Jumpserver 资源限制(限制内存与CPU占用)

Jumpserver 目前的内存最低要求是 4GB ，但是生产环境中发现 jumpserver 程序占用的实际内存更多

top - 16:44:06 up 470 days,  7:16,  3 users,  load average: 0.60, 0.56, 0.62
Tasks: 190 total,   1 running, 183 sleeping,   0 stopped,   6 zombie
%Cpu(s):  1.3 us,  0.8 sy,  0.0 ni, 98.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem : 15732496 total,   302616 free, 14369880 used,  1060000 buff/cache
KiB Swap:        0 total,        0 free,        0 used.  1024260 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
25010 root      20   0 7025880   6.6g   2372 S   0.0 44.1   2915:50 containerd-shim
32631 work      20   0 5395604   1.4g   7812 S   2.0  9.1  37:29.80 java
23456 root      20   0 5397688   1.3g   6188 S   0.0  8.9 186:38.19 java

问题原因

jumpserver 使用docker部署，内置了 mysql , redis 等程序

[root@web00-and-backend00 ~]# docker ps
CONTAINER ID        IMAGE                         COMMAND                  CREATED             STATUS                  PORTS                                         NAMES
610b8092947e        jumpserver/nginx:alpine2      "sh -c 'crond -b -d …"   7 weeks ago         Up 7 weeks (healthy)    0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp   jms_nginx
ee26902044c2        jumpserver/luna:v2.8.0        "/docker-entrypoint.…"   7 weeks ago         Up 7 weeks (healthy)    80/tcp                                        jms_luna
38528d420c14        jumpserver/core:v2.8.0        "./entrypoint.sh sta…"   7 weeks ago         Up 7 weeks (healthy)    8070/tcp, 8080/tcp                            jms_celery
def3e263b6b5        jumpserver/koko:v2.8.0        "./entrypoint.sh"        7 weeks ago         Up 25 hours (healthy)   0.0.0.0:2222->2222/tcp, 5000/tcp              jms_koko
f1ce3e93dc6e        jumpserver/lina:v2.8.0        "/docker-entrypoint.…"   7 weeks ago         Up 7 weeks (healthy)    80/tcp                                        jms_lina
57e08381be1b        jumpserver/guacamole:v2.8.0   "/init"                  7 weeks ago         Up 7 weeks (healthy)    8080/tcp                                      jms_guacamole
5f31f194d92e        jumpserver/core:v2.8.0        "./entrypoint.sh sta…"   7 weeks ago         Up 25 hours (healthy)   8070/tcp, 8080/tcp                            jms_core
49889d33322c        jumpserver/redis:6-alpine     "docker-entrypoint.s…"   7 months ago        Up 7 months (healthy)   6379/tcp                                      jms_redis
72a2809f7b5d        jumpserver/mysql:5            "docker-entrypoint.s…"   7 months ago        Up 7 months (healthy)   3306/tcp, 33060/tcp                           jms_mysql

并且这些容器都没有做内存限制

CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT   MEM %               NET I/O             BLOCK I/O           PIDS
610b8092947e        jms_nginx           0.02%               9.168MiB / 15GiB    0.06%               3GB / 3.17GB        0B / 0B             6
ee26902044c2        jms_luna            0.00%               2.961MiB / 15GiB    0.02%               918kB / 68.2MB      0B / 0B             5
38528d420c14        jms_celery          0.39%               458.6MiB / 15GiB    2.98%               12.2GB / 7.76GB     0B / 0B             28
def3e263b6b5        jms_koko            0.10%               13.05MiB / 15GiB    0.08%               136MB / 79.8MB      0B / 0B             16
f1ce3e93dc6e        jms_lina            0.00%               2.996MiB / 15GiB    0.02%               2.71MB / 276MB      0B / 0B             5
57e08381be1b        jms_guacamole       0.12%               277.9MiB / 15GiB    1.81%               454MB / 392MB       0B / 0B             57
5f31f194d92e        jms_core            0.22%               741.9MiB / 15GiB    4.83%               229MB / 121MB       0B / 0B             41
49889d33322c        jms_redis           0.15%               2.742MiB / 15GiB    0.02%               34.4GB / 63GB       0B / 0B             5
72a2809f7b5d        jms_mysql           0.10%               535.3MiB / 15GiB    3.48%               15.7GB / 24.7GB     0B / 0B             54

