Setting resource limits on LXD containers

In this recipe, we will learn to set resource limits on containers. LXD uses the cgroups feature in the Linux kernel to manage resource allocation and limits. Limits can be applied to a single container through configuration or set in a profile, applying limits to a group of containers at once. Limits can be dynamically updated even when the container is running.

How to do it…

We will create a new profile and configure various resource limits in it. Once the profile is ready, we can use it with any number of containers. Follow these steps:

  1. Create a new profile with the following command:
    $ lxc profile create cookbook
    Profile cookbook created
    
  2. Next, edit the profile with lxc profile edit. This will open a text editor with a default profile structure in YML format:
    $ lxc profile edit cookbook
    

    Add the following details to the profile. Feel free to select any parameters and change their values as required:

    name: cookbook
    config:
     boot.autostart: "true"
     limits.cpu: "1"
     limits.cpu.priority: "10"
     limits.disk.priority: "10"
     limits.memory: 128MB
     limits.processes: "100"
    description: A profile for Ubuntu Cookbook Containers
    devices:
     eth0:
     nictype: bridged
     parent: lxdbr0
     type: nic
    

    Save your changes to the profile and exit the text editor.

  3. Optionally, you can check the created profile, as follows:
    $ lxc profile show cookbook
    
  4. Now, our profile is ready and can be used with a container to set limits. Create a new container using our profile:
    $ lxc launch ubuntu:xenial c4 -p cookbook
    
  5. This should create and start a new container with the cookbook profile applied to it. You can check the profile in use with the lxc info command:
    $ lxc info c4
    
  6. Check the memory limits applied to container c4:
    $ lxc exec c4 -- free -m
    
  7. Profiles can be updated even when they are in use. All containers using that profile will be updated with the respective changes, or return a failure message. Update your profile as follows:
    $ lxc profile set cookbook limits.memory 256MB
    

How it works…

LXD provides multiple options to set resource limits on containers. You can apply limits using profiles or configure containers separately with the lxc config command. The advantage of creating profiles is that you can have various parameters defined in one central place, and all those parameters can be applied to multiple containers at once. A container can have multiple profiles applied and also have configuration parameters explicitly set. The overlapping parameters will take a value from the last applied profile. Also the parameters that are set explicitly using lxc config will override any values set by profiles.

The LXD installation ships with two preconfigured profiles. One is default, which is applied to all containers that do not receive any other profile. This contains a network device for a container. The other profile, named docker, configures the required kernel modules to run Docker inside the container. You can view the parameters of any profile with the lxc profile show profile_name command.

In the previous example, we used the edit option to edit the profile and set multiple parameters at once. You can also set each parameter separately or update the profile with the set option:

$ lxc profile set cookbook limits.memory 256MB

Similarly, use the get option to read any single parameter from a profile:

$ lxc profile get cookbook limits.memory

Profiles can also be applied to a running container with lxc profile apply. The following command will apply two profiles, default and cookbook, to an existing container, c6:

$ lxc profile apply c6 default,cookbook

Tip

We could have skipped the network configuration in the cookbook profile and had our containers use the default profile along with cookbook to combine both configurations.

Updating the profiles will update the configuration for all container using that profile. To modify a single container, you can use lxc config set or pass the parameters directly to a new container using the -c flag:

$ lxc launch ubuntu:xenial c7 -c limits.memory=64MB

Similar to lxc profile, you can use the edit option with lxc config to modify multiple parameters at once. The same command can also be used to configure or read server parameters. When used without any container name, the command applies to the LXD daemon.

There's more…

The lxc profile and lxc config commands can also be used to attach local devices to containers. Both commands provide the option to work with various devices, which include network, disk IO, and so on. The simplest example will be to pass a local directory to a container, as follows:

$ lxc config device add c1 share disk \
source=/home/ubuntu path=home/ubuntu/shared

See also