How to enable CFS cgroup support in Debian/Ubuntu

Asked 26/7, 2017 at 18:57 Answered 20/1, 2022 at 14:7

I need to restrict CPU in Docker containers, using latest Debian (9) or Ubuntu (17.0.4) on host.

$ docker info
  Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
  Images: 1
  Server Version: 17.06.0-ce
  Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  Logging Driver: json-file
  Cgroup Driver: cgroupfs
  Plugins: 
    Volume: local
    Network: bridge host macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
  Swarm: inactive
  Runtimes: runc
  Default Runtime: runc
  Init Binary: docker-init
  containerd version: cfb82a876ecc11b5ca0977d1733adbe58599088a
  runc version: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
  init version: 949e6fa
  Security Options:
    seccomp
  Profile: default
  Kernel Version: 4.9.20-std-1
  Operating System: Ubuntu 17.04
  OSType: linux
  Architecture: x86_64
  CPUs: 4
  Total Memory: 7.753GiB
  ID: 2JJV:EM37:VCY5:HVKQ:MUNV:VV5N:H247:XE5Q:VBFD:6VES:P62H:YXPJ
  Docker Root Dir: /var/lib/docker
  Debug Mode (client): false
  Debug Mode (server): false
  Registry: https://index.docker.io/v1/
  Experimental: false
  Insecure Registries:
    127.0.0.0/8
  Live Restore Enabled: false

  WARNING: No cpu cfs quota support
  WARNING: No cpu cfs period support

I’ve looked around, but I haven’t figured out how to actually enable CFS quote/period support on Debian/Ubuntu. Whenever I try to use --cpus or --cpu-shares I get an error:

NanoCPUs can not be set, as your kernel does not support CPU cfs period/quota or the cgroup is not mounted.

The host runs the latest Ubuntu with 4.9.20 kernel, so it should have support. Same on Debian 9. Any instructions or a good tutorial on how to mount the cgroup mentioned?

Edieedification answered 26/7, 2017 at 18:57 Comment(0)

I encountered the same error on Debian. The reason was that I had configured a workaround for https://github.com/docker/for-linux/issues/219 on my system which mounted cgroup on /sys/fs/cgroup/systemd during boot (as the most upvoted comment on that issue suggests).

The workaround which also fixes docker run --cpus is to tell systemd to use cgroup v1 instead of cgroup v2:

$ echo "GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false" | sudo tee /etc/default/grub.d/cgroup.cfg
$ sudo update-grub

Hestia answered 20/1, 2022 at 14:7 Comment(0)

See the kernel docs on CFS Bandwidth Control

To enable in the kernel:

General setup --->
    -*- Control Group support ---> 
        -*- CPU controller --->
            -*- Group scheduling for SCHED_OTHER
               [*] CPU bandwidth provisioning for FAIR_GROUP_SCHED

Caveat Emptor: Make sure you know what you're doing before recompiling and installing a kernel not provided by the distro. Think about UEFI secure boot, and start from your current .config.

Potentilla answered 6/9, 2017 at 3:27 Comment(0)

Recommended topics

Hot tags