Setting resource limits on LXD containers
In this recipe, we will learn to set resource limits on containers. LXD uses the cgroups feature in the Linux kernel to manage resource allocation and limits. Limits can be applied to a single container through configuration or set in a profile, applying limits to a group of containers at once. Limits can be dynamically updated even when the container is running.
How to do it…
We will create a new profile and configure various resource limits in it. Once the profile is ready, we can use it with any number of containers. Follow these steps:
- Create a new profile with the following command:
$ lxc profile create cookbook Profile cookbook created
- Next, edit the profile with
lxc profile edit
. This will open a text editor with a default profile structure in YML format:$ lxc profile edit cookbook
Add the following details to the profile. Feel free to select any parameters and change their values as required:
name: cookbook config: boot.autostart: "true" limits.cpu: "1" limits.cpu.priority: "10" limits.disk.priority: "10" limits.memory: 128MB limits.processes: "100" description: A profile for Ubuntu Cookbook Containers devices: eth0: nictype: bridged parent: lxdbr0 type: nic
Save your changes to the profile and exit the text editor.
- Optionally, you can check the created profile, as follows:
$ lxc profile show cookbook
- Now, our profile is ready and can be used with a container to set limits. Create a new container using our profile:
$ lxc launch ubuntu:xenial c4 -p cookbook
- This should create and start a new container with the
cookbook
profile applied to it. You can check the profile in use with thelxc info
command:$ lxc info c4
- Check the memory limits applied to container
c4
:$ lxc exec c4 -- free -m
- Profiles can be updated even when they are in use. All containers using that profile will be updated with the respective changes, or return a failure message. Update your profile as follows:
$ lxc profile set cookbook limits.memory 256MB
How it works…
LXD provides multiple options to set resource limits on containers. You can apply limits using profiles or configure containers separately with the lxc config
command. The advantage of creating profiles is that you can have various parameters defined in one central place, and all those parameters can be applied to multiple containers at once. A container can have multiple profiles applied and also have configuration parameters explicitly set. The overlapping parameters will take a value from the last applied profile. Also the parameters that are set explicitly using lxc config
will override any values set by profiles.
The LXD installation ships with two preconfigured profiles. One is default, which is applied to all containers that do not receive any other profile. This contains a network device for a container. The other profile, named docker, configures the required kernel modules to run Docker inside the container. You can view the parameters of any profile with the lxc profile show profile_name
command.
In the previous example, we used the edit
option to edit the profile and set multiple parameters at once. You can also set each parameter separately or update the profile with the set
option:
$ lxc profile set cookbook limits.memory 256MB
Similarly, use the get
option to read any single parameter from a profile:
$ lxc profile get cookbook limits.memory
Profiles can also be applied to a running container with lxc profile apply
. The following command will apply two profiles, default
and cookbook
, to an existing container, c6
:
$ lxc profile apply c6 default,cookbook
Tip
We could have skipped the network configuration in the cookbook
profile and had our containers use the default profile along with cookbook
to combine both configurations.
Updating the profiles will update the configuration for all container using that profile. To modify a single container, you can use lxc config set
or pass the parameters directly to a new container using the -c
flag:
$ lxc launch ubuntu:xenial c7 -c limits.memory=64MB
Similar to lxc profile
, you can use the edit option with lxc config
to modify multiple parameters at once. The same command can also be used to configure or read server parameters. When used without any container name, the command applies to the LXD daemon.
There's more…
The lxc profile
and lxc config
commands can also be used to attach local devices to containers. Both commands provide the option to work with various devices, which include network, disk IO, and so on. The simplest example will be to pass a local directory to a container, as follows:
$ lxc config device add c1 share disk \ source=/home/ubuntu path=home/ubuntu/shared
See also
- Read more about setting resource limits at https://www.stgraber.org/2016/03/26/lxd-2-0-resource-control-412
- For more details about LXC configuration, check the help menu for the
lxc profile
andlxc config
commands, as follows:$ lxc config --help