These days, hosting websites in Docker helps in quick setup, reducing costs, easy maintenance and many more.

Despite the immense benefits, often Docker high CPU usage create trouble in Web Hosting. And, it becomes tricky to find the exact container creating problem.

At Bobcares, we often receive requests to fix high CPU usage in Docker setup as part of our Docker Management Services.

Today, we’ll see the top reasons for Docker high CPU usage  and how Bobcares’ Engineers nailed CPU usage for one of our customers.

 

Key advantages of Docker

Firstly, its useful to analyze on why Docker is one of the popular choice for web providers.

Docker allows to get the best out of an existing server. It can accommodate many containers that can host different applications. Again, with the use of images, Docker container setup becomes pretty easy. We just need to include all the applications in the base image. And, spin up any number of containers almost instantly.

Similarly, the lightweight containers allows hundreds to thousands of tasks to be carried out independently. And, they normally do not affect other containers too. There are options to limit resources on each Docker container. Portability to multiple platforms, Security, etc. come as added advantage in docker setup.

In short, we’ve seen instances where Docker ensures more returns of investment, if maintained properly.

 

Causes for high CPU usage

CPU usage plays an important role in Docker Host performance. It is a sign that indicates the state of the Docker container.

By default, when no CPU limits are set on individual Docker containers, one container can use up all the available CPU resource on the server. Thus, it would affect all other containers and eventually make them slow. This causes big issue for the websites or applications running on containers.

From our experience in managing Docker infrastructure, our Docker Experts often see high CPU usage by containers. Let’s now take a look at top reasons that cause it.

 

1. Insufficient Docker container resources

Usually, the hardware requirements often play an important role in the Docker performance. When users create more containers beyond the actual available physical resources on the server, it impact the working of Docker.

Again, the resources on the container should match the requirement of the hosted application. For example, on planning to run high-load applications on Docker, the container need to have additional CPU limits. And, we always allot more CPU share to a container by setting appropriate CPU weights.

To assign a CPU share of 512 to a container during creation or run-time, we use the ‘docker run’ command as

docker run -ti -c 512 ubuntu /bin/bash

 

2. Buggy Applications on Containers

Yet another reason for high Docker CPU usage attributes to applications running inside the container. For example, a buggy java application can take up all the CPU resources and cause resource crunch. Similarly, a WordPress brute-force attack on websites can also cause trouble.

While we are at it, certain Docker version can also cause high CPU usage. We once noted an issue with docker version v18.02.0-ce. Therefore, verifying the Docker version used on the server also matters much.

 

Fix for CPU usage in Docker

We just saw the top reasons that cause high CPU usage. But, the real challenge lies in identifying the exact container that causes problem and the user involved in it.

We’ll now take a look at how our Docker Experts optimized CPU usage for one of our customer.

This customer complained about the high CPU % usage on his Docker Host. It always showed 100% usage as in the picture. He wanted to know the real reason for this high CPU utilization.

1. Identifying the problem container

The first step of investigation was to find out the Docker container that was causing the 100% CPU usage. Unfortunately, a ‘top‘ command on the Docker host will not work here. It will only show the top processes running on the host server and not the processes running inside the container.

Luckily, the command “docker stats” comes to the rescue here. It displays a live stream of containers resource usage statistics. A sample output from one of the Docker host looks as below.

docker stats --all --format "table {{.ID}}t{{.Name}}t{{.CPUPerc}}t{{.MemUsage}}"
CONTAINER ID                                                       
NAME                           CPU %               MEM USAGE / LIMIT
13b222900xxxxxxxxxxxx24cbbaa8c32f5c0c551b3386a0ec72   
txxx.com             4.31%               748.5MiB / 15.67GiB
776c2420cc06xxxxxxxxxxxxx092e45add918003a42a8708613a4d41b7b   
https-portal                   0.39%               8.457MiB / 15.67GiB

2.Checking specific container process

Now that we know the specific container causing problem, we list the processes running on the container using:

docker ps | grep <container id>

After that, we examined the container logs. We then saw many POST attempts to one of the WordPress websites on the server.

{"log":"172.xx.xx.10 - - [11/May/2019:08:57:48 +0000] "POST /wp-login.php HTTP/1.0" 200 2139 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"n","stream":"stdout","time":"2019-05-11T08:57:51.80441157Z"}

Here, there was attack on the website from multiple IP addresses. And, it resulted in the high CPU usage and load on the container.

 

3. Fixing the problem

The final step is to fix the problem and make sure that it doesn’t happen again. In this case, our Support Engineers blocked suspicious IP addresses on the firewall.This stopped the processes and the CPU utilization was bought back to normal.

Also, we suggested the server owner to tweak the WordPress on the website to avoid brute force attacks.

[Do you know that our Docker monitoring can prevent server down instances due to high CPU usage ?}

 

Conclusion

In short Docker high CPU usage happens due to limited resources on the container, misuse of installed applications, etc. Today, we saw how our Docker experts nailed down high CPU usage on Docker container due to WordPress attack.



Source link

Author

Write A Comment