Docker Kernel Parameter Optimization

Docker Kernel Parameter Optimization
There is a big difference between docker container optimization and normal Linux optimization. Modify the maximum number of files (open files) and directly modify the/etc/security/limits of the container. which of the following statements is true if the conf statement is invalid? (take CentOS host as an example) run sudo sh-c 'printf "\ nulimit-HSn 999999 \ n">/etc/sysconfig/docker 'sudo service docker restart on the host to enter the docker container, [root @ f258c7598394/] # ulimit-acore file size (blocks,-c) 0 data seg size (kbytes,-d) unlimitedscheduling priority (-e) 0fil E size (blocks,-f) unlimitedpending signals (-I) 7810max locked memory (kbytes,-l) 64max memory size (kbytes,-m) unlimitedopen files (-n) 999999 pipe size (512 bytes,-p) 8 POSIX message queues (bytes,-q) 819200real-time priority (-r) 0 stack size (kbytes,-s) 10240cpu time (seconds, -t) unlimitedmax user processes (-u) 7810 virtual memory (kbytes,-v) unlimitedfile locks (-x) unlimited parameter for Ubuntu In this article, modify the TCP/IP variable (sysctl). If docker container is started in the-net = "host" mode, the container and host share the same network stack, you only need to modify the host configuration sudo sh-c 'printf "\ nnet. ipv4.ip _ local_port_range = 1024 65535 \ n ">/etc/sysctl. conf '; sudo sh-C' printf "net. ipv4.tcp _ tw_recycle = 1 \ n ">/etc/sysctl. conf '; sudo sh-C' printf "net. ipv4.tcp _ tw_reuse = 1 \ n ">/etc/sysctl. conf '; sudo sh-C' printf "net. core. rmem_max = 16777216 \ n ">/etc/sysctl. con F'; sudo sh-c 'printf "net. core. wmem_max = 16777216 \ n ">/etc/sysctl. conf '; sudo sh-C' printf "net. ipv4.tcp _ max_syn_backlog = 4096 \ n ">/etc/sysctl. conf '; sudo sh-C' printf "net. ipv4.tcp _ syncookies = 1 \ n ">/etc/sysctl. conf '; sudo sh-C' printf "net. core. somaxconn = 1024 \ n ">/etc/sysctl. conf '; sudo sh-C' printf "net. ipv4.tcp _ window_scaling = 1 \ n ">/etc/sysctl. conf '; sudo sh-C' printf "net. ip V4.tcp _ rmem = 4096 87380 16777216 \ n ">/etc/sysctl. conf '; sudo sh-C' printf "net. ipv4.tcp _ wmem = 4096 16384 16777216 \ n ">/etc/sysctl. conf '; sudo sysctl-p; then restart docker iner to take effect. If docker container is not started in-net = "host" mode, it will have its own independent network stack. Modifying the host configuration will be invalid. You cannot directly modify/proc in the container because docker will remount/proc/sys in read-only mode. To solve this problem, you can mount/proc to another read/write location when the container is started, such as docker run-ti-v/proc:/writable-proc ubuntu: 14.04/bin/bash, And Then echo 1024 65535>/writable-proc/sys/net/ipv4/ip_local_port_rangeecho 1>/writable-proc/sys/net can be modified in the container. /ipv4/tcp_tw_recycleecho 1>/writable-proc/sys/net/ipv4/tcp_tw_reuseecho 4096>/writable-proc/sys/net/ipv4/tcp_max_syn_backlogecho 1>/writable-proc//net/ipv4/tcp_syncookiesecho 1>/writable-proc/sys/net/ipv4/tcp_window_scalingecho 4096 16384 16777216>/writable-proc/sys/net/ipv4/tcp_wmemecho 4096 87380 16777216> /writable-proc/sys/net/ipv4/tcp_rmemecho 16777216>/writable-proc/sys/net/core/rmem_maxecho 16777216>/writable-proc/sys/net/core/wmem_maxecho 1024>/writable-proc/sys/net/core/somaxconnecho 999999>/writable-proc/sys/fs/file-max and then you can view the modification in the container to take effect cat/proc /sys/net/ipv4/ip_local_port_rangecat/proc/sys/net/ipv4/tcp_tw_recyclecat/proc/sys/net/ipv4/tcp_tw_reusecat/proc/sys/net/ipv4/kernel/proc /sys/net/ipv4/tcp_syncookiescat/proc/sys/net/ipv4/tcp_window_scalingcat/proc/sys/net/ipv4/tcp_wmemcat/proc/sys/net/ipv4/tcp_rmemcat/proc /sys/net/core/rmem_maxcat/proc/sys/net/core/wmem_maxcat/proc/sys/net/core/somaxconncat/proc/sys/fs/file-max yes, if the kernel version is too low (<3.12), some parameters cannot be modified.