From 31c3d32cbe33117cf60d1a032c4410a0c2301d10 Mon Sep 17 00:00:00 2001 From: Johan Bloemberg Date: Wed, 19 Jun 2024 16:10:00 +0200 Subject: [PATCH] Set memory limit for containers to disable swapping Settings a memory limit and swap limit equal to memory will disable swapping. Some containers need a memory limit because of memory leaks (workers, app). Other containers don't specifically need a limit but set ony anyway to ensure they don't start swapping memory. --- docker/defaults.env | 6 +++ docker/docker-compose.yml | 77 +++++++++++++++++++++++++++++++++++---- 2 files changed, 75 insertions(+), 8 deletions(-) diff --git a/docker/defaults.env b/docker/defaults.env index 6c69c053f..c1326bd01 100644 --- a/docker/defaults.env +++ b/docker/defaults.env @@ -143,6 +143,12 @@ PUBLIC_SUFFIX_LIST_URL= # configure built-in unbound resolver to forward to integration test resolver for internal network INTEGRATION_TESTS=False +# Default memory limit for containers +DEFAULT_MEMORY_LIMIT=1G + +# Memory limit for containers with high memory usage +HIGH_MEMORY_LIMIT=5G + # Amount of concurrent worker (green)threads WORKER_CONCURRENCY=100 # limit worker memory so it won't grow into swap diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index a7fc9200c..871484057 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -14,6 +14,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_WEBSERVER_INTERNAL @@ -75,6 +78,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $HIGH_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $HIGH_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_APP_INTERNAL @@ -216,10 +222,9 @@ services: dockerfile: docker/Dockerfile target: app restart: unless-stopped - deploy: - resources: - limits: - memory: $WORKER_MEMORY_LIMIT + mem_limit: $WORKER_MEMORY_LIMIT + # disable swap by setting swap to the memory limit + memswap_limit: $WORKER_MEMORY_LIMIT logging: driver: $LOGGING_DRIVER options: @@ -336,6 +341,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT network_mode: "none" volumes: - /var/run/docker.sock:/var/run/docker.sock @@ -344,10 +352,9 @@ services: worker-slow: # copy all attributes from 'worker' service and overwrite specific settings below <<: *worker - deploy: - resources: - limits: - memory: $WORKER_SLOW_MEMORY_LIMIT + mem_limit: $WORKER_SLOW_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $WORKER_SLOW_MEMORY_LIMIT command: celery --app internetnl worker --without-gossip --pool=eventlet --time-limit=600 --concurrency=$WORKER_SLOW_CONCURRENCY --queues slow_db_worker,batch_slow @@ -365,6 +372,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: - internal - public-internet @@ -434,6 +444,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_REDIS_INTERNAL @@ -457,6 +470,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT user: rabbitmq networks: internal: @@ -482,6 +498,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $HIGH_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $HIGH_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_POSTGRES_INTERNAL @@ -506,6 +525,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $HIGH_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $HIGH_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_ROUTINATOR_INTERNAL @@ -542,6 +564,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_UNBOUND_INTERNAL @@ -588,6 +613,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_RESOLVER_INTERNAL_PERMISSIVE @@ -621,6 +649,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_RESOLVER_INTERNAL_VALIDATING @@ -660,6 +691,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: internal: {} public-internet: {} @@ -717,6 +751,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_GRAFANA_INTERNAL @@ -739,6 +776,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_PROMETHEUS_INTERNAL @@ -757,6 +797,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: - internal @@ -771,6 +814,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: - internal @@ -786,6 +832,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: internal: ipv4_address: $IPV4_IP_STATSD_INTERNAL @@ -804,6 +853,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: - internal depends_on: @@ -829,6 +881,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT pid: host networks: - internal @@ -848,6 +903,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: - internal volumes: @@ -866,6 +924,9 @@ services: driver: $LOGGING_DRIVER options: tag: '{{.Name}}' + mem_limit: $DEFAULT_MEMORY_LIMIT + # disable swap by settings swap to the memory limit + memswap_limit: $DEFAULT_MEMORY_LIMIT networks: - internal volumes: