I run my service app in docker container app-api
Result of top:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6420 root 20 0 30.572g 0.028t 38956 S 47.8 92.5 240:40.95 app
...
Result of htop:
PID USER PRI NI VIRT RES SHR S CPU% MEM% TIME+ Command
6420 root 20 0 30.6G 29.0G 38956 S 47.1 92.5 4h21:53 app
6554 root 20 0 30.6G 29.0G 38956 S 6.6 92.5 23:04.15 app
6463 root 20 0 30.6G 29.0G 38956 S 2.0 92.5 27:29.53 app
6430 root 20 0 30.6G 29.0G 38956 S 0.0 92.5 25:30.61 app
6429 root 20 0 30.6G 29.0G 38956 S 5.3 92.5 26:36.17 app
6428 root 20 0 30.6G 29.0G 38956 S 10.0 92.5 23:56.10 app
6426 root 20 0 30.6G 29.0G 38956 S 6.0 92.5 8:09.12 app
6427 root 20 0 30.6G 29.0G 38956 S 0.0 92.5 23:03.81 app
6425 root 20 0 30.6G 29.0G 38956 S 0.0 92.5 0:00.00 app
6424 root 20 0 30.6G 29.0G 38956 S 0.0 92.5 25:42.46 app
6423 root 20 0 30.6G 29.0G 38956 S 4.6 92.5 26:10.82 app
6422 root 20 0 30.6G 29.0G 38956 S 12.0 92.5 23:24.68 app
6421 root 20 0 30.6G 29.0G 38956 S 2.0 92.5 4:32.47 app
2202 gitlab-ru 20 0 231M 70132 53620 S 5.3 0.2 4h54:21 nginx: worker process
2203 gitlab-ru 20 0 228M 59040 47680 S 0.7 0.2 54:44.83 nginx: worker process
281 root 19 -1 175M 58104 47728 S 0.0 0.2 0:17.76 /lib/systemd/systemd-journald
1036 root 20 0 1893M 38164 13332 S 0.0 0.1 0:38.17 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
...
Result of docker stats:
$ docker stats --no-stream
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
14654b8a4bfb app-letsencrypt 13.08% 244.5MiB / 31.41GiB 0.76% 183GB / 192GB 12.4GB / 4.64MB 23
a932dabbced8 app-api 60.50% 7.258GiB / 31.41GiB 23.10% 53.2GB / 10.6GB 48.1MB / 0B 14
2cebc542dda6 app-redis 0.12% 3.902MiB / 31.41GiB 0.01% 24.2kB / 0B 1.84GB / 655kB 4
As you are can see 0.028t (~29G) in top in much more than 7.258GiB in docker stats. Difference is about 29 - 7.258 > 20G of RAM.
Help me please to understand how to detect what is this phantom that takes 20G of RAM? Or maybe point me where to dig, into problems with my application or with docker (20.10.1) or with operation system (Ubuntu 18.04)?
UPD
Output in pprof (heap)
# runtime.MemStats
# Alloc = 7645359160
# TotalAlloc = 2552206192400
# Sys = 31227357832
# Lookups = 0
# Mallocs = 50990505448
# Frees = 50882282691
# HeapAlloc = 7645359160
# HeapSys = 29526425600
# HeapIdle = 21707890688
# HeapInuse = 7818534912
# HeapReleased = 9017090048
# HeapObjects = 108222757
# Stack = 1474560 / 1474560
# MSpan = 101848496 / 367820800
# MCache = 13888 / 16384
# BuckHashSys = 10697838
# GCSys = 1270984696
# OtherSys = 49937954
# NextGC = 11845576832
# LastGC = 1615583458331895138
# PauseNs = ..................
# NumGC = 839
# NumForcedGC = 0
# GCCPUFraction = 0.027290987331299785
# DebugGC = false
# MaxRSS = 31197982720
docker stats is reporting the cgroup resource usage of the container's cgroup:
$ docker run -it -m 1g --cpus 1.5 --name test-stats busybox /bin/sh
/ # cat /sys/fs/cgroup/memory/memory.usage_in_bytes
2629632
/ # cat /sys/fs/cgroup/memory/memory.limit_in_bytes
1073741824
/ # cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us
150000
/ # cat /sys/fs/cgroup/cpu/cpu.cfs_period_us
100000
From another window (there's a small variation with the cat command stopped):
$ docker stats --no-stream test-stats
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
9a69d1323422 test-stats 0.00% 2.395MiB / 1GiB 0.23% 5.46kB / 796B 3MB / 0B 1
Note that this is will differ from the overall host memory and cpu if you have specified limits with your containers. Without limits, the cpu quota will be -1 to be unrestricted, and the memory limit will set to the page counter max value.
