Setting Memory Resource Limits With LXC

  • 0

Setting Memory Resource Limits With LXC

Category : How-to

Get Social!

linux_containers_logo

 

Linux Container (LXC) management is now often dealt with by LXD, the Canonical lead project built on top of LXC.

LXD offers a suite of options for controlling Linux Container resources and setting limits where appropriate. This post will talk about setting constraints on CPU, however other options are available for limiting almost any sort of resource, such as network, disk I/O, memory and so on.

Available Limits

CPU management is done in 1 of 4 ways, depending on your expected workload and host CPU management regime.

  1. Number of CPUs – set the number of CPU cores that LXC can use with this container and automatically distribute CPU time amongst guests when there is competition for CPU time. The value used is an integer, for example 2.
  2. Specific cores – specify specific physical core(s) for the container to use and distribute available CPU time between containers when multiple containers use the same cores.The value used is an integer or range and can be comma separated, for example 2, 0-1 or 0-1,3,5-9.
  3. Capped share – allow a specified percentage of CPU time for the container, or more if it’s available. When the host is not under load then a container can use any available CPU however when there is contention for CPU then the container will be limited to the specified amount. The container will see all host CPU cores (in TOP, for example).
  4. Limited time share – will limit the container CPU time to be whatever is specified out of each 200ms. Even if more CPU is available, only what is specified per 200ms slice is allowed. The container will see all host CPU cores (in TOP, for example).

Setting Limits

Setting limits is done with the lxc command. There are then two options; limits.cpu for the above points 1 and 2, or limit.cpu.allowance for points 3 and 4.

  • [CONTAINER] is the name of the container – can be obtained from lxc list if you’re unsure.
  • [VALUE] is a valid value from point 1 or 2 above.

OR

  • [CONTAINER] is the name of the container – can be obtained from lxc list if you’re unsure.
  • [VALUE] is a valid value from point 3 or 4 above.

CPU Limit Examples

Set the container nginx-proxy to use any 2 CPUs on the host.

Set the container nginx-proxy to use physical CPU 0, 3, 7, 8 and 9 on the host.

Set the container nginx-proxy to use 20% of the available CPU on the host or more if it’s available.

Set the container nginx-proxy to use no more than 50% of the available CPU on the host, or 100ms for every 200ms of CPU time available.

You can view /proc/cpuinfo to see the available cores on your container, however it will not include any additional scheduling limits or priorities.

CPU Priority

The last option around CPU limiting is the priority of CPU time. This option only kicks in when the host is overcommitted on CPU resource and containers are fighting for CPU time. This can either be on a single core (if using above points 1 or 2) or system wide (if no CPU limiting is in place or using above points 3 or 4).

Available values are 0 – 10 inclusive and lower numbers mean a lower priority – a higher number will mean the machine gets CPU time before lower numbers.

The below command sets the container nginx-proxy to have a CPU priority of 5.

The below command sets the container php-backend to have a CPU priority of 2 and therefore would get less CPU time than container nginx-proxy when CPU is under contention.


  • 0

LXC 2.x/ LXD Cheat Sheet

Tags :

Category : Cheat Sheets

Get Social!

linux_containers_logoHere are some of the most used commands for creating and managing an LXC/ LXD host and containers. It’s assumed that you have a working environment and a privileged SSH connection to the LXC server for issuing the commands.

Basics

Start and Stop a LXC Container

Starting out with the basics here – starting and stopping an LXC container.

List Containers

Display a list of container details for started and stopped containers. The name field is what’s usually used in other commands to reference the specific container.

Create Container from Image

There are further details below on managing images and remote image repository, which you’ll need when creating a new container.

This example will create a new container and start it using the Ubuntu 1604 template. Change [CONTAINER] to be the name of the new container.

Delete Container

Removing a container cannot be undone – beware!

Images

Linux Containers are created from templates or images that are stored locally or downloaded from remote servers.

List Image Repositories

Local and Remote LXC servers and remote image servers can be added to your LXC installation and can be used to download images from when required. Run the below command to see what sources you have.

List available images

Images that have been downloaded, imported or cached are stored locally in the image repository. The output will list the image name, size and various other details.

Remote images that reside on an image repository or remote LXC server can also be listed. This is great for seeing what images are available when creating new containers. Change [REMOTE_NAME] to be the name of the image repository from the image list command. Note: you’ll need to keep the : symbol at the end.

Get image details

Further details can be obtained from an image file than what’s displayed with image list. The below command will detail all information known about the image. Replace [IMAGE_NAME] with a valid image name displayed in the image list command, such as ubuntu-xenial.

Add a new Image Repository

There are various public image repositories that can be added to your LXC installation. LinuxContainers.org is a common one and hosts several distribution types. Replace [NAME] with the text name you’d like to give to the repository (it’s just an alias) and [HOST] with the address of the repository.

For example

Delete a local image

Replace [IMAGE_NAME] with the the alias or fingerprint of the image.

Create new Image from Running Container

You can create a new image from an existing container with a simple command however it’s important to ensure that the created template will contain everything that the running container contained – such as SSH keys, data, etc. It’s therefore important to ensure you clean up anything which may be sensitve before running this command.

You’ll need to change [CONTAINER] to your Linux container name and [ALIAS] to the name you’d like to use for your new image.

Configuration

All the below instructions will assume you’re referring to a container alias called [CONTAINER]. You’ll need to replace this, wherever it’s seen, with the name of the Linux Container you’re acting on.

And config command using set can be altered to use get to retrieve what the current setting is. If the get returns nothing then it means it has not been manually set and the default value will be used.

Auto Start Container

Set the container to start automatically when the LXC service starts – usually at host boot time. Use to enable and 0 to disable.

You can also use boot.autostart.delay to set a delay in seconds after starting this container, before starting the next.

Start up can be ordered using lxc.autostart.order to prioritise which containers are started first. Higher numbers are started first.

CPU Limits

See CPU Resource Limits for more information on constraining CPU resources.


  • 0

Setting CPU Resource Limits With LXC

Category : How-to

Get Social!

linux_containers_logoLinux Container (LXC) management is now often dealt with by LXD, the Canonical lead project built on top of LXC.

LXD offers a suite of options for controlling Linux Container resources and setting limits where appropriate. This post will talk about setting constraints on CPU, however other options are available for limiting almost any sort of resource, such as network, disk I/O, memory and so on.

Available Limits

CPU management is done in 1 of 4 ways, depending on your expected workload and host CPU management regime.

  1. Number of CPUs – set the number of CPU cores that LXC can use with this container and automatically distribute CPU time amongst guests when there is competition for CPU time. The value used is an integer, for example 2.
  2. Specific cores – specify specific physical core(s) for the container to use and distribute available CPU time between containers when multiple containers use the same cores.The value used is an integer or range and can be comma separated, for example 2, 0-1 or 0-1,3,5-9.
  3. Capped share – allow a specified percentage of CPU time for the container, or more if it’s available. When the host is not under load then a container can use any available CPU however when there is contention for CPU then the container will be limited to the specified amount. The container will see all host CPU cores (in TOP, for example).
  4. Limited time share – will limit the container CPU time to be whatever is specified out of each 200ms. Even if more CPU is available, only what is specified per 200ms slice is allowed. The container will see all host CPU cores (in TOP, for example).

Setting Limits

Setting limits is done with the lxc command. There are then two options; limits.cpu for the above points 1 and 2, or limit.cpu.allowance for points 3 and 4.

  • [CONTAINER] is the name of the container – can be obtained from lxc list if you’re unsure.
  • [VALUE] is a valid value from point 1 or 2 above.

OR

  • [CONTAINER] is the name of the container – can be obtained from lxc list if you’re unsure.
  • [VALUE] is a valid value from point 3 or 4 above.

CPU Limit Examples

Set the container nginx-proxy to use any 2 CPUs on the host.

Set the container nginx-proxy to use physical CPU 0, 3, 7, 8 and 9 on the host.

Set the container nginx-proxy to use 20% of the available CPU on the host or more if it’s available.

Set the container nginx-proxy to use no more than 50% of the available CPU on the host, or 100ms for every 200ms of CPU time available.

You can view /proc/cpuinfo to see the available cores on your container, however it will not include any additional scheduling limits or priorities.

CPU Priority

The last option around CPU limiting is the priority of CPU time. This option only kicks in when the host is overcommitted on CPU resource and containers are fighting for CPU time. This can either be on a single core (if using above points 1 or 2) or system wide (if no CPU limiting is in place or using above points 3 or 4).

Available values are 0 – 10 inclusive and lower numbers mean a lower priority – a higher number will mean the machine gets CPU time before lower numbers.

The below command sets the container nginx-proxy to have a CPU priority of 5.

The below command sets the container php-backend to have a CPU priority of 2 and therefore would get less CPU time than container nginx-proxy when CPU is under contention.


  • 13

Proxmox 4.x bind mount – mount storage in an LXC container

Get Social!

An LXC containers storage is simple to set and maintain and is usually done through either a Web based GUI or a command line utility. It’s simple to set the size of disk allocated to an LXC container, and you can increase it easily, even while the container is still running.

Whilst simple to set up and administer, the standard storage options of LXC containers are limited. For example, you can’t mount an NFS share in an LXC container, or can you have multiple disks mounted as /dev block devices.

