1

When i include the following command in my Docker file, I'm getting an error. I am trying to create a docker file for creating my base image for Redis, and this command helps with redis performance.

RUN echo 4096 > /writable-proc/sys/net/core/somaxconn

The error i am getting when i try to build the docker file to create an image is:

/bin/sh: 1: cannot create /writable-proc/sys/net/core/somaxconn: Directory nonexistent

Any suggestions on how i can run this command? I would actually like to run the following commands in my Dockerfile:

RUN echo 4096 > /writable-proc/sys/net/core/somaxconn
RUN echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf
RUN echo never > /sys/kernel/mm/transparent_hugepage/enabled

Below is the entire Docker file for my Redis image:

#Download base image ubuntu 16.04
FROM ubuntu:14.04
MAINTAINER George Chilumbu

ENV HOME /root
ENV DEBIAN_FRONTEND noninteractive
#ENV /writable-proc/sys/net/core/somaxconn /proc:/writable-proc

# Set the working directory to /app
WORKDIR ~/

# Redis Cache Server Tuning
RUN mkdir -p /writable-proc/sys/net/core/somaxconn
RUN echo 4096 > /writable-proc/sys/net/core/somaxconn
#RUN echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf
#RUN echo never > /sys/kernel/mm/transparent_hugepage/enabled

# Install some necessary software/tools
RUN apt-get update && apt-get install -y \
    wget \
    vim \
    unzip \
    inetutils-ping \
    inetutils-tools \
    net-tools \
    dnsutils \
    software-properties-common \
    python-software-properties \
    ntp \
    rsyslog \
    curl

RUN add-apt-repository ppa:gaod/redis-server \
    && apt-get update \
    && apt-get install -y redis-server \
    redis-sentinel \
    && rm /etc/redis/redis.conf \
    && rm /etc/redis/sentinel.conf


RUN mkdir -p /opt/redis/redis_dump
RUN chown redis:redis -R /opt/redis/redis_dump/
The Georgia
  • 1,005
  • 7
  • 23
  • 59
  • have you tried running it as privileged? http://stackoverflow.com/questions/26177059/refresh-net-core-somaxcomm-or-any-sysctl-property-for-docker-containers – Chris Tanner May 05 '17 at 10:50
  • 2
    Try to run the base image and check if the directory /writable-proc/sys/net/core/ exsits? Otherwise first create that directory before adding a file and text. – lvthillo May 05 '17 at 11:25
  • posting your full Dockerfile could help. Otherwise it's a guessing game. My guess you called `USER something` prior to that `echo`... – Kevin Kopf May 05 '17 at 14:54
  • I have added my entire Dockerfile. – The Georgia May 06 '17 at 12:57

1 Answers1

3

Setting sysctl's is only possible at runtime with the --sysctl option. From the docker-run(1) manual:

   Configure namespaced kernel parameters at runtime

   IPC Namespace - current sysctls allowed:

   kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced
     Sysctls beginning with fs.mqueue.*

   If you use the --ipc=host option these sysctls will not be allowed.

   Network Namespace - current sysctls allowed:
         Sysctls beginning with net.*

   If you use the --network=host option these sysctls will not be allowed.

For example, for /proc/sys/net/core/somaxconn you may use --sysctl net.core.somaxconn=4096.

Other kernel parameters in procfs and sysfs may be inherited (though others are not), so you should set them on the host.

Ricardo Branco
  • 5,740
  • 1
  • 21
  • 31
  • Thanks Ricardo. That worked. How can do similar thing for "echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf" and "echo never > /sys/kernel/mm/transparent_hugepage/enabled"? – The Georgia May 08 '17 at 03:25
  • Try setting them in the host to see whether these parameters are inherited. As a last resort I would try to run the container in privileged mode (possibly with apparmor/selinux & seccomp disabled). Also try the last version of Docker and tell us about the results. – Ricardo Branco May 08 '17 at 04:26
  • I found a lot of discussions on this topic on Docker forums. Apparently, this cannot be done, and if you did it on the host level, it "might" apply to all docker containers on that host. I guess i can run these commands manually inside a container. Thanks Ricardo. – The Georgia May 08 '17 at 06:54