Trying to add up memory usage from the top command is very error prone. There is different types of memory in the linux kernel (including disk cache), memory gets shared between multiple threads (which is why you likely see multiple pids for app, each with the exact same memory), some memory may be mmap that is not backed with ram, and a long list of other challenges. People that know much more about this than me will say that the kernel doesn't even know when it's actually out of memory until it attempts to reclaim memory from many process and those attempts all fail.
You are comparing top/htop RES mem (man):
The non-swapped physical memory a task has used.
RES = CODE + DATA.
with docker stats CLI output (doc):
On Linux, the Docker CLI reports memory usage by subtracting cache usage from the total memory usage.
Use docker stats API and you will get much more granular view, e.g. stat for memory:
{
"total_pgmajfault": 0,
"cache": 0,
"mapped_file": 0,
"total_inactive_file": 0,
"pgpgout": 414,
"rss": 6537216,
"total_mapped_file": 0,
"writeback": 0,
"unevictable": 0,
"pgpgin": 477,
"total_unevictable": 0,
"pgmajfault": 0,
"total_rss": 6537216,
"total_rss_huge": 6291456,
"total_writeback": 0,
"total_inactive_anon": 0,
"rss_huge": 6291456,
"hierarchical_memory_limit": 67108864,
"total_pgfault": 964,
"total_active_file": 0,
"active_anon": 6537216,
"total_active_anon": 6537216,
"total_pgpgout": 414,
"total_cache": 0,
"inactive_anon": 0,
"active_file": 0,
"pgfault": 964,
"inactive_file": 0,
"total_pgpgin": 477
}
You can see - memory is not just one, but it has many types and each tool may report own set&combination of memory types. I guess you will find missing memory in app cache memory allocation.
You can check overall basic memory allocations with free command:
$ free -m
total used free shared buff/cache available
Mem: 2000 1247 90 178 662 385
Swap: 0 0 0
It is a normal state, when Linux uses unused memory for buff/cache.
Related
I am able to run containers fine with this combination.
But I noticed - there is no /etc/docker directory on the linux side and when I do ps -eF I get this. I was expecting dockerd and container processes as children of dockerd
rookie#MAIBENBEN-PC:/mnt/c/Users/rookie$ ps -eF
UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
root 1 0 0 223 580 6 04:07 ? 00:00:00 /init
root 98 1 0 223 80 5 04:07 ? 00:00:00 /init
root 99 98 0 223 80 5 04:07 ? 00:00:00 /init
rookie 100 99 0 191067 43220 0 04:07 pts/0 00:00:00 docker serve --address unix:///home/rookie/.docker/run/d
root 101 98 0 0 0 1 04:07 ? 00:00:00 [init] <defunct>
root 103 98 0 223 80 7 04:07 ? 00:00:00 /init
root 104 103 0 384463 28888 0 04:07 pts/1 00:00:00 /mnt/wsl/docker-desktop/docker-desktop-proxy --distro-na
root 142 1 0 223 80 4 05:17 ? 00:00:00 /init
root 143 142 0 223 80 6 05:17 ? 00:00:00 /init
rookie 144 143 0 2509 5048 2 05:17 pts/2 00:00:00 -bash
rookie 221 144 0 2654 3264 7 05:21 pts/2 00:00:00 ps -eF
Your Ubuntu session (and all WSL2 sessions) are set up as docker clients, but the actual docker daemon is running in a separate WSL session named "docker-desktop".
I generally recommend leaving this instance alone, as it is auto-configured and managed by Docker Desktop, but if you really want to take a look, run:
wsl -d docker-desktop
... from PowerShell, CMD, or Windows Start/Run.
