunterladen
SpeedyCloud
SpeedyCloud

How to improve the network of Docker? How to integrate with OpenVSwitch? How to apply more fine-grained QoS limitation and monitor the resource usage of containers? How to improve Docker in non-intrusive ways? This slides shared by Li Yulai, the Chief Architect of SpeedyCloud, is to answer questions above. Visit http://www.speedycloud.cn to find out more.

Technologie
1 von 28
Resource Management of Docker Li Yulai @ SpeedyCloud
Docker • Resources Isolation – Linux Namespaces • Limitation of Resources Usage (QoS) – cgroups • Resources Monitoring – cgroups
Docker Resources Isolation
Docker Resources Isolation • Linux Namespaces – CLONE_NEWNS (2.4.19) – CLONE_NEWUTS (2.6.19) – CLONE_NEWIPC (2.6.19) – CLONE_NEWPID (2.6.24) – CLONE_NEWNET (2.6.24) – CLONE_NEWUSER (3.8)
• /proc/$PID/ns/ – ipc – mnt – net – pid – user – uts Docker Resources Isolation
• Namespaces Invoking – clone – unshare – setns • Namespaces Command Line Tools – ip netns – unshare Docker Resources Isolation
• By invoking clone, run new process under a group of new Namespace Docker Resources Isolation
What can we do about Namespaces?
Docker Network Improvement • Add NIC to Docker • Usage : network.sh docker-test veth0 192.168.1.10/24
• Linux Net Namespace: /proc/$PID/ns/net • ip link add Command creates veth NIC • ip netns Command adjust netns configuration by detecting /var/run/netns path • Use ovs-vsctl (or brctl) to setup the network of new NIC Docker Network Improvement
Docker Network Improvement
Docker Network Improvement
QoS of Docker Resources
QoS of Docker Resources • Linux cgroups • Docker cgroups model – libcontainer : /sys/fs/cgroup/<subsystem>/docker/<cont ainerID> – Linux Container: /sys/fs/cgroup/<subsystem>/lxc/<containerID> • Kernel start parameters – cgroup_enable=memory swapaccount=1
QoS of Docker Resources • CPU QoS – cpuset.cpus – cpu.shares • Memory QoS – memory.memsw.limit_in_bytes – memory.limit_in_bytes swap = memory.memsw.limit_in_bytes – memory.limit_in_bytes
The tangling of Memory, Swap and OOM
The tangling of Memory, Swap and OOM • Trigger of memory, swap and OOM – When memory is short, Kernel will exchange memory pages to swap – OOM will be triggered if swap and memory are full. • How does OOM work – Find the process that uses most of the memory ( the child process usage will be added to parent process usage) – Kill the process that uses most of the memory
The tangling of Memory, Swap and OOM • Imagine that if you are running php-fpm, and the OOM happens…
The tangling of Memory, Swap and OOM • Save more for swap in your container if you want to keep alive
QoS of Docker Resources • DISK I/O QoS – blkio.throttle.read_bps_device – blkio.throttle.write_bps_device – blkio.throttle.read_iops_device – blkio.throttle.write_iops_device • echo "<major>:<minor> <limit>" > throttle.write_iops_device
QoS of Docker Resources • The major and minor IDs of disk – cat /proc/partitions – ls –l /dev/ • Use the major and minor of devices, not those of partitions
QoS of Docker Resources • Network Bandwidth QoS – OpenVSwitch – Linux Bridge • OpenVSwitch – ovs-vsctl set interface veth1 ingress_policing_rate=1000 • ebtables + tc – ebtables -A FORWARD -i veth1 -j mark --mark-set 0x1 --mark-target ACCEPT – qdics, class, filter – tc filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:1
QoS of Docker Resources • Limitation of Disk Volume – LVM creates the volume and make it accessible for Container by using –volume parameter after mount – Use btrfs and set up quota • btrfs qgroup limit –e 100G /var/lib/docker/btrfs/subvolumes/CONTAINER_ID
Docker Resources Monitor
Docker Resources Monitor • CPU : cpuacct.usage • Memory : – memory.usage_in_bytes – memory.memsw.usage_in_bytes • Disk IO : – blkio.throttle.io_serviced – blkio.throttle.io_service_bytes • Bandwidth : – /sys/class/net/<ethname>/statistics/
Out of Docker
Out of Docker • Bocker – https://github.com/p8952/bocker • Dockerlite – https://github.com/docker/dockerlite
Resource Management of Docker

