针对系统内核进行优化:
/etc/sysctl.conf fs.file-max=3836960效果如下
[root@docker-ovs01 ~]# ulimit -n 196605 [root@docker-ovs01 ~]# ps PID TTY TIME CMD 2864 pts/0 00:00:00 bash [root@docker-ovs01 ~]# cat /proc/2864/limits Limit Soft Limit Hard Limit Units Max open files 196605 196605 files效果如下 (参考 nofile, memlock 设定 )
[root@docker-ovs01 ~]# ps aux | grep /usr/bin/docker root 3133 0.1 0.7 510716 28068 ? Ssl 16:03 0:00 /usr/bin/docker daemon -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store=etcd://192.168.209.40:2379,192.168.209.41:2379,192.168.209.42:2379 --default-ulimit nofile=1310720 --default-ulimit memlock=128849018880 --default-ulimit core=-1 --default-ulimit nproc=-1 --default-ulimit stack=-1 --storage-driver devicemapper --storage-opt dm.fs=xfs --storage-opt dm.thinpooldev=/dev/mapper/docker--vg-docker--pool --storage-opt dm.use_deferred_removal=true --storage-opt dm.use_deferred_deletion=true --storage-opt dm.basesize=50G --add-registry registry.vclound.com:5000 --insecure-registry registry.vclound.com:5000 [root@docker-ovs01 ~]# cat /proc/3133/limits Limit Soft Limit Hard Limit Units Max open files 196605 196605 files Max locked memory 1288490188800 1288490188800 bytes启动 docker contrainer, docker 下生成的进程,
docker run -d -ti registry.vclound.com:5000/hyphenwang/sshdserver:v1效果
[root@docker-ovs01 ~]# ps aux | grep sup root 3722 0.2 0.3 102328 12248 pts/3 Ss+ 16:53 0:00 /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf [root@docker-ovs01 ~]# cat /proc/3722/limits Limit Soft Limit Hard Limit Units Max open files 131072 131072 files Max locked memory 128849018880 128849018880 bytes总结
对象配置对象作用针对性物理机/etc/sysct.conf + /etc/security/limits.conf针对物理机上进程资源 (limits)( = 物理机上所有 PID )docker.service限制 /usr/bin/docker daemon 进程启动时候/proc/PID/limits 资源docker 主进程/usr/bin/docker daemon ……. –default-ulimit nofile=131072 –default-ulimit memlock=128849018880 –default-ulimit core=-1 –default-ulimit nproc=-1 –default-ulimit stack=-1命令启动时配置限制了 contrainer 中的进程docker 子进程