Browse code
Don't set ulimits (nproc)
There is a not-insignificant performance overhead for all containers (if
containerd is a child of Docker, which is the current setup) if rlimits are
set on the main Docker daemon process (because the limits
propogate to all children).
We recommend using cgroups to do container-local accounting.
This applies the change added in 8db61095a3d0bcb0733580734ba5d54bc27a614d
to other init scripts.
Note that nfile cannot be set to unlimited, and the limit
is hardcoded to 1048576 (2^20) , see:
http://stackoverflow.com/a/1213069/1811501
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2016/07/13 05:54:56Showing 4 changed files
- contrib/init/openrc/docker.initd
- contrib/init/systemd/docker.service
- contrib/init/sysvinit-debian/docker
- contrib/init/upstart/docker.conf
| ... | ... |
@@ -13,7 +13,10 @@ start_pre() {
|
| 13 | 13 |
checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE" |
| 14 | 14 |
|
| 15 | 15 |
ulimit -n 1048576 |
| 16 |
- ulimit -u 1048576 |
|
| 16 |
+ |
|
| 17 |
+ # Having non-zero limits causes performance problems due to accounting overhead |
|
| 18 |
+ # in the kernel. We recommend using cgroups to do container-local accounting. |
|
| 19 |
+ ulimit -u unlimited |
|
| 17 | 20 |
|
| 18 | 21 |
return 0 |
| 19 | 22 |
} |
| ... | ... |
@@ -11,9 +11,9 @@ Type=notify |
| 11 | 11 |
# for containers run by docker |
| 12 | 12 |
ExecStart=/usr/bin/dockerd -H fd:// |
| 13 | 13 |
ExecReload=/bin/kill -s HUP $MAINPID |
| 14 |
+LimitNOFILE=1048576 |
|
| 14 | 15 |
# Having non-zero Limit*s causes performance problems due to accounting overhead |
| 15 | 16 |
# in the kernel. We recommend using cgroups to do container-local accounting. |
| 16 |
-LimitNOFILE=infinity |
|
| 17 | 17 |
LimitNPROC=infinity |
| 18 | 18 |
LimitCORE=infinity |
| 19 | 19 |
# Uncomment TasksMax if your systemd version supports it. |
| ... | ... |
@@ -94,10 +94,13 @@ case "$1" in |
| 94 | 94 |
chgrp docker "$DOCKER_LOGFILE" |
| 95 | 95 |
|
| 96 | 96 |
ulimit -n 1048576 |
| 97 |
+ |
|
| 98 |
+ # Having non-zero limits causes performance problems due to accounting overhead |
|
| 99 |
+ # in the kernel. We recommend using cgroups to do container-local accounting. |
|
| 97 | 100 |
if [ "$BASH" ]; then |
| 98 |
- ulimit -u 1048576 |
|
| 101 |
+ ulimit -u unlimited |
|
| 99 | 102 |
else |
| 100 |
- ulimit -p 1048576 |
|
| 103 |
+ ulimit -p unlimited |
|
| 101 | 104 |
fi |
| 102 | 105 |
|
| 103 | 106 |
log_begin_msg "Starting $DOCKER_DESC: $BASE" |
| ... | ... |
@@ -2,8 +2,12 @@ description "Docker daemon" |
| 2 | 2 |
|
| 3 | 3 |
start on (filesystem and net-device-up IFACE!=lo) |
| 4 | 4 |
stop on runlevel [!2345] |
| 5 |
+ |
|
| 5 | 6 |
limit nofile 524288 1048576 |
| 6 |
-limit nproc 524288 1048576 |
|
| 7 |
+ |
|
| 8 |
+# Having non-zero limits causes performance problems due to accounting overhead |
|
| 9 |
+# in the kernel. We recommend using cgroups to do container-local accounting. |
|
| 10 |
+limit nproc unlimited unlimited |
|
| 7 | 11 |
|
| 8 | 12 |
respawn |
| 9 | 13 |
|