[lxc-users] limits.memory - possible to set per group of containers?

Tue Jun 18 02:59:34 UTC 2019

On Tue, Jun 18, 2019 at 09:47:19AM +0900, Tomasz Chmielewski wrote:
> Let's say I have a host with 32 GB RAM.
> 
> To make sure the host is not affected by any weird memory consumption
> patterns, I've set the following in the container:
> 
>   limits.memory: 29GB
> 
> This works quite well - where previously, several processes with high memory
> usage, forking rapidly (a forkbomb to test, but also i.e. a supervisor in
> normal usage) running in the container could make the host very slow or even
> unreachable - with the above setting, everything (on the host) is just
> smooth no matter what the container does.
> 
> However, that's just with one container.
> 
> With two (or more) containers having "limits.memory: 29GB" set - it's easy
> for each of them to consume i.e. 20 GB, leading to host unavailability.
> 
> Is it possible to set a global, or per-container group "limits.memory:
> 29GB"?
> 
> For example, if I add "MemoryMax=29G" to
> /etc/systemd/system/snap.lxd.daemon.service - would I achieve a desired
> effect?
> 
> 
> 
> Tomasz Chmielewski
> https://lxadm.com

So we have plans to introduce project quotas which will allow placing
such restrictions in a clean way through LXD.

Until then you can manually tweak /sys/fs/cgroup/memory/lxc or
/sys/fs/cgroup/memory/lxc.payload (depending on version of liblxc) as
all containers reside under there and limits are hierarchical.

It's pretty similar to what systemd would attempt to do except that
liblxc/lxd bypass systemd's expected cgroup so placing the limit through
systemd wouldn't work.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20190617/7e848c24/attachment.sig>