That’s where a bind mount comes in. You can add one or more mount points to your LXC container config that specifies a source path and a target path which is activated when the container starts. The source path would be a location on the host machine (the physical host running the LXC container – the Proxmox host in this example). The target is a location inside of the LXC container such as /mnt/myshare. This means that you can mount an NFS share, a GlusterFS share, several physical disks or anything else that can be mounted on your host and pass it through to your container.

Before you start, you’ll need to make sure both the host location and the target container location exist, otherwise the container will fail to start. You’ll then need to edit your LXC container config file. On Proxmox 4.x this can be found in /etc/pve/lxc/ and then the ID of your container. In this example the container we’re working on has an ID of 101.

Add the following row and substitute SOURCE with the path that you’d like to pass through to your container and TARGET to the path inside the container.

The below example will make /mnt/pve/nfs-share available in the container at /mnt/nfs.

Then restart your CT for the changes to take effect.

 

If you have multiple paths to mount then you can increment mp0 to mp1mp2, etc.

If you’re using version 3.x of Proxmox, or stand alone OpenVZ then see Proxmox bind mount for OpenVZ.


  • 9

Create Your First Docker Container

Category : How-to

Get Social!

docker-logoDocker is probably one of the easiest environments to create a virtualised instance based on a number of flavours of operating systems. Rather that having to install an operating system yourself, you can download one of the many guests templates or ‘images’ available directly from the Docker community.

See my blog post on installing Docker on Ubuntu 14.04 if you don’t currently have Docker installed.

There are a number of commands which are required to manage Docker containers and images. First off, let’s see if we have any images in our local Docker library.

The docker images command lists the available local images which you can use to create a Docker container. The above output does not show any local images so lets download one from the central Docker repository.

We must choose which image to download and use to create our first Docker container. There are literally thousands of images available on the central repository and all can be downloaded through the docker command. Let’s use the search command to find an image to download.

This will display a huge list of all the images available containing the word ubuntu. As you can imagine, there will be hundreds because not only are base OS images available, but customised images containing specific applications or set ups.

Let’s download the basic ubuntu 14.04 image:

You can check this has downloaded the image to your local store with the above docker images command. We will also need to make a note of the image ID so that we can use it to create a container from it.

The next step is to create a container and make the required changes. Creating a container is Docker is done with the run command followed by, amongst other things, a command to run within the container. We are going to create a new container and use a bash session to customise the container before saving it as a new image for use in the future.

Create the Docker container with the run command and specify the bash shell to be executed on completion. This will leave us with a bash session which we can use the customise the image. Replace the ad892dd21d60 ID with the ID of the image we downloaded in the previous step.

You now have an active shell on the container which has been created with the id 3a09b2588478. Type exit to end the session in your guest container and the container will be stopped and kept available on your Docker system.

Run the ps Docker command to see what containers are known to your Docker system.

The above output shows 3 containers which are available in my Docker system with the container ID on the left. We can re-enter one of these containers to make our changes, but first we need to start it. I’m going to use container ID 3a09b2588478 for the rest of this example but yours will be a different ID.

We can now attach to the container to create a shell where we can make our modifications.

You now have a shell running on the container which you can use to make your changes to the container. Let’s keep it simple and just run an upgrade with apt-get and then exit. In the real world, you might install an application, or define your configuration such as LDAP SSH login.

The last step in our example is to save the container as a new image which can be used to create future Docker containers. You’ll need to specify the container ID as well as the name of the image to use. You can specify a new image name or overwrite the existing image name.

 

And that’s all there is to it! You have created a new Docker container, from one of the images available from Docker, made some changes and saved it locally for future use. Of cause, there are plenty more ways to use Docker, but I hope this has been useful for getting a basic understanding of how Docker works.

Next steps: See my post on using a Dockerfile to automate Docker image creation.

Quick Poll

Question: Are you using Docker.io?

Answers:

Loading ... Loading ...

  • 5

Installing Docker on Ubuntu 14.04

Get Social!

docker-logoDocker is an up and coming virtualisation technology utilising Linux Containers (LXC) to provide a private and consistent working environment across all Docker installations. Docker aims to create portable templates which can be created and distributed to run on any Docker enabled host.

Docker works on a similar premise to OpenVZ and is therefore limited by the same constraints, such as only Linux guests can be created in Docker as each guest shares the hosts kernel. Installing Docker on Ubuntu couldn’t be easier since version 14.04 of Ubuntu saw the Docker packages available through the standard Ubuntu repositories.

Install Docker using the apt-get command:

Check that the docker daemon has been started with the status argument, or start it with the start argument:

Create a symlink to the Docker executable so that the Docker documentation commands can be executed without changing the path. This is required because the Ubuntu package for Docker is installed to a different directory to the default Docker recommendation.

And that’s all there is to it! You now have a working Docker environment. See my next blog post for Creating your first Docker container.

Quick Poll

Question: Are you using Docker.io?

Answers:

Loading ... Loading ...