Note that this instance is running BusyBox, so some commands will be different than you expect. For instance, the -F argument is not valid for ps.
You'll see dockerd and the associated containerd processes here.
There's also a separate image, docker-desktop-data, but it is not bootable (there is no init in it). If you want to see the filesystem, at least, you can wsl --export it and examine the tar file that is created. I wrote up an answer on Super User with details a few months ago.
A Confluent Kafka instance is running via docker-compose on my Debian 9 server. I followed this tutorial to get it up and running. However, Control Center is shutting down periodically.
sudo docker-compose ps gives the following output:
control-center /etc/confluent/docker/run Exit 1
The rest of the Confluent services stay up and running.
When checking docker logs (sudo docker-compose logs) I can see that it is spamming the following error:
control-center | INFO [Consumer clientId=_confluent-controlcenter-5-3-0-1-9de26cca-62ca-42d6-9d46-86731fc8109a-StreamThread-5-restore-consumer, groupId=null] Unsubscribed all topics or patterns and assigned partitions (org.apache.kafka.clients.consumer.KafkaConsumer)
EDIT: discovered some more logs:
control-center | [2019-08-30 23:10:02,304] INFO [Consumer clientId=_confluent-controlcenter-5-3-0-1-39ae65e2-457c-4696-b592-504fe320038e-StreamThread-3-consumer, groupId=_confluent-controlcenter-5-3-0-1] Group coordinator broker:29092 (id: 2147483646 rack: null) is unavailable or invalid, will attempt rediscovery
control-center | [2019-08-30 22:38:39,291] INFO [Consumer clientId=_confluent-controlcenter-5-3-0-1-39ae65e2-457c-4696-b592-504fe320038e-StreamThread-8-consumer, groupId=_confluent-controlcenter-5-3-0-1] Attempt to heartbeat failed since group is rebalancing (org.apache.kafka.clients.consumer.internals.AbstractCoordinator)
EDIT 2: memory available to docker containers:
NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
ksql-datagen 0.00% 3.312MiB / 7.792GiB 0.04% 18.2kB / 2.11kB 92.8MB / 65.5kB 1
control-center 0.00% 0B / 0B 0.00% 0B / 0B 0B / 0B 0
ksql-cli 0.00% 484KiB / 7.792GiB 0.01% 19.6kB / 0B 41kB / 0B 1
ksql-server 0.36% 136MiB / 7.792GiB 1.70% 39.8MB / 34.5MB 210MB / 147kB 30
rest-proxy 0.12% 107.2MiB / 7.792GiB 1.34% 22.2kB / 2.41kB 72.6MB / 81.9kB 28
connect 0.60% 1.571GiB / 7.792GiB 20.16% 124MB / 110MB 1.04GB / 81.9kB 36
schema-registry 0.20% 176.8MiB / 7.792GiB 2.22% 40.2MB / 38.4MB 93.7MB / 156kB 32
broker 7.59% 621MiB / 7.792GiB 7.78% 573MB / 791MB 171MB / 335MB 73
zookeeper 0.10% 80.9MiB / 7.792GiB 1.01% 9.56MB / 8.99MB 38.4MB / 410kB 21
System memory (command: free):
total used free shared buff/cache available
Mem: 8366596096 6770286592 160227328 219533312 1436082176 1099268096
Swap: 34356588544 2301014016 32055574528
Any ideas how to fix this?
This error comes up when the memory allocated is very less.
If you are using Docker Desktop then increase the memory . Go to Docker Desktop->Dashboard->Settings->Preferences->Resources->Advanced and increase the memory and you will be all set.
I want to get all disk devices of host machine in Go or C++ language in a docker container. More information such as free spaces are also needed. What should I do or can this be possible ?
There is nothing special about Go or C++ that is required. You can use any relevant code or libraries that would examine Linux system devices for disk space or free space, because the environment the docker container provides is (typically) a Linux environment.
Docker Solution
docker run --privileged <image> <program> will populate the /dev file system in the container, which contains the device files relevant to your system and allows the container to access those devices.
User Solution
You will have to tell your users, e.g. in DockerHub documentation, or in error messages, to use the
--privileged flag
when running your image or it won't be able to access system devices.
You should expect some scrutiny or cynicism from some of your more knowledgeable users.
Like: why does it need that?
Details
According to Luc Juggery's blog on Medium:
Purpose of the --privileged flag
Running a container with the --privileged flag gives all the capabilities to the container and also access to the host’s devices (everything that is under the /dev >folder)...
However, he confuses the issue for beginners a bit by running docker from vagrant.
He also warns us:
If you use the --privileged flag when running a container, make sure you know what you are doing.
And I agree with that completely. Using --privileged gives the container the permission to modify the host.
It is easier to see what is happening from a Linux host running docker.
Example 1:
From the Linux host we will start an ubuntu container (without --privileged) and run sfdisk to see the disk partitions and ls -l /dev/s* to see the disk devices. It doesn't work because the container has no privileges to access the host in this way. The container's environment can not scan the disks on the host in any way.
paul#somewhere:~$ docker run -it ubuntu /bin/bash
root#175db156cb32:/# sfdisk --list
(blank output)
root#175db156cb32:/# ls -l /dev/sd*
ls: cannot access '/dev/sd*': No such file or directory
Example 2:
Now we run docker run --privileged
paul#somewhere:~$ docker run --privileged -it ubuntu /bin/bash
root#c62b42161444:/# sfdisk --list
Disk /dev/sda: 223.6 GiB, 240057409536 bytes, 468862128 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: EE70993B-4640-4899-B142-18B89DD16CB8
Device Start End Sectors Size Type
/dev/sda1 2048 923647 921600 450M Windows recovery environment
/dev/sda2 923648 1128447 204800 100M EFI System
/dev/sda3 1128448 1161215 32768 16M Microsoft reserved
/dev/sda4 1161216 467810878 466649663 222.5G Microsoft basic data
/dev/sda5 467812352 468858879 1046528 511M Windows recovery environment
Disk /dev/sdb: 2.7 TiB, 3000592982016 bytes, 5860533168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: 2F514662-72A3-4126-9868-40CEB6ADA416
Device Start End Sectors Size Type
/dev/sdb1 34 262177 262144 128M Microsoft reserved
/dev/sdb2 264192 5860532223 5860268032 2.7T Microsoft basic data
Partition 1 does not start on physical sector boundary.
Disk /dev/sdc: 232.9 GiB, 250059350016 bytes, 488397168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x299c6114
Device Boot Start End Sectors Size Id Type
/dev/sdc1 * 2048 89843711 89841664 42.9G 83 Linux
/dev/sdc2 89843712 480468991 390625280 186.3G 83 Linux
/dev/sdc3 480471038 488396799 7925762 3.8G 5 Extended
/dev/sdc5 480471040 488396799 7925760 3.8G 82 Linux swap / Solaris
root#c62b42161444:/# ls -l /dev/sd*
brw-rw---- 1 root disk 8, 0 Aug 11 02:43 /dev/sda
brw-rw---- 1 root disk 8, 1 Aug 11 02:43 /dev/sda1
brw-rw---- 1 root disk 8, 2 Aug 11 02:43 /dev/sda2
brw-rw---- 1 root disk 8, 3 Aug 11 02:43 /dev/sda3
brw-rw---- 1 root disk 8, 4 Aug 11 02:43 /dev/sda4
brw-rw---- 1 root disk 8, 5 Aug 11 02:43 /dev/sda5
brw-rw---- 1 root disk 8, 16 Aug 11 02:43 /dev/sdb
brw-rw---- 1 root disk 8, 17 Aug 11 02:43 /dev/sdb1
brw-rw---- 1 root disk 8, 18 Aug 11 02:43 /dev/sdb2
brw-rw---- 1 root disk 8, 32 Aug 11 02:43 /dev/sdc
brw-rw---- 1 root disk 8, 33 Aug 11 02:43 /dev/sdc1
brw-rw---- 1 root disk 8, 34 Aug 11 02:43 /dev/sdc2
brw-rw---- 1 root disk 8, 35 Aug 11 02:43 /dev/sdc3
brw-rw---- 1 root disk 8, 37 Aug 11 02:43 /dev/sdc5
root#c62b42161444:/# exit
and the docker container is allowed to access the host devices.