解决方案：限制Docker容器内存，或者通过Docker Compose 限制内存，或者通过修改 mysql , redis 等程序的配置文件来实现目的。

例如1：修改 redis 内存限制

[root@web00-and-backend00 jumpserver-installer-v2.8.0]# CD /opt/jumpserver-installer-v2.8.0

[root@web00-and-backend00 jumpserver-installer-v2.8.0]# vim ./config_init/redis/redis.conf

# 可以发现 maxmemory 为 2G 
maxmemory 2g

config_init 目录只是默认配置，如果需要修改这些配置，则应该去 /opt/jumpserver/config 中修改

例如2：修改 mysql 内存限制

cp /opt/jumpserver/config/mysql/my.cnf /opt/jumpserver/config/mysql/my.cnf-bak
vim /opt/jumpserver/config/mysql/my.cnf

例如3：通过 docker compose 修改设置内存限制

CD /opt/jumpserver-installer-v2.8.0/compose

[root@web00-and-backend00 compose]# ll
总用量 52
drwxrwxr-x 2 root root 4096 3月  18 2021 config_static
-rw-rw-r-- 1 root root 1610 3月  18 2021 docker-compose-app.yml
-rw-rw-r-- 1 root root  653 3月  18 2021 docker-compose-es.yml
-rw-rw-r-- 1 root root 1238 3月  19 2021 docker-compose-external.yml
-rw-rw-r-- 1 root root 1142 3月  18 2021 docker-compose-internal.yml
-rw-rw-r-- 1 root root  697 3月  18 2021 docker-compose-lb.yml
-rw-rw-r-- 1 root root  591 3月  18 2021 docker-compose-mysql.yml
-rw-rw-r-- 1 root root  196 3月  18 2021 docker-compose-network_ipv6.yml
-rw-rw-r-- 1 root root  134 3月  18 2021 docker-compose-network.yml
-rw-rw-r-- 1 root root  450 3月  18 2021 docker-compose-omnidb.yml
-rw-rw-r-- 1 root root  590 3月  18 2021 docker-compose-redis.yml
-rw-rw-r-- 1 root root  619 3月  18 2021 docker-compose-task.yml
-rw-rw-r-- 1 root root  547 3月  18 2021 docker-compose-xpack.yml

修改点示例： vim ./docker-compose-task.yml

VIM 
version: '2.2'

services:
  celery:
    image: jumpserver/core:${VERSION}
    # 设置最大内存限制  
    mem_limit: 768M
    container_name: jms_celery
    restart: always
    tty: true
    command: start task

修改后查看内存情况

CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT   MEM %               NET I/O             BLOCK I/O           PIDS
7414d7da5170        jms_nginx           0.01%               9.469MiB / 256MiB   3.70%               342kB / 338kB       0B / 0B             6
dfaaff16b389        jms_koko            0.07%               7.34MiB / 15GiB     0.05%               244kB / 547kB       0B / 0B             11
66c651252eec        jms_core            101.51%             445.9MiB / 512MiB   87.09%              614kB / 278kB       0B / 0B             18
1c1f37f229ef        jms_mysql           0.10%               265.9MiB / 1GiB     25.97%              730kB / 1.72MB      0B / 0B             44
ee26902044c2        jms_luna            0.00%               2.961MiB / 15GiB    0.02%               922kB / 68.2MB      0B / 0B             5
38528d420c14        jms_celery          0.07%               458.9MiB / 15GiB    2.99%               12.2GB / 7.76GB     0B / 0B             28
f1ce3e93dc6e        jms_lina            2.28%               2.996MiB / 15GiB    0.02%               2.73MB / 276MB      0B / 0B             5
57e08381be1b        jms_guacamole       0.08%               278.2MiB / 15GiB    1.81%               454MB / 392MB       0B / 0B             57
49889d33322c        jms_redis           2.41%               2.723MiB / 15GiB    0.02%               34.4GB / 63GB       0B / 0B             5

方案二：如果限制了内存后，还发现内存占用超高，那么可能是出现了僵尸进程导致内存无法释放

那么可以参考这篇文章： Jumpserver celery 僵尸进程导致内存不释放的问题

Jumpserver 资源限制(限制内存与CPU占用)

方案二： 如果限制了内存后，还发现内存占用超高，那么可能是出现了僵尸进程导致内存无法释放

你可能感兴趣的:(Jumpserver 资源限制(限制内存与CPU占用))

方案二：如果限制了内存后，还发现内存占用超高，那么可能是出现了僵尸进程导致内存无法释放