How does Docker do process / thread restrictions?

Docker container resource management , which referred to Docker on the CPU, memory, IO restrictions, but did not mention the process / thread resource constraints, that Docker specific how to limit the container can create the process / thread number? How to configure it?

I ran two sets of service containers on a server, a group containing nginx mysql redis memcached zk and 20 + tomcat, when I started the second group will be reported java.lang.OutOfMemoryError: unable to create new native thread.
Later, I modified the container nproc.conf solution, but this piece of content is not very understanding, I hope you can answer.

===================== gorgeous dividing line 2015-03-06 ==================== ===
Supplementary explanation:
1 two groups of about 50 containers, are the standard usage, one application of a container
2 Most of the Java web applications use thread pools
3 containers using centos7, nproc.conf default is 4096, the host default is 65536

You can see the host of the restrictions have been large enough; and in the second group of services, the first group and the second group of tomcat are reported java.lang.OutOfMemoryError: unable to create new native thread. Can it be inferred that the container's nproc.conf is also globally shared? Or is not shared, but because the mapping to the host is a unified user, the statistical limit is to count all the number of containers? 2015-03-05 add comment share it

  • Weibo
  • QZONE
  • Micro letter

Did not find the relevant results

    Invited:

    Ye Keqiang – DockOne.io translation editor

    Agree from: looking for miracles , Zheng Wei – Feng Ren


    1, how many containers did you start on a server?
    2, do you put an application for each container? Or in a container which put a lot, such as a container which put nginx, mysql, redis?
    3, you modify the file is the server on the nproc.conf or your second group of containers inside? The first group is not modified? The server is not modified?

    In addition there is a solution, I hope to help you, this can not be modified in the command line. See the following questions can reply to me.

      Spent some time looking into this again today - and I wonder if I was not setting ulimit derived due to the centos container defaults. 

    The Docker is running on Ubuntu 14.04 with default limits. The Docker service is configured to start with overrides:
    Ubuntu @: ~ $ cat /etc/init/docker.conf
    Description "Docker daemon"

    Start on (local-filesystems and net-device-up IFACE! = Lo)
    Stop on runlevel [! 2345]
    Limit nofile 524288 1048576
    Limit nproc 524288 1048576
    ...

    If you run the centos container it will inherit the limits that Docker service on the host is running with:
    Ubuntu @: ~ $ docker run -t -i centos: centos6 / bin / bash
    Bash-4.1 # ulimit -a
    Core file size (blocks, -c) 0
    Data seg size (kbytes, -d) unlimited
    Scheduling priority (-e) 0
    File size (blocks, -f) unlimited
    Pending signals (-i) 122310
    Max locked memory (kbytes, -l) 64
    Max memory size (kbytes, -m) unlimited
    Open files (-n) 524288
    Pipe size (512 bytes, -p) 8
    POSIX message queues (bytes, -q) 819200
    Real-time priority (-r) 0
    Stack size (kbytes, -s) 8192
    Cpu time (seconds, -t) unlimited
    Max user processes (-u) 524288
    Virtual memory (kbytes, -v) unlimited
    File locks (-x) unlimited

    But if run as a user (not root) in the centos container it will have a restricted ulimit:
    Bash-4.1 # / usr / sbin / adduser testuser
    Bash-4.1 # su -c "ulimit -a" testuser
    Core file size (blocks, -c) 0
    Data seg size (kbytes, -d) unlimited
    Scheduling priority (-e) 0
    File size (blocks, -f) unlimited
    Pending signals (-i) 122310
    Max locked memory (kbytes, -l) 64
    Max memory size (kbytes, -m) unlimited
    Open files (-n) 524288
    Pipe size (512 bytes, -p) 8
    POSIX message queues (bytes, -q) 819200
    Real-time priority (-r) 0
    Stack size (kbytes, -s) 8192
    Cpu time (seconds, -t) unlimited
    Max user processes (-u) 1024
    Virtual memory (kbytes, -v) unlimited
    File locks (-x) unlimited

    This is due to the centos container defaults:
    Bash-4.1 # cat /etc/security/limits.d/90-nproc.conf

    Default limit for number of user's processes to prevent

    Accidental fork bombs

    See rhbz # 432903 for reasoning.

    • Soft nproc 1024
      Root soft nproc unlimited

    Overwriting that file via a Docker file:
    Ubuntu @: ~ / test $ cat limits-90-nproc.conf

    Increase default limit

    * Soft nproc 524288
    Root soft nproc unlimited

    Ubuntu @: ~ / test $ cat Dockerfile
    FROM centos: centos6
    ADD ./limits-90-nproc.conf/etc/security/limits.d/90-nproc.conf

    Then we now get correct ulimit:
    Ubuntu @: ~ / test $ docker build -t test.
    ...
    Ubuntu @: ~ / test $ docker run -t -i test / bin / bash
    Bash-4.1 # / usr / sbin / adduser testuser
    Bash-4.1 # su -c "ulimit -a" testuser
    Core file size (blocks, -c) 0
    Data seg size (kbytes, -d) unlimited
    Scheduling priority (-e) 0
    File size (blocks, -f) unlimited
    Pending signals (-i) 122310
    Max locked memory (kbytes, -l) 64
    Max memory size (kbytes, -m) unlimited
    Open files (-n) 524288
    Pipe size (512 bytes, -p) 8
    POSIX message queues (bytes, -q) 819200
    Real-time priority (-r) 0
    Stack size (kbytes, -s) 8192
    Cpu time (seconds, -t) unlimited
    Max user processes (-u) 524288
    Virtual memory (kbytes, -v) unlimited
    File locks (-x) unlimited

    Heads up! This alert needs your attention, but it's not super important.