I have launched several docker containers and using docker stats, I have verified that one of them increases the consumption of ram memory since it starts until it is restarted.
My question is if there is any way to verify where such consumption comes from within the docker container. There is some way to check the consumption inside the container, something of the docker stats style but for the inside of the container.
Thanks for your cooperation.
Not sure if it's what you are asking for, but here's an example:
(Before your start):
Run a test container docker run --rm -it ubuntu
Install stress by typing apt-get update and apt-get install stress
Run stress --vm-bytes $(awk '/MemAvailable/{printf "%d\n", $2 * 0.9;}' < /proc/meminfo)k --vm-keep -m 1 (it will start consuming memory)
1. with top
If you go to a new terminal you can type docker container exec -it <your container name> top and you will get something like the following:
(notice that the %MEM usage of PID 285 is 68.8%)
docker container exec -it dreamy_jang top
top - 12:46:04 up 22 min, 0 users, load average: 1.48, 1.55, 1.12
Tasks: 4 total, 2 running, 2 sleeping, 0 stopped, 0 zombie
%Cpu(s): 20.8 us, 0.8 sy, 0.0 ni, 78.4 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 6102828 total, 150212 free, 5396604 used, 556012 buff/cache
KiB Swap: 1942896 total, 1937508 free, 5388 used. 455368 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
285 root 20 0 4209376 4.007g 212 R 100.0 68.8 6:56.90 stress
1 root 20 0 18500 3148 2916 S 0.0 0.1 0:00.09 bash
274 root 20 0 36596 3072 2640 R 0.0 0.1 0:00.21 top
284 root 20 0 8240 1192 1116 S 0.0 0.0 0:00.00 stress
2. with ps aux
Again, from a new terminal you type docker container exec -it <your container name> ps aux
(notice that the %MEM usage of PID 285 is 68.8%)
docker container exec -it dreamy_jang ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 18500 3148 pts/0 Ss 12:25 0:00 /bin/bash
root 284 0.0 0.0 8240 1192 pts/0 S+ 12:39 0:00 stress --vm-byt
root 285 99.8 68.8 4209376 4201300 pts/0 R+ 12:39 8:53 stress --vm-byt
root 286 0.0 0.0 34400 2904 pts/1 Rs+ 12:48 0:00 ps aux
My source for this stress thing is from this question: How to fill 90% of the free memory?
Thanks for taking the time to read my problem is the following, my auto-escalation policies are associated with a docker container, if the container requires autoscale memonia. In the container the processes (top) our one less load to "docker stats id". There are times when the RAM of the container becomes saturated because the dentry is not live (page cache)
docker stats does not show the actual RAM consumption that the container uses:
docker stats bf257938fa2d 66.54MiB
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O
bf257938fa2d ce88cfdda8f09bc08101 0.00% 66.54MiB / 512MiB 13.00% 1.44MB / 1.26MB 40.3MB / 0B 0
**docker exec -it bf257938fa2d top **
top - 23:24:02 up 53 min, 0 users, load average: 0.01, 0.21, 0.21
Tasks: 6 total, 1 running, 5 sleeping, 0 stopped, 0 zombie
Cpu(s): 3.7%us, 0.3%sy, 0.0%ni, 95.6%id, 0.2%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 15660100k total, 1989516k used, 13670584k free, 95920k buffers
Swap: 0k total, 0k used, 0k free, 1167184k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 11604 2468 2284 S 0.0 0.0 0:00.02 bash
6 root 20 0 309m 12m 7036 S 0.0 0.1 0:00.09 php-fpm
7 root 20 0 59292 7100 6052 S 0.0 0.0 0:00.00 nginx
8 nginx 20 0 59728 4824 3352 S 0.0 0.0 0:00.03 nginx
9 nginx 20 0 59728 4800 3328 S 0.0 0.0 0:00.02 nginx
70 root 20 0 15188 2040 1832 R 0.0 0.0 0:00.02 top
In what way could solve, that RAM consumption is equal in the container (top) and outside the container (docker stats).
Thank you