Why docker container out of memory without "cpuset-cpus" parameter? - docker

I create two containers (which provide restful API) via following docker commands.
The only one difference is "--cpuset-cpus="0" for setting specific core number.
However I found that container A will be crashed, if I submit over 150 http requests.
Then, I check the memory via "docker stats container A",
memory usage gradually increases with receiving the number of http requests,
finally container crashed.
But if I set "cpuset-cpus" argument into Container B, memory stability is not affected by http requests,
the container B will not be crashed.
Does anybody know why container will be crash without setting cpuset-cpus?
btw, my server has 32 cores cpu and 512gb.
Container A:
docker run \
-d \
-e PYTHONPATH=/app/custom_component:$PYTHONPATH \
-v /home/hibot_agents/proj.1845.cache:/app:rw \
--name test_1845 \
--memory="512M" \
--memory-swap="1g" \
--cpus="0.25" \
--network="chatbot-network" \
images/chatbot-server:2.0.0-full \
rasa run --enable-api --endpoints endpoints.yml -vv
Container B:
docker run \
-d \
-e PYTHONPATH=/app/custom_component:$PYTHONPATH \
-v /home/hibot_agents/proj.1845.cache:/app:rw \
--name test_1845 \
--memory="512M" \
--memory-swap="1g" \
--cpus="0.25" \
--cpuset-cpus="0" \
--network="chatbot-network" \
images/chatbot-server:2.0.0-full \
rasa run --enable-api --endpoints endpoints.yml -vv

Related

Using Pumba to shutdown the container connection permanently

I am trying to use Pumba to isolate a container from the docker network. I am on Windows, and the command I am using is the following.
docker run \
-d \
--name pumba \
--network docker_default \
-v //var/run/docker.sock:/var/run/docker.sock
gaiaadm/pumba netem \
--tc-image="gaiadocker/iproute2" \
--duration 1000s \
loss \
-p 100 \
753_mycontainer_1
I start the container to isolate using docker-compose, with the restart property set to always. My wish is to let Pumba block the networking of the container also after each restart.
How can I achieve this behavior?
Thanks.
I managed to achieve the result, letting the docker restart the pumba container. I reduce the duration parameter to 30s that is the average time for my 753_mycontainer_1 container to stop itself and restart.
In this way, the two containers restart more or less synchronously, producing a real chaos test, in which the 753_mycontainer_1 container randomly lose the network.
docker run \
-d \
--name pumba \
--restart always \
--network docker_default \
-v //var/run/docker.sock:/var/run/docker.sock gaiaadm/pumba \
netem \
--tc-image="gaiadocker/iproute2" \
--duration 30s \
loss \
-p 100 \
753_mycontainer_1

Issue in connecting ksql with kafka of confluent version 3.3.0 in docker

I am setting up ksql-cli with confluent version 3.3.0 in following way
#zookeper
docker run -d -it \
--net=host \
--name=zookeeper \
-e ZOOKEEPER_CLIENT_PORT=32181 \
confluentinc/cp-zookeeper:3.3.0
#kafka
docker run -d \
--net=host \
--name=kafka \
-e KAFKA_ZOOKEEPER_CONNECT=localhost:32181 \
-e KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://localhost:29092 \
-e KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 \
confluentinc/cp-kafka:3.3.0
#schema-registry
docker run -d \
--net=host \
--name=schema-registry \
-e SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL=localhost:32181 \
-e SCHEMA_REGISTRY_HOST_NAME=localhost \
-e SCHEMA_REGISTRY_LISTENERS=http://localhost:8081 \
confluentinc/cp-schema-registry:3.3.0
i am running ksql-cli docker image in following manner
docker run -it \
--net=host \
--name=ksql-cli \
-e KSQL_CONFIG_DIR="/etc/ksql" \
-e KSQL_LOG4J_OPTS="-Dlog4j.configuration=file:/etc/ksql/log4j-rolling.properties" \
-e STREAMS_BOOTSTRAP_SERVERS=localhost:29092 \
-e STREAMS_SCHEMA_REGISTRY_HOST=localhost \
-e STREAMS_SCHEMA_REGISTRY_PORT=8081 \
confluentinc/ksql-cli:0.5
when i am running ksql-cli by going in bash of container in folowing way
docker exec -it ksql-cli bash
and running ksql-cli in following way:
./usr/bin/ksql-cli local
It is giving me following error:
Initializing KSQL...
Could not fetch broker information. KSQL cannot initialize AdminCLient.
By default, the ksql-cli attempts to connect to the Kafka brokers on localhost:9092. It looks like your setup is using a different port, so you'll need to provide this on the command line, e.g.
./usr/bin/ksql-cli local --bootstrap-server localhost:32181
You'll probably also need to specify the schema registry port, so you may want to use a properties file, e.g. :
./usr/bin/ksql-cli local --properties-file ./ksql.properties
Where ksql.properties has:
bootstrap.servers=localhost:29092
schema.registry.url=localhost:8081
Or provide both on the command line:
./usr/bin/ksql-cli local \
--bootstrap-server localhost:29092 \
--schema.registry.url http://localhost:8081
Note, from KSQL version 4.1 onwards the commands and properties change name. ksql-cli becomes just ksql. The local mode disappears - you'll need to run a ksql-server node or two explicitly. --property-file becomes --config-file and schema.registry.url becomes ksql.schema.registry.url.

