3

Docker swarm doesn't support cgroup_parent according to it's documentation: https://docs.docker.com/compose/compose-file/#cgroup_parent I need to set resource constrains for the whole set of docker containers running on a particular host(not just per container constrains). Running vanilla Docker(not in Swarm mode) allows to have cgroups parent provided:

docker run -it --rm --cgroup-parent=/climit-cgroup/ <<image-name>>

or if one uses docker compose file using cgroup_parent.

But running docker containers in swarm node doesn't provide this ability. What are possible solutions to this problem in scope of Docker Swarm? Is there a way to enforce the existing cgroup on current host's swarm node?

Dmitry191
  • 31
  • 2

1 Answers1

0

I'm trying using cgroups at daemon level with systemd

File: /etc/systemd/system/dockerdaemon.slice

[Unit]
Description=Slice with MemoryLimit=800M for docker
Before=slices.target

[Slice]
MemoryAccounting=true
MemoryLimit=800M

Change /etc/docker/daemon.json and added

"cgroup-parent": "dockerdaemon.slice"

Then

systemctl daemon-reload ; service docker restart

Then /etc/systemd/system/docker.service.d/docker.conf

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
Slice=dockerdaemon.slice
MemoryMax=800M

sudo systemctl status docker
docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/docker.service.d
           └─docker.conf
   Active: active (running) since Thu 2020-08-20 08:58:45 UTC; 1h 32min ago
     Docs: https://docs.docker.com
 Main PID: 12718 (dockerd)
    Tasks: 17
   CGroup: /dockerdaemon.slice/docker.service
           └─12718 /usr/bin/dockerd

I also check

/sys/fs/cgroup/memory/dockerdaemon.slice/docker.service# cat memory.limit_in_bytes 
838860800

So it seems like the daemon is picking up the cgroup, yet when I create containers that amount to more than 800M, docker does not prevent it. Also docker system info still sees all the memory

So it seems to me that this is not working well or maybe I got something wrong

javier Aladid
  • 1