We use cookies to ensure you get the best experience on our website
탐색 도움말
가입하기 로그인
0ct0pu5
/
moby
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
소스 검색

Don't set ulimits (nproc)

There is a not-insignificant performance overhead for all containers (if
containerd is a child of Docker, which is the current setup) if rlimits are
set on the main Docker daemon process (because the limits
propogate to all children).

We recommend using cgroups to do container-local accounting.

This applies the change added in 8db61095a3d0bcb0733580734ba5d54bc27a614d
to other init scripts.

Note that nfile cannot be set to unlimited, and the limit
is hardcoded to 1048576 (2^20) , see:
http://stackoverflow.com/a/1213069/1811501

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn 9 년 전
부모
92b1577871
커밋
428d7337e8
4개의 변경된 파일15개의 추가작업 그리고 5개의 파일을 삭제
통합 보기 변경상태 보기
  1. 4 1
      contrib/init/openrc/docker.initd
  2. 1 1
      contrib/init/systemd/docker.service
  3. 5 2
      contrib/init/sysvinit-debian/docker
  4. 5 1
      contrib/init/upstart/docker.conf

+ 4 - 1
contrib/init/openrc/docker.initd
파일 보기 

@@ -13,7 +13,10 @@ start_pre() {
 
 	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
 
 	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
 
 
 
 	ulimit -n 1048576
 
 	ulimit -n 1048576
 
-	ulimit -u 1048576
 
+
 
+	# Having non-zero limits causes performance problems due to accounting overhead
 
+	# in the kernel. We recommend using cgroups to do container-local accounting.
 
+	ulimit -u unlimited
 
 
 
 	return 0
 
 	return 0
 
 }
 
 }

+ 1 - 1
contrib/init/systemd/docker.service
파일 보기 

@@ -11,9 +11,9 @@ Type=notify
 
 # for containers run by docker
 
 # for containers run by docker
 
 ExecStart=/usr/bin/dockerd -H fd://
 
 ExecStart=/usr/bin/dockerd -H fd://
 
 ExecReload=/bin/kill -s HUP $MAINPID
 
 ExecReload=/bin/kill -s HUP $MAINPID
 
+LimitNOFILE=1048576
 
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 
 # in the kernel. We recommend using cgroups to do container-local accounting.
 
 # in the kernel. We recommend using cgroups to do container-local accounting.
 
-LimitNOFILE=infinity
 
 LimitNPROC=infinity
 
 LimitNPROC=infinity
 
 LimitCORE=infinity
 
 LimitCORE=infinity
 
 # Uncomment TasksMax if your systemd version supports it.
 
 # Uncomment TasksMax if your systemd version supports it.

+ 5 - 2
contrib/init/sysvinit-debian/docker
파일 보기 

@@ -94,10 +94,13 @@ case "$1" in
 
 		chgrp docker "$DOCKER_LOGFILE"
 
 		chgrp docker "$DOCKER_LOGFILE"
 
 
 
 		ulimit -n 1048576
 
 		ulimit -n 1048576
 
+
 
+		# Having non-zero limits causes performance problems due to accounting overhead
 
+		# in the kernel. We recommend using cgroups to do container-local accounting.
 
 		if [ "$BASH" ]; then
 
 		if [ "$BASH" ]; then
 
-			ulimit -u 1048576
 
+			ulimit -u unlimited
 
 		else
 
 		else
 
-			ulimit -p 1048576
 
+			ulimit -p unlimited
 
 		fi
 
 		fi
 
 
 
 		log_begin_msg "Starting $DOCKER_DESC: $BASE"
 
 		log_begin_msg "Starting $DOCKER_DESC: $BASE"

+ 5 - 1
contrib/init/upstart/docker.conf
파일 보기 

@@ -2,8 +2,12 @@ description "Docker daemon"
 
 
 
 start on (filesystem and net-device-up IFACE!=lo)
 
 start on (filesystem and net-device-up IFACE!=lo)
 
 stop on runlevel [!2345]
 
 stop on runlevel [!2345]
 
+
 
 limit nofile 524288 1048576
 
 limit nofile 524288 1048576
 
-limit nproc 524288 1048576
 
+
 
+# Having non-zero limits causes performance problems due to accounting overhead
 
+# in the kernel. We recommend using cgroups to do container-local accounting.
 
+limit nproc unlimited unlimited
 
 
 
 respawn
 
 respawn

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5