cgroup Linux中的资源限制
参考链接:容器技术的基石:cgroup
直接上实验:
# docker run --rm -d --cpus=0.1 --memory=100M --name=test redis:alpine
WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.
f2bd078c1486b3c24f0f62a4a56ac37c6bb325f172e75ca2e2490f527e919f6d
# docker stats f2bd0
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
f2bd078c1486 test 0.12% 2.496MiB / 100MiB 2.50% 656B / 0B 0B / 0B 5
# docker exec -it f2b sh
/data #
/data # cat /dev/urandom | md5sum ## 将cpu打满
# docker stats f2bd0 ## 最高到10%,略有偏差
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
f2bd078c1486 test 10.09% 3.035MiB / 100MiB 3.04% 796B / 0B 0B / 0B 8
## 查看相关配置文件
dewan@Cloud-VM /sys/fs/cgroup/cpu/docker/f2bd078c1486b3c24f0f62a4a56ac37c6bb325f172e75ca2e2490f527e919f6d% ll cpu.cfs*
-rw-r--r-- 1 root root 0 2022-08-29 16:24 cpu.cfs_period_us # 表示一个cpu带宽
-rw-r--r-- 1 root root 0 2022-08-29 16:24 cpu.cfs_quota_us # 表示Cgroup可以使用的cpu的带宽
dewan@Cloud-VM /sys/fs/cgroup/cpu/docker/f2bd078c1486b3c24f0f62a4a56ac37c6bb325f172e75ca2e2490f527e919f6d% cat cpu.cfs*
100000
10000
查看当前cgroup信息
# systemd-cgls ## Ubuntu 中执行的结果与Centos中不同,不包括一般系统进程的的cgroup信息
Working directory /sys/fs/cgroup/cpu,cpuacct/docker:
├─db5cdc70d5f568c2797130184f82051aeda1ea94b0f168c9feacdec7978a3db9
│ └─19890 mariadbd
├─1a8e010dce9de03329bfa2ccb79c3989e2e9ff0b927cb3b04c89d48465de189b
│ └─18511 grafana-server --homepath=/usr/share/grafana --config=/etc/grafana/grafana.ini --packaging=docker cfg:default.log.mode=console cfg:default.paths.data=/var/lib/grafana cfg:default.paths.logs=/var/log/grafana cfg:default.paths.plugins=/var/lib
├─5343ee092cd7098ba5ae53718c5d33ee17f0a81f746293ce3ae10ab33a068c6d
│ ├─18626 /bin/sh /sbin/entrypoint.sh
│ ├─18851 nginx: master process nginx
│ ├─18852 php-fpm: master process (/etc/php7/php-fpm.conf)
│ ├─18853 nginx: worker process
│ ├─18864 php-fpm: pool www
│ └─18865 php-fpm: pool www
├─6190b707b2620fd02ca91d29b5df93257df18f261cef736728e2fba43a3a9c78
│ └─18459 /bin/node_exporter --path.rootfs=/host --collector.filesystem.ignored-mount-points ^/(sys|proc|dev|host|etc)($|/)
├─ea343244eb76dca2dde216ac5a2aff8a09e2fb5b55f9794c0dd180bb18f744a6
│ └─18753 /bin/pushgateway
├─e128a8d4c78eb9ec45a79d548503dd27eb218180f0c261feb70dc31faa59e51f
│ └─9572 redis-server *:6379
└─1cfa3cbb9e4fb5dc8e031b08871895212e39b81d1aef6700deb5359bbda72a11
├─18707 /usr/bin/dumb-init /bin/sh /usr/local/bin/docker-entrypoint.sh agent -dev -client 0.0.0.0
└─18902 consul agent -data-dir=/consul/data -config-dir=/consul/config -bind=172.17.0.5 -dev -client 0.0.0.0
# systemd-cgtop -n 1 ## 这里的显示较为全面
Control Group Tasks %CPU Memory Input/s Output/s
/ 474 - 3.1G - -
/docker 70 - 421.0M - -
/docker/1a8e010dce9de03329bfa2ccb79c3989e2e9ff0b927cb3b04c89d48465de189b 10 - 46.7M - -
/docker/1cfa3cbb9e4fb5dc8e031b08871895212e39b81d1aef6700deb5359bbda72a11 9 - 48.5M - -
/docker/5343ee092cd7098ba5ae53718c5d33ee17f0a81f746293ce3ae10ab33a068c6d 6 - 13.5M - -
/docker/6190b707b2620fd02ca91d29b5df93257df18f261cef736728e2fba43a3a9c78 4 - 9.0M - -
/docker/db5cdc70d5f568c2797130184f82051aeda1ea94b0f168c9feacdec7978a3db9 30 - 287.0M - -
/docker/e128a8d4c78eb9ec45a79d548503dd27eb218180f0c261feb70dc31faa59e51f 5 - 2.5M - -
/docker/ea343244eb76dca2dde216ac5a2aff8a09e2fb5b55f9794c0dd180bb18f744a6 6 - 9.2M - -
/system.slice 296 - 1.2G - -
/system.slice/ModemManager.service 3 - 4.6M - -
/system.slice/NetworkManager.service 7 - 15.2M - -
/system.slice/accounts-daemon.service 3 - 3.2M - -
/system.slice/apache2.service 11 - 71.4M - -
/system.slice/atd.service 1 - 452.0K - -
/system.slice/c.mount - - 236.0K - -
/system.slice/chrony.service 1 - 1.2M - -
/system.slice/cloudResetPwdUpdateAgent.service 16 - 48.2M - -
/system.slice/containerd.service 92 - 73.3M - -
/system.slice/cron.service 1 - 108.5M - -
/system.slice/data-mariadb.mount - - 104.0K - -
/system.slice/dbus.service 1 - 2.0M - -
/system.slice/dev-mqueue.mount - - 80.0K - -
/system.slice/docker.service 79 - 196.4M - -
/system.slice/lvm2-lvmetad.service 1 - 688.0K - -
/system.slice/lxcfs.service 11 - 6.3M - -
/system.slice/lxd.socket - - 44.0K - -
/system.slice/networkd-dispatcher.service 2 - 9.4M - -
/system.slice/p8s_data.mount - - 152.0K - -
/system.slice/polkit.service 3 - 2.1M - -
/system.slice/proc-sys-fs-binfmt_misc.mount - - 48.0K - -
/system.slice/rsyslog.service 4 - 4.6M - -
/system.slice/snapd.socket - - 16.0K - -
/system.slice/snmpd.service 1 - 7.3M - -
/system.slice/srv-iso.mount - - 112.0K - -
/system.slice/srv.mount - - 112.0K - -
/system.slice/ssh.service 1 - 5.6M - -
/system.slice/sys-fs-fuse-connections.mount - - 48.0K - -
/system.slice/sys-kernel-config.mount - - 48.0K - -
/system.slice/system-getty.slice 1 - 452.0K - -
/system.slice/system-getty.slice/getty@tty1.service 1 - - - -
/system.slice/system-lvm2\x2dpvscan.slice - - 448.0K - -
/system.slice/system-serial\x2dgetty.slice 1 - 332.0K - -
/system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service 1 - - - -
/system.slice/systemd-journald.service 1 - 182.1M - -
/system.slice/systemd-logind.service 1 - 2.3M - -
/system.slice/systemd-udevd.service 1 - 25.6M - -
/system.slice/unattended-upgrades.service 2 - 10.1M - -
/system.slice/uniagent.service 9 - 46.1M - -
/system.slice/uuidd.service 1 - 416.0K - -
/system.slice/wpa_supplicant.service 1 - 2.4M - -
/system.slice/zabbix-agent.service 6 - 10.4M - -
/system.slice/zabbix-server.service 34 - 42.4M - -
/user.slice 27 - 1.3G - -
浙公网安备 33010602011771号