Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add "podman container update" command to update the cgroup configuration of running containers #15067

Closed
yule-sun opened this issue Jul 26, 2022 · 14 comments · Fixed by #15276
Closed
Assignees
Labels
kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@yule-sun
Copy link

I found that the memory limit of the container does not take effect in my Ceph cluster environment.

  1. podman version
    [root@zl-k8s-ceph72 zzcloud]# podman version
    Client: Podman Engine
    Version: 4.0.2
    API Version: 4.0.2
    Go Version: go1.17.7

Built: Wed Mar 16 03:15:06 2022
OS/Arch: linux/amd64

  1. Memory usage shown by podman stats
    image

  2. memory limit displayed by ceph orch ps
    image

What parameters should I use, or modify those config files to adjust the memory limit of containers in podman?
Looking forward to your reply, thanks

@vrothberg
Copy link
Member

Thanks for reaching out, @yule-sun.

It's not possible with podman directly but probably by tweaking the cgroups after the fact. But we may be leaving supported territory.

@giuseppe WDYT?

@mheon
Copy link
Member

mheon commented Jul 26, 2022

Using the OCI runtime's update command should allow it, but @vrothberg is correct that this is not supported directly from Podman (and likely will never be - Podman containers are immutable once created). As such, if the container were to restart, the altered resource limit would be lost.

This is the use-case that podman clone was intended for, though. If you can tolerate re-creating the container, podman container clone can alter the memory limit.

@rhatdan
Copy link
Member

rhatdan commented Jul 26, 2022

Should podman container clone have an option to copy the read/write layer? Or do a Replace?
Copy the read/write layer to a tar ball, create new container with content, remove old container, rename new container to old container name.
Lots of moving parts, but this would get you pretty close to update.
I know container ids would change.

@giuseppe
Copy link
Member

but it would still bring down the process running in the container.

I think we could have a podman update that updates the cgroup at runtime without changing the container configuration.

@mheon
Copy link
Member

mheon commented Jul 26, 2022

I would not be opposed to that.

@giuseppe
Copy link
Member

that would simply be a wrapper around $OCI_RUNTIME update.

In the meanwhile,as @vrothberg suggested, you can try to use directly the $OCI_RUNTIME update command:

$ podman run --rm -ti --memory 100M fedora sh
sh-5.1# cat /sys/fs/cgroup/memory.max
104857600

From another terminal:

$ crun update --memory=200000000 3fa4986e1ace56a9e758341f7e69794fddff95cad9f4964393741c7a36b84dc6

and back to the running container:

sh-5.1# cat /sys/fs/cgroup/memory.max
199999488

@mheon
Copy link
Member

mheon commented Jul 26, 2022

@rhatdan I think one of the stretch goals for clone was to commit the container being cloned and start from the new image

@giuseppe giuseppe added the kind/feature Categorizes issue or PR as related to a new feature. label Jul 26, 2022
@yule-sun
Copy link
Author

yule-sun commented Jul 27, 2022

I cann't found the clone subcommand in my system, and i cann't use the update command too.
image

@yule-sun
Copy link
Author

yule-sun commented Jul 27, 2022

那将只是一个包装器$OCI_RUNTIME update

同时,作为@vrothberg建议,你可以尝试直接使用$OCI_RUNTIME update命令:

$ podman run --rm -ti --memory 100M fedora sh
sh-5.1# cat /sys/fs/cgroup/memory.max
104857600

从另一个终端:

$ crun update --memory=200000000 3fa4986e1ace56a9e758341f7e69794fddff95cad9f4964393741c7a36b84dc6

并返回到正在运行的容器:

sh-5.1# cat /sys/fs/cgroup/memory.max
199999488

Hi sir
Can this command be used for containers that are already running, or only for new containers? Running on my system gives the following error.
image

@giuseppe
Copy link
Member

giuseppe commented Jul 27, 2022

it can be used only for running or paused containers

@rhatdan
Copy link
Member

rhatdan commented Jul 27, 2022

So Podman update would only support cgroups configuration flags on a running container. And would only last for the length of time the container is running. I think that makes some sense.

@giuseppe giuseppe changed the title Is it possible to reset the memory limit of a running container? add "podman container update" command to update the cgroup configuration of running containers Jul 28, 2022
@cdoern
Copy link
Contributor

cdoern commented Aug 8, 2022

I am just seeing this now. I could take this on either from the clone approach or the podman update approach. @mheon @giuseppe @rhatdan which one are you more in favor of? IMO, I think having a seprate update command makes sense if there is a runtime function to do this already.

@mheon
Copy link
Member

mheon commented Aug 8, 2022

I'd go with the update command - improves our Docker compat, even if changes are not persistent.

@rhatdan
Copy link
Member

rhatdan commented Aug 9, 2022

I agree. this would at least allow users to setup scripts to modify the containers on each start.

@cdoern cdoern self-assigned this Aug 9, 2022
cdoern added a commit to cdoern/podman that referenced this issue Sep 1, 2022
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:

this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format

–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device

resolves containers#15067

Signed-off-by: Charlie Doern <cdoern@redhat.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 17, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants