对于docker container的调优还是和普通的Linux调优有很大的区别
修改最大文件数(open files)
直接修改 container的 /etc/security/limits.conf无效
正确的做法是(以CentOS host为例)
在host上执行
sudo sh -c 'printf "\nulimit -HSn 999999\n" >> /etc/sysconfig/docker'
sudo service docker restart
这样再进入docker container, ulimit -a就可以看到更改了
[root@f258c7598394 /]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 7810
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 999999
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 7810
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
对于Ubuntu请参考此文
修改tcp/ip变量(sysctl)
如果docker container是以 –net=”host” 方式启动的,那么container和host共用同一个网络堆栈,只需要修改host的配置
sudo sh -c 'printf "\nnet.ipv4.ip_local_port_range = 1024 65535\n" >> /etc/sysctl.conf';
sudo sh -c 'printf "net.ipv4.tcp_tw_recycle = 1\n" >> /etc/sysctl.conf';
sudo sh -c 'printf "net.ipv4.tcp_tw_reuse = 1\n" >> /etc/sysctl.conf';
sudo sh -c 'printf "net.core.rmem_max = 16777216\n" >> /etc/sysctl.conf';
sudo sh -c 'printf "net.core.wmem_max = 16777216\n" >> /etc/sysctl.conf';
sudo sh -c 'printf "net.ipv4.tcp_max_syn_backlog = 4096\n" >> /etc/sysctl.conf';
sudo sh -c 'printf "net.ipv4.tcp_syncookies = 1\n" >> /etc/sysctl.conf';
sudo sh -c 'printf "net.core.somaxconn = 1024\n" >> /etc/sysctl.conf';
sudo sh -c 'printf "net.ipv4.tcp_window_scaling = 1\n" >> /etc/sysctl.conf';
sudo sh -c 'printf "net.ipv4.tcp_rmem = 4096 87380 16777216\n" >> /etc/sysctl.conf';
sudo sh -c 'printf "net.ipv4.tcp_wmem = 4096 16384 16777216\n" >> /etc/sysctl.conf';
sudo sysctl -p;
然后重启docker container生效。
如果docker container不是以 –net=”host” 方式启动的,那么它将有自己独立的网络堆栈。修改host的配置将会无效。在container中又无法直接修改/proc,因为docker会以只读的方式重新挂载/proc/sys。 对于这个问题,可以在container启动的时候将/proc挂载到另一可读写位置,譬如
docker run -ti -v /proc:/writable-proc ubuntu:14.04 /bin/bash
1
然后就可以在container内部进行修改了
echo 1024 65535 > /writable-proc/sys/net/ipv4/ip_local_port_range
echo 1 > /writable-proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /writable-proc/sys/net/ipv4/tcp_tw_reuse
echo 4096 > /writable-proc/sys/net/ipv4/tcp_max_syn_backlog
echo 1 > /writable-proc/sys/net/ipv4/tcp_syncookies
echo 1 > /writable-proc/sys/net/ipv4/tcp_window_scaling
echo 4096 16384 16777216 > /writable-proc/sys/net/ipv4/tcp_wmem
echo 4096 87380 16777216 > /writable-proc/sys/net/ipv4/tcp_rmem
echo 16777216 > /writable-proc/sys/net/core/rmem_max
echo 16777216 > /writable-proc/sys/net/core/wmem_max
echo 1024 > /writable-proc/sys/net/core/somaxconn
echo 999999 > /writable-proc/sys/fs/file-max
然后在container中可以查看到修改生效
cat /proc/sys/net/ipv4/ip_local_port_range
cat /proc/sys/net/ipv4/tcp_tw_recycle
cat /proc/sys/net/ipv4/tcp_tw_reuse
cat /proc/sys/net/ipv4/tcp_max_syn_backlog
cat /proc/sys/net/ipv4/tcp_syncookies
cat /proc/sys/net/ipv4/tcp_window_scaling
cat /proc/sys/net/ipv4/tcp_wmem
cat /proc/sys/net/ipv4/tcp_rmem
cat /proc/sys/net/core/rmem_max
cat /proc/sys/net/core/wmem_max
cat /proc/sys/net/core/somaxconn
cat /proc/sys/fs/file-max
需要注意的是,如果内核版本过低(<3.12), 有些参数是无法修改的