How do I choose a folder to store files from Docker?

I've been working on this for hours, but I've mainly found answers relating to Linux.
I'm running Docker in Windows 10, and I'm trying to install some distros from Linuxserver
I can do a basic setup (following a guide that install Jackett a similar way)
docker create --name=jackett \
--restart=always \
-v /home/docker/jackett/config:/config \
-v /home/docker/jackett/downloads:/downloads \
-e PGID=1001 -e PUID=1001 \
-e TZ=Europe/London \
-p 9117:9117 \
linuxserver/jackett
But, I don't understand how to select one of the shared drives I setup, and I have no idea where /home/... is on my hard drive.
How would I set this up to save config and downloads in say:
H:\Documents\Configs
docker volume definitions are in pairs
-v left_side:right_side
where full path of left side is a directory local to the machine where you are executing your docker command from ... your laptop or server ... whereas the right_side is same directory as viewed from inside the freshly launched container ... that is you are mounting a local dir to your container so it can read and write to persist changes even after the container is killed off
For example I want to make visable to my app the dir on my laptop of
/some/full/path/local/dir
and the app will see this as path
/whatever/dir
so syntax would look like this
docker ... skip settings ... -v /some/full/path/local/dir:/whatever/dir
My guess is if your host machine is MS Windows then use Windows \ separators rather than linux / separators
docker ... skip settings ... -v c:\some\full\path\local\dir:/whatever/dir
so this would be linux host syntax
docker create --name=jackett \
--restart=always \
-v /some/config/dir:/config \
-v /some/config/dir:/downloads \
-e PGID=1001 -e PUID=1001 \
-e TZ=Europe/London \
-p 9117:9117 \
linuxserver/jackett
whereas this is MS Windows syntax using \ instead of / as seperator
docker create --name=jackett \
--restart=always \
-v H:\\Documents\\Configs:/config \
-v H:\\Documents\\Configs:/downloads \
-e PGID=1001 -e PUID=1001 \
-e TZ=Europe/London \
-p 9117:9117 \
linuxserver/jackett
UPDATE - notice the double \ which might work on Windows since a single \ just means do an escape on following character ... Also leave as is the last line of above linuxserver/jackett as that is not a path its the docker image name
on ubuntu I just ran below just fine
docker create --name=jackett_stens \
--restart=always \
-v /home/khufu/src/config:/config \
-v /home/khufu/src/config:/downloads \
-e PGID=1001 -e PUID=1001 \
-e TZ=Europe/London \
-p 9117:9117 \
linuxserver/jackett
above output is
khufu#jill ~ $ docker create --name=jackett_stens \
> --restart=always \
> -v /home/khufu/src/config:/config \
> -v /home/khufu/src/config:/downloads \
> -e PGID=1001 -e PUID=1001 \
> -e TZ=Europe/London \
> -p 9117:9117 \
> linuxserver/jackett
Unable to find image 'linuxserver/jackett:latest' locally
latest: Pulling from linuxserver/jackett
f2233041f557: Already exists
53bd17864f23: Pull complete
02efc09c990b: Pull complete
14b057e5c85e: Pull complete
7e03e93fc218: Pull complete
9825bf39efb1: Pull complete
0a74d4d4cac0: Pull complete
34451e5c900f: Pull complete
5453d859f994: Pull complete
d9976cfaf0ba: Pull complete
09ccdb48553d: Pull complete
Digest: sha256:b624cbc75efb40d7dab9a2095653988632a4773ad86e0f5ee2edd877e4178678
Status: Downloaded newer image for linuxserver/jackett:latest
dddfae776bfc32c3a55de1ddc08c04e2574ecb3c950ba9bb88f477e3e240121e
OK so above worked then I launched the image using
docker start jackett_stens
and confirmed it is running by issuing
docker ps