Empfohlen

Docker allocating resources
Docker allocating resourcesDocker allocating resources
Docker allocating resourcesMohammadreza Amini
 
Galaxy CloudMan performance on AWS
Galaxy CloudMan performance on AWSGalaxy CloudMan performance on AWS
Galaxy CloudMan performance on AWSEnis Afgan
 
Docker internals
Docker internalsDocker internals
Docker internalsRohit Jnagal
 
Resource planning on the (Amazon) cloud
Resource planning on the (Amazon) cloudResource planning on the (Amazon) cloud
Resource planning on the (Amazon) cloudEnis Afgan
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolationallingeek
 
MongoDB Backup & Disaster Recovery
MongoDB Backup & Disaster RecoveryMongoDB Backup & Disaster Recovery
MongoDB Backup & Disaster RecoveryElankumaran Srinivasan
 
53 lab-nfs
53 lab-nfs53 lab-nfs
53 lab-nfsmapr-academy
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph clusterMirantis
 

Empfohlen

Docker allocating resources
Docker allocating resourcesDocker allocating resources
Docker allocating resourcesMohammadreza Amini
 
Galaxy CloudMan performance on AWS
Galaxy CloudMan performance on AWSGalaxy CloudMan performance on AWS
Galaxy CloudMan performance on AWSEnis Afgan
 
Docker internals
Docker internalsDocker internals
Docker internalsRohit Jnagal
 
Resource planning on the (Amazon) cloud
Resource planning on the (Amazon) cloudResource planning on the (Amazon) cloud
Resource planning on the (Amazon) cloudEnis Afgan
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolationallingeek
 
MongoDB Backup & Disaster Recovery
MongoDB Backup & Disaster RecoveryMongoDB Backup & Disaster Recovery
MongoDB Backup & Disaster RecoveryElankumaran Srinivasan
 
53 lab-nfs
53 lab-nfs53 lab-nfs
53 lab-nfsmapr-academy
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph clusterMirantis
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)rajdeep
 
Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Guillaume Charmes
 
An Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersAn Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersKento Aoyama
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyDeclare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyMoby Project
 
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...Thomas Fricke
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
LXC
LXCLXC
LXCWu Fan-Cheng
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerHiroki Endo
 
GlusterFS As an Object Storage
GlusterFS As an Object StorageGlusterFS As an Object Storage
GlusterFS As an Object StorageKeisuke Takahashi
 
Hands On Gluster with Jeff Darcy
Hands On Gluster with Jeff DarcyHands On Gluster with Jeff Darcy
Hands On Gluster with Jeff DarcyGluster.org
 
Docker Container: isolation and security
Docker Container: isolation and securityDocker Container: isolation and security
Docker Container: isolation and security宇 傅
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelOpenVZ
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupStefan Schimanski
 
Kubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical ViewKubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical ViewLei (Harry) Zhang
 
Docker Overview
Docker OverviewDocker Overview
Docker OverviewRohit Jnagal
 
Tutorial ceph-2
Tutorial ceph-2Tutorial ceph-2
Tutorial ceph-2Tommy Lee
 
CoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortCoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortStylight
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1sprdd
 
はじめてのGlusterFS
はじめてのGlusterFSはじめてのGlusterFS
はじめてのGlusterFSTakahiro Inoue
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Dobrica Pavlinušić
 
Microservices, Containers and Docker
Microservices, Containers and DockerMicroservices, Containers and Docker
Microservices, Containers and DockerIoannis Papapanagiotou
 
Namespace
NamespaceNamespace
Namespaceabhay singh
 

Weitere ähnliche Inhalte

Was ist angesagt?

Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)rajdeep
 
Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Guillaume Charmes
 
An Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersAn Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersKento Aoyama
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyDeclare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyMoby Project
 
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...Thomas Fricke
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerHiroki Endo
 
GlusterFS As an Object Storage
GlusterFS As an Object StorageGlusterFS As an Object Storage
GlusterFS As an Object StorageKeisuke Takahashi
 
Hands On Gluster with Jeff Darcy
Hands On Gluster with Jeff DarcyHands On Gluster with Jeff Darcy
Hands On Gluster with Jeff DarcyGluster.org
 
Docker Container: isolation and security
Docker Container: isolation and securityDocker Container: isolation and security
Docker Container: isolation and security宇 傅
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelOpenVZ
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupStefan Schimanski
 
Kubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical ViewKubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical ViewLei (Harry) Zhang
 
Tutorial ceph-2
Tutorial ceph-2Tutorial ceph-2
Tutorial ceph-2Tommy Lee
 
CoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortCoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortStylight
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1sprdd
 
はじめてのGlusterFS
はじめてのGlusterFSはじめてのGlusterFS
はじめてのGlusterFSTakahiro Inoue
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Dobrica Pavlinušić
 

Was ist angesagt? (20)

Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
 
Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013
 
An Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersAn Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux Containers
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyDeclare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and Moby
 
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
 
LXC
LXCLXC
LXC
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
GlusterFS As an Object Storage
GlusterFS As an Object StorageGlusterFS As an Object Storage
GlusterFS As an Object Storage
 
Hands On Gluster with Jeff Darcy
Hands On Gluster with Jeff DarcyHands On Gluster with Jeff Darcy
Hands On Gluster with Jeff Darcy
 
Docker Container: isolation and security
Docker Container: isolation and securityDocker Container: isolation and security
Docker Container: isolation and security
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux Kernel
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
 
Kubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical ViewKubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical View
 
Docker Overview
Docker OverviewDocker Overview
Docker Overview
 
Tutorial ceph-2
Tutorial ceph-2Tutorial ceph-2
Tutorial ceph-2
 
CoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortCoreOS introduction - Johann Romefort
CoreOS introduction - Johann Romefort
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1
 
はじめてのGlusterFS
はじめてのGlusterFSはじめてのGlusterFS
はじめてのGlusterFS
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)
 

Andere mochten auch

Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)Ralf Dannert
 
Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespacesMike Wilson
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespacesLocaweb
 
基于Python构建可扩展的自动化运维平台
基于Python构建可扩展的自动化运维平台基于Python构建可扩展的自动化运维平台
基于Python构建可扩展的自动化运维平台liuts
 
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲ChinaNetCloud
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Boden Russell
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityJérôme Petazzoni
 

Andere mochten auch (13)

Microservices, Containers and Docker
Microservices, Containers and DockerMicroservices, Containers and Docker
Microservices, Containers and Docker
 
Namespace
NamespaceNamespace
Namespace
 
Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)
 
Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespaces
 
LSA2 - 02 Namespaces
LSA2 - 02 NamespacesLSA2 - 02 Namespaces
LSA2 - 02 Namespaces
 
Linux Namespaces
Linux NamespacesLinux Namespaces
Linux Namespaces
 
Linux Namespace
Linux NamespaceLinux Namespace
Linux Namespace
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespaces
 
基于Python构建可扩展的自动化运维平台
基于Python构建可扩展的自动化运维平台基于Python构建可扩展的自动化运维平台
基于Python构建可扩展的自动化运维平台
 
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲
Dev-Ops与Docker的最佳实践 QCon2016 北京站演讲
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and security
 

Ähnlich wie Resource Management of Docker

Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudSalman Baset
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
 
Understand how docker works
Understand how docker worksUnderstand how docker works
Understand how docker worksLi Jingtian
 
Understand how docker works
Understand how docker worksUnderstand how docker works
Understand how docker worksJustin Li
 
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPostgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPivotalOpenSourceHub
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationC4Media
 
PostgreSQL and Linux Containers
PostgreSQL and Linux ContainersPostgreSQL and Linux Containers
PostgreSQL and Linux ContainersJignesh Shah
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesAkihiro Suda
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Michelle Antebi
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael CrosbyDocker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael CrosbyDocker, Inc.
 
POUG2022_OracleDbNestInsideOut.pptx
POUG2022_OracleDbNestInsideOut.pptxPOUG2022_OracleDbNestInsideOut.pptx
POUG2022_OracleDbNestInsideOut.pptxMahmoud Hatem
 
Java in containers
Java in containersJava in containers
Java in containersMartin Baez
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security ParadigmAnis LARGUEM
 
How to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceHow to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceDocker, Inc.
 

