Docker warning on cgroup swap limit, memory.use_hierarchy

fahrradler picture fahrradler · Mar 3, 2015 · Viewed 9k times · Source

I am getting this warning from 'sudo docker -d':

WARNING: Your kernel does not support cgroup swap limit.

even after following the steps (as in this link):

  • modify below lines in /etc/default/grub (I did both for good measure)

    RUB_CMDLINE_LINUX_DEFUALT="cgroup_enable=memory swapaccount=1" GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"

  • and then update-grub/reboot via

    sudo update-grub; sudo reboot

My questions are:

1) Should I be worried about this warning?

I think I should be because I am trying to use docker containers in a use case where enforcing memory limits is important.

2) Is it a good idea to change the memory use_hierarchy setting? -- or -- What is the best way to fix this?

I see this warning in 'dmesg'. I am not sure if it is a good idea to try to change the use_hierarchy setting to '1' (nor how exactly to do this)

cgroup: "memory" requires setting use_hierarchy to 1 on the root."

Or, is there some better way to fix this? I'm just firing wild shots here, perhaps a kernel upgrade would help? I see some 3.16 kernel upgrades are possible.

Environment: I am running Ubuntu 14.04 x64 (kernel: 3.13.0-43-generic x86_64) with docker version 1.0.1

Other notes: I have read other online help articles about similar docker/cgroup errors that say installing apparmor_parser fixes it. However, on my system, apparmor is installed and appears to be started up just fine (per dmesg). Also, this file exists: /sbin/apparmor_parser

Also, I'm rather new to admin tasks on linux servers.

Answer

Rohit Jnagal picture Rohit Jnagal · Mar 4, 2015

cgroup swap limit is important if you are using swap and want to enforce memory limit that includes both memory and swap. I have m/c without swap, so I never enabled it.

use_hierarchy is useful if you want reported memory usage to include memory reported by all subcgroups. eg with use_hierarchy=1, /sys/fs/cgroup/memory/parent will report memory used by processes under that cgroup and also of any subcgroups (like /sys/fs/cgroup/memory/parent/child). This is always a useful setting to enable. But its not enabled by default on most OS.

In summary, your docker containers will work fine without both of these settings. Enabling these gives you some extra benefit - esp. if you care about limit swap use and getting accurate memory reporting.