How to run enlightenment wayland in docker container?

I am trying to run enlightenment(https://www.enlightenment.org/start) in a docker container,previously enlightenment is based on X11,but the latest version of enlightenment support wayland. As I searched,we can use the -v parameter when use the "docker run" command to start a docker image like :
$ docker run -it \
--net host \ # may as well YOLO
--cpuset-cpus 0 \ # control the cpu
--memory 512mb \ # max memory it can use
-v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket
-e DISPLAY=unix$DISPLAY \ # pass the display
-v $HOME/Downloads:/root/Downloads \ # optional, but nice
-v $HOME/.config/google-chrome/:/data \ # if you want to save state
--device /dev/snd \ # so we have sound
--name chrome \
jess/chrome
(Reference: https://blog.jessfraz.com/post/docker-containers-on-the-desktop/)
But this is based on X11.Currently I do not use the X11,and use the wayland based enlightenment,How can I show my enlightenment UI in docker container?
According to
https://unix.stackexchange.com/questions/330366/how-can-i-run-a-graphical-application-in-a-container-under-wayland
you mount some device such as
/run/user/1000/wayland-0
in your
docker run
command
and here is an extract from
https://github.com/duzy/docker-wayland/blob/master/run.sh
docker run \
--name $container \
-v "$(pwd):/home/user/work" \
--device=/dev/dri/card0:/dev/dri/card0 \
--device=/dev/dri/card1:/dev/dri/card1 \
--device=/dev/dri/controlD64:/dev/dri/controlD64 \
--device=/dev/dri/controlD65:/dev/dri/controlD65 \

external access to kubernetes

docker run \
--volume=/:/rootfs:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:rw \
--volume=/var/lib/kubelet/:/var/lib/kubelet:rw \
--volume=/var/run:/var/run:rw \
--net=host \
--pid=host \
--privileged=true \
-d \
gcr.io/google_containers/hyperkube-amd64:v${K8S_VERSION} \
/hyperkube kubelet \
--containerized \
--hostname-override="127.0.0.1" \
--address="0.0.0.0" \
--api-servers=http://localhost:8080 \
--config=/etc/kubernetes/manifests \
--cluster-dns=10.0.0.10 \
--cluster-domain=cluster.local \
--allow-privileged=true --v=2
A curl localhost:8080confirms that the API is running.
But trying to access it with the host's IP like curl dockerHostIp:8080fails:
Failed to connect to ipOfDockerHost port 8080: Connection refused
How can I expose k8s to the outside? (docker-host is an ubuntu server)
As far as I understand using --net=host should solve this problem. But it does not work in this case.
When you start kubernetes with docker, you choose between two models:
--config=/etc/kubernetes/manifests
--config=/etc/kubernetes/manifests-multi.
If you look in these files, you will notice one difference: --insecure-bind-address is different.
When you use --config=/etc/kubernetes/manifests, you ask for a local access only.
You should start with --config=/etc/kubernetes/manifests-multi.
Note that:
you will need to start etcd manually when you use --config=/etc/kubernetes/manifests-multi
follow this post as docker support is not working for now

Resources