Ähnlich wie Resource Management of Docker (20)

Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
 
Understand how docker works
Understand how docker worksUnderstand how docker works
Understand how docker works
 
Understand how docker works
Understand how docker worksUnderstand how docker works
Understand how docker works
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
 
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPostgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh Shah
 
Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New Virtualization
 
PostgreSQL and Linux Containers
PostgreSQL and Linux ContainersPostgreSQL and Linux Containers
PostgreSQL and Linux Containers
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issues
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael CrosbyDocker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
 
POUG2022_OracleDbNestInsideOut.pptx
POUG2022_OracleDbNestInsideOut.pptxPOUG2022_OracleDbNestInsideOut.pptx
POUG2022_OracleDbNestInsideOut.pptx
 
Java in containers
Java in containersJava in containers
Java in containers
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security Paradigm
 
How to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceHow to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experience
 

Mehr von SpeedyCloud

教育交互直播的技术难点与架构探索 @ 见云沙龙
教育交互直播的技术难点与架构探索 @ 见云沙龙教育交互直播的技术难点与架构探索 @ 见云沙龙
教育交互直播的技术难点与架构探索 @ 见云沙龙SpeedyCloud
 
选型指南:Cdn系统中dns的设计与研发
选型指南:Cdn系统中dns的设计与研发选型指南:Cdn系统中dns的设计与研发
选型指南:Cdn系统中dns的设计与研发SpeedyCloud
 
浅析Python多线程与多进程的使用
浅析Python多线程与多进程的使用浅析Python多线程与多进程的使用
浅析Python多线程与多进程的使用SpeedyCloud
 
How to Use Multi-thread & Multi-process in Python
How to Use Multi-thread & Multi-process in PythonHow to Use Multi-thread & Multi-process in Python
How to Use Multi-thread & Multi-process in PythonSpeedyCloud
 
运维?KVM & OpenVZ & Docker
运维?KVM & OpenVZ & Docker运维?KVM & OpenVZ & Docker
运维?KVM & OpenVZ & DockerSpeedyCloud
 
深入Docker的资源管理
深入Docker的资源管理深入Docker的资源管理
深入Docker的资源管理SpeedyCloud
 
The Evolution of SpeedyCloud Resources Scheduling System
The Evolution of SpeedyCloud Resources Scheduling SystemThe Evolution of SpeedyCloud Resources Scheduling System
The Evolution of SpeedyCloud Resources Scheduling SystemSpeedyCloud
 
SpeedyCloud 云计算平台资源调度系统要点解析
SpeedyCloud 云计算平台资源调度系统要点解析SpeedyCloud 云计算平台资源调度系统要点解析
SpeedyCloud 云计算平台资源调度系统要点解析SpeedyCloud
 

Mehr von SpeedyCloud (8)

教育交互直播的技术难点与架构探索 @ 见云沙龙
教育交互直播的技术难点与架构探索 @ 见云沙龙教育交互直播的技术难点与架构探索 @ 见云沙龙
教育交互直播的技术难点与架构探索 @ 见云沙龙
 
选型指南:Cdn系统中dns的设计与研发
选型指南:Cdn系统中dns的设计与研发选型指南:Cdn系统中dns的设计与研发
选型指南:Cdn系统中dns的设计与研发
 
浅析Python多线程与多进程的使用
浅析Python多线程与多进程的使用浅析Python多线程与多进程的使用
浅析Python多线程与多进程的使用
 
How to Use Multi-thread & Multi-process in Python
How to Use Multi-thread & Multi-process in PythonHow to Use Multi-thread & Multi-process in Python
How to Use Multi-thread & Multi-process in Python
 
运维?KVM & OpenVZ & Docker
运维?KVM & OpenVZ & Docker运维?KVM & OpenVZ & Docker
运维?KVM & OpenVZ & Docker
 
深入Docker的资源管理
深入Docker的资源管理深入Docker的资源管理
深入Docker的资源管理
 
The Evolution of SpeedyCloud Resources Scheduling System
The Evolution of SpeedyCloud Resources Scheduling SystemThe Evolution of SpeedyCloud Resources Scheduling System
The Evolution of SpeedyCloud Resources Scheduling System
 
SpeedyCloud 云计算平台资源调度系统要点解析
SpeedyCloud 云计算平台资源调度系统要点解析SpeedyCloud 云计算平台资源调度系统要点解析
SpeedyCloud 云计算平台资源调度系统要点解析
 

Kürzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Kürzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Resource Management of Docker

  • 1. Resource Management of Docker Li Yulai @ SpeedyCloud
  • 2. Docker • Resources Isolation – Linux Namespaces • Limitation of Resources Usage (QoS) – cgroups • Resources Monitoring – cgroups
  • 4. Docker Resources Isolation • Linux Namespaces – CLONE_NEWNS (2.4.19) – CLONE_NEWUTS (2.6.19) – CLONE_NEWIPC (2.6.19) – CLONE_NEWPID (2.6.24) – CLONE_NEWNET (2.6.24) – CLONE_NEWUSER (3.8)
  • 5. • /proc/$PID/ns/ – ipc – mnt – net – pid – user – uts Docker Resources Isolation
  • 6. • Namespaces Invoking – clone – unshare – setns • Namespaces Command Line Tools – ip netns – unshare Docker Resources Isolation
  • 7. • By invoking clone, run new process under a group of new Namespace Docker Resources Isolation
  • 8. What can we do about Namespaces?
  • 9. Docker Network Improvement • Add NIC to Docker • Usage : network.sh docker-test veth0 192.168.1.10/24
  • 10. • Linux Net Namespace: /proc/$PID/ns/net • ip link add Command creates veth NIC • ip netns Command adjust netns configuration by detecting /var/run/netns path • Use ovs-vsctl (or brctl) to setup the network of new NIC Docker Network Improvement
  • 13. QoS of Docker Resources
  • 14. QoS of Docker Resources • Linux cgroups • Docker cgroups model – libcontainer : /sys/fs/cgroup/<subsystem>/docker/<cont ainerID> – Linux Container: /sys/fs/cgroup/<subsystem>/lxc/<containerID> • Kernel start parameters – cgroup_enable=memory swapaccount=1
  • 15. QoS of Docker Resources • CPU QoS – cpuset.cpus – cpu.shares • Memory QoS – memory.memsw.limit_in_bytes – memory.limit_in_bytes swap = memory.memsw.limit_in_bytes – memory.limit_in_bytes
  • 16. The tangling of Memory, Swap and OOM
  • 17. The tangling of Memory, Swap and OOM • Trigger of memory, swap and OOM – When memory is short, Kernel will exchange memory pages to swap – OOM will be triggered if swap and memory are full. • How does OOM work – Find the process that uses most of the memory ( the child process usage will be added to parent process usage) – Kill the process that uses most of the memory
  • 18. The tangling of Memory, Swap and OOM • Imagine that if you are running php-fpm, and the OOM happens…
  • 19. The tangling of Memory, Swap and OOM • Save more for swap in your container if you want to keep alive
  • 20. QoS of Docker Resources • DISK I/O QoS – blkio.throttle.read_bps_device – blkio.throttle.write_bps_device – blkio.throttle.read_iops_device – blkio.throttle.write_iops_device • echo "<major>:<minor> <limit>" > throttle.write_iops_device
  • 21. QoS of Docker Resources • The major and minor IDs of disk – cat /proc/partitions – ls –l /dev/ • Use the major and minor of devices, not those of partitions
  • 22. QoS of Docker Resources • Network Bandwidth QoS – OpenVSwitch – Linux Bridge • OpenVSwitch – ovs-vsctl set interface veth1 ingress_policing_rate=1000 • ebtables + tc – ebtables -A FORWARD -i veth1 -j mark --mark-set 0x1 --mark-target ACCEPT – qdics, class, filter – tc filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:1
  • 23. QoS of Docker Resources • Limitation of Disk Volume – LVM creates the volume and make it accessible for Container by using –volume parameter after mount – Use btrfs and set up quota • btrfs qgroup limit –e 100G /var/lib/docker/btrfs/subvolumes/CONTAINER_ID
  • 25. Docker Resources Monitor • CPU : cpuacct.usage • Memory : – memory.usage_in_bytes – memory.memsw.usage_in_bytes • Disk IO : – blkio.throttle.io_serviced – blkio.throttle.io_service_bytes • Bandwidth : – /sys/class/net/<ethname>/statistics/
  • 27. Out of Docker • Bocker – https://github.com/p8952/bocker • Dockerlite – https://github.com/docker/dockerlite