How to throttle memory for a running container when it's running?

451 views
Skip to first unread message

Yan Yin

unread,
Jan 13, 2015, 3:30:44 AM1/13/15
to docke...@googlegroups.com
Hi,

I'm looking into dynamic resource throttling solutions using Docker:

For CPU, the default cgroups policy is good enough, once a new container is running, it will dynamically shares the CPU with all other running containers.
However, for memory, the limit set at the time of running that container is not able to be modified any more once the container is running.

The only way I can think of is to change the cgroups settings in /sysfs manually, which needs root privilege and I'm not sure will it crashes the instance once the new memory limit is unreasonable small.
Since Docker daemon is running as root, is it feasible to have dynamic memory throttling feature supported in the future?

Thanks & Regards,
Yan

Jérôme Petazzoni

unread,
Jan 13, 2015, 2:04:32 PM1/13/15
to Yan Yin, docker-dev
Hi,

If you change the memory cgroups settings manually:
- if the new limit is above the current usage, the container continues to run (with the new limit in place)
- if the new limit is below the current usage, you get a EBUSY error ("Device or resource busy"), the container continues to run, and the new limit is not applied.

Typically, when you want to apply a new limit, if you get the EBUSY error, it means that the container is above the limit - and then you want to kill the container.

HTH,


--
You received this message because you are subscribed to the Google Groups "docker-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to docker-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--

r ll

unread,
Jan 13, 2015, 2:15:00 PM1/13/15
to docke...@googlegroups.com

I like this to be implemented, actually we need the ability to modify some restrictions on the running container,
on memory limit, we may look at its usage_in_bytes before applying new value if user specified a value
lower than that, the tool can give a warning,

$ cat /sys/fs/cgroup/memory/system.slice/docker-*.scope/memory.usage_in_bytes
7045120
$ cat /sys/fs/cgroup/memory/system.slice/docker-*.scope/memory.limit_in_bytes
9223372036854771712

If we can do a new docker command like `docker modify`, consider the `docker run`,
modify most of the cgroups options would be also meaningful, if we can modify a container's memory limit,
we should also be able to modify all of these: cpu-shares, cpuset, device
dynamically,

  -m, --memory=""            Memory limit (format: <number><optional unit>, where unit = b, k, m or g)

  -c, --cpu-shares=0         CPU shares (relative weight)
  --cpuset=""                CPUs in which to allow execution (0-3, 0,1)
  --device=[]                Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)

Does this sound like another feature worth to do?

crquan

unread,
Jan 13, 2015, 2:54:50 PM1/13/15
to docker-dev, Yan Yin, Erik Hollensbe
On Tue, Jan 13, 2015 at 11:15 AM, r ll <crq...@gmail.com> wrote:
> If we can do a new docker command like `docker modify`, consider the `docker
> run`,
> modify most of the cgroups options would be also meaningful, if we can
> modify a container's memory limit,
> we should also be able to modify all of these: cpu-shares, cpuset, device
> dynamically,
>
> -m, --memory="" Memory limit (format: <number><optional unit>,
> where unit = b, k, m or g)
>
> -c, --cpu-shares=0 CPU shares (relative weight)
> --cpuset="" CPUs in which to allow execution (0-3, 0,1)
> --device=[] Add a host device to the container (e.g.
> --device=/dev/sdc:/dev/xvdc:rwm)

like the other thread is requesting to add new volume for running container,
is also part of `docker run` and to modify container's dynamic behavior,

-v, --volume=[] Bind mount a volume (e.g., from the host:
-v /host:/container, from Docker: -v /container)


What other `docker run` options would be also meaningful for the
`docker modify`? I am thinking of these

--add-host=[] Add a custom host-to-IP mapping (host:ip)
-c, --cpu-shares=0 CPU shares (relative weight)
--cap-add=[] Add Linux capabilities
--cap-drop=[] Drop Linux capabilities

--cpuset="" CPUs in which to allow execution (0-3, 0,1)
--device=[] Add a host device to the container (e.g.
--device=/dev/sdc:/dev/xvdc:rwm)
-h, --hostname="" Container host name

-m, --memory="" Memory limit (format: <number><optional
unit>, where unit = b, k, m or g)

--privileged=false Give extended privileges to this container

-v, --volume=[] Bind mount a volume (e.g., from the host:
-v /host:/container, from Docker: -v /container)
--volumes-from=[] Mount volumes from the specified container(s)

Yan Yin

unread,
Jan 14, 2015, 4:48:39 AM1/14/15
to docke...@googlegroups.com, yiny...@gmail.com
This makes sense to me, thanks very much!

It would be great to see this feature supported natively by Docker, instead of modifying cgroups settings manually with sudo...
Reply all
Reply to author
Forward
0 new messages