소스 검색

Don't set ulimits (nproc)

There is a not-insignificant performance overhead for all containers (if
containerd is a child of Docker, which is the current setup) if rlimits are
set on the main Docker daemon process (because the limits
propogate to all children).

We recommend using cgroups to do container-local accounting.

This applies the change added in 8db61095a3d0bcb0733580734ba5d54bc27a614d
to other init scripts.

Note that nfile cannot be set to unlimited, and the limit
is hardcoded to 1048576 (2^20) , see:
http://stackoverflow.com/a/1213069/1811501

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn 9 년 전
부모
커밋
428d7337e8
4개의 변경된 파일15개의 추가작업 그리고 5개의 파일을 삭제
  1. 4 1
      contrib/init/openrc/docker.initd
  2. 1 1
      contrib/init/systemd/docker.service
  3. 5 2
      contrib/init/sysvinit-debian/docker
  4. 5 1
      contrib/init/upstart/docker.conf

+ 4 - 1
contrib/init/openrc/docker.initd

@@ -13,7 +13,10 @@ start_pre() {
 	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
 	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
 
 
 	ulimit -n 1048576
 	ulimit -n 1048576
-	ulimit -u 1048576
+
+	# Having non-zero limits causes performance problems due to accounting overhead
+	# in the kernel. We recommend using cgroups to do container-local accounting.
+	ulimit -u unlimited
 
 
 	return 0
 	return 0
 }
 }

+ 1 - 1
contrib/init/systemd/docker.service

@@ -11,9 +11,9 @@ Type=notify
 # for containers run by docker
 # for containers run by docker
 ExecStart=/usr/bin/dockerd -H fd://
 ExecStart=/usr/bin/dockerd -H fd://
 ExecReload=/bin/kill -s HUP $MAINPID
 ExecReload=/bin/kill -s HUP $MAINPID
+LimitNOFILE=1048576
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 # in the kernel. We recommend using cgroups to do container-local accounting.
 # in the kernel. We recommend using cgroups to do container-local accounting.
-LimitNOFILE=infinity
 LimitNPROC=infinity
 LimitNPROC=infinity
 LimitCORE=infinity
 LimitCORE=infinity
 # Uncomment TasksMax if your systemd version supports it.
 # Uncomment TasksMax if your systemd version supports it.

+ 5 - 2
contrib/init/sysvinit-debian/docker

@@ -94,10 +94,13 @@ case "$1" in
 		chgrp docker "$DOCKER_LOGFILE"
 		chgrp docker "$DOCKER_LOGFILE"
 
 
 		ulimit -n 1048576
 		ulimit -n 1048576
+
+		# Having non-zero limits causes performance problems due to accounting overhead
+		# in the kernel. We recommend using cgroups to do container-local accounting.
 		if [ "$BASH" ]; then
 		if [ "$BASH" ]; then
-			ulimit -u 1048576
+			ulimit -u unlimited
 		else
 		else
-			ulimit -p 1048576
+			ulimit -p unlimited
 		fi
 		fi
 
 
 		log_begin_msg "Starting $DOCKER_DESC: $BASE"
 		log_begin_msg "Starting $DOCKER_DESC: $BASE"

+ 5 - 1
contrib/init/upstart/docker.conf

@@ -2,8 +2,12 @@ description "Docker daemon"
 
 
 start on (filesystem and net-device-up IFACE!=lo)
 start on (filesystem and net-device-up IFACE!=lo)
 stop on runlevel [!2345]
 stop on runlevel [!2345]
+
 limit nofile 524288 1048576
 limit nofile 524288 1048576
-limit nproc 524288 1048576
+
+# Having non-zero limits causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+limit nproc unlimited unlimited
 
 
 respawn
 respawn