Infra

Benchmark of performance degradation by Docker’s overhead with knowhow of installation&usage of docker

 

What is Docker and its usage

Docker is virtual environment like vagrant but there are following differences.
– Underlying kernel is shared among running containers(=virtual environment) and its overhead is far smaller than Vagrant which requires OS for each virtual environment and necessary resource
– By describing the system settings in a file, reproducibility of the same system can be secured
– Many docker images for many applications have already been created, shared and distributed like a library of programming language

You have to be cautious to use Docker for production environment but it is definitely suitable for the purpose of defining and sharing development & testing environments.

Benchmark of performance degradation due to Docker overhead

Though docker is said that its overhead is smaller compared to vagrant but it cannot avoid overhead (use of extra resources).

The question is how much performance degradation it is?
Here is result of benchmark.

[Conditions of benchmark]
Used server: Linode Dedicated Instance, 2CPU (AMD EPYC 7501 32-Core Processor) + memory 4GB
Benchmark: Unixbench (What is Unixbench?)
Targets of comparison:
1) No docker
2) Docker
3) Docker with option to make security off for performance ( –security-opt seccomp=unconfined )

Total CPU score17351255 (-28%)1331 (-23%)
1 CPU score1124822 (-27%)895 (-20%)
Dhrystone 2 using register variables353634853542
Double-Precision Whetstone164616331647
Execl Throughput133213001324
File Copy 1024 bufsize 2000 maxblocks250313291369
File Copy 256 bufsize 500 maxblocks1646841863
File Copy 4096 bufsize 8000 maxblocks409125302810
Pipe Throughput124311621249
Pipe-based Context Switching750594625
Process Creation12916331016
Shell Scripts (1 concurrent)200711131142
Shell Scripts (8 concurrent)195310391071
System Call Overhead12018931197

So you have to expect performance degradation about 25% if you make your application run on docker instead of making it run without docker.
Especially
– File IO
– Execution of Shell scripts, which normally represents CPU&OS performance
got much more performance degradation.

Seeing result, if we turn off the security of Docker, you can expect some amount of performance improvement, it is not so much thought process creation can get much more improvement.

And if you use Docker, you have to be careful of how much disk space are used by docker containers & images.

How to install Docker

If you want to install latest version of official docker, not latest of Linux distributor, you can do it like this.

In the case of CentOS 8 or later

sudo dnf remove docker docker-common docker-selinux docker-engine;
sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
sudo dnf install docker-ce;

If you encounter error message like this

 Problem: package docker-ce-3: 19.03.10-3.el7.x86_64 requires containerd.io>= 1.2.2-3, but none of the providers can be installed

you should download latest containerd.io from
https://download.docker.com/linux/centos/7/x86_64/stable/Packages/

wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.13-3.2.el7.x86_64.rpm;
dnf remove containerd.io;
dnf install -y containerd.io-1.2.13-3.2.el7.x86_64.rpm;
dnf install -y docker-ce docker-ce-cli;

In the case of CentOS 7 or earlier

sudo yum remove docker docker-common docker-selinux docker-engine
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce

Run Docker Daemon

sudo systemctl enable docker.service;
sudo systemctl start docker.service

Run the hello world docker and check the operation

docker run hello-world

If you are user with root privilege, you can make it run but if you are a general user, you may encounter following error message.

docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix/var/run/docker.sock: connect: permission denied.

In that case, docker can be executed only by a user who belongs to the docker group.
Add the user to docker group to resolve the problem.

sudo gpasswd -a $USERID docker;

Please note that even if a user is added to a group, they must be logged out and logged in again.

Then type

docker run hello-world

and check if the result is displayed properly.

Commands frequently used for Docker

Create Docker image from Dockerfile

docker build --rm -t $IMAGENAME .;

List running Docker processes

docker ps;

Execute command in specified Docker container

docker exec -i -t $container id $something $command

Stop all running Docker processes

docker kill $(docker ps -q);

Delete Docker image

docker rmi $IMAGE;

Delete all Docker images

docker images -aq | xargs docker rmi;

Remove all stopped Docker containers

docker rm $(docker ps -a -q);

Run docker-compose as a daemon (=always running process)

docker-compose up -d

Stop the process launched by docker-compose

docker-compose stop