- (1)通过cgroup来限制memory
##消耗内存脚本 /tmp/xmem.sh #!/bin/bash mkdir /tmp/memory mount -t tmpfs -o size=2048M tmpfs /tmp/memory dd if=/dev/zero of=/tmp/memory/block sleep 60 rm /tmp/memory/block umount /tmp/memory rmdir /tmp/memory
## 步骤如下
root@backup:/# cd /sys/fs/cgroup/memory/ root@backup:/sys/fs/cgroup/memory# mkdir cg1 root@backup:/sys/fs/cgroup/memory# cd cg1 root@backup:/sys/fs/cgroup/memory/cg1# ls cgroup.clone_children memory.kmem.tcp.failcnt memory.oom_control cgroup.event_control memory.kmem.tcp.limit_in_bytes memory.pressure_level cgroup.procs memory.kmem.tcp.max_usage_in_bytes memory.soft_limit_in_bytes memory.failcnt memory.kmem.tcp.usage_in_bytes memory.stat memory.force_empty memory.kmem.usage_in_bytes memory.swappiness memory.kmem.failcnt memory.limit_in_bytes memory.usage_in_bytes memory.kmem.limit_in_bytes memory.max_usage_in_bytes memory.use_hierarchy memory.kmem.max_usage_in_bytes memory.move_charge_at_immigrate notify_on_release memory.kmem.slabinfo memory.numa_stat tasks root@backup:/sys/fs/cgroup/memory/cg1# echo 1024M > memory.limit_in_bytes root@backup:/sys/fs/cgroup/memory/cg1# echo <pid> >> cgroup.procs root@backup:/sys/fs/cgroup/memory/cg1# /tmp/xmem.sh dd: writing to '/tmp/memory/block': No space left on device 4194305+0 records in 4194304+0 records out 2147483648 bytes (2.1 GB) copied, 3.30348 s, 650 MB/s root@backup:/sys/fs/cgroup/memory/cg1# free -m total used free shared buff/cache available Mem: 3945 2255 682 112 1006 1295 Swap: 5119 2635 2484
结果:memory并未限制成功,执行脚本xmem.sh后,使用ps -aux 查看该进程并未只用较多的内存资源,故不知该将那个进程号写入cgroup.procs文件中
- (2)cgroup 中,docker container 退出后,文件子系统还在不?为什么?
依然存在,因为/var/lib/docker/containers路径下的文件都在,此时仍能进入到容器中。
- (3)如何观察一个docker dontainer 创建过程
vim /etc/docker/daemon.json ## level=debug
systemctl daemon-reload
systemctl restart docker
tailf /var/log/messages
yum install -y bridge-utils
yum install -y net-tools
brctl show
docker system prune #生产环境慎用,删除所有不在运行的容器