Infra

Benchmark of performance degradation by Docker’s overhead with knowhow of installation&usage of docker

What is Docker and its usage

Docker is virtual environment like vagrant but there are following differences.
– Underlying kernel is shared among running containers(=virtual environment) and its overhead is far smaller than Vagrant which requires OS for each virtual environment and necessary resource
– By describing the system settings in a file, reproducibility of the same system can be secured
– Many docker images for many applications have already been created, shared and distributed like a library of programming language

You have to be cautious to use Docker for production environment but it is definitely suitable for the purpose of defining and sharing development & testing environments.

Benchmark of performance degradation due to Docker overhead

Though docker is said that its overhead is smaller compared to vagrant but it cannot avoid overhead (use of extra resources).

The question is how much performance degradation it is?
Here is result of benchmark.

[Conditions of benchmark]
Used server: Linode Dedicated Instance, 2CPU (AMD EPYC 7501 32-Core Processor) + memory 4GB
Benchmark: Unixbench (What is Unixbench?)
Targets of comparison:
1) No docker
2) Docker
3) Docker with option to make security off for performance ( –security-opt seccomp=unconfined )

Total CPU score 1735 1255 (-28%) 1331 (-23%)
1 CPU score 1124 822 (-27%) 895 (-20%)
Dhrystone 2 using register variables 3536 3485 3542
Double-Precision Whetstone 1646 1633 1647
Execl Throughput 1332 1300 1324
File Copy 1024 bufsize 2000 maxblocks 2503 1329 1369
File Copy 256 bufsize 500 maxblocks 1646 841 863
File Copy 4096 bufsize 8000 maxblocks 4091 2530 2810
Pipe Throughput 1243 1162 1249
Pipe-based Context Switching 750 594 625
Process Creation 1291 633 1016
Shell Scripts (1 concurrent) 2007 1113 1142
Shell Scripts (8 concurrent) 1953 1039 1071
System Call Overhead 1201 893 1197

So you have to expect performance degradation about 25% if you make your application run on docker instead of making it run without docker.
Especially
– File IO
– Execution of Shell scripts, which normally represents CPU&OS performance
got much more performance degradation.

Seeing result, if we turn off the security of Docker, you can expect some amount of performance improvement, it is not so much thought process creation can get much more improvement.

And if you use Docker, you have to be careful of how much disk space are used by docker containers & images.

How to install Docker

If you want to install latest version of official docker, not latest of Linux distributor, you can do it like this.

In the case of CentOS 8 or later

sudo dnf remove docker docker-common docker-selinux docker-engine;
sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
sudo dnf install docker-ce;

If you encounter error message like this

 Problem: package docker-ce-3: 19.03.10-3.el7.x86_64 requires containerd.io>= 1.2.2-3, but none of the providers can be installed

you should download latest containerd.io from
https://download.docker.com/linux/centos/7/x86_64/stable/Packages/

wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.13-3.2.el7.x86_64.rpm;
dnf remove containerd.io;
dnf install -y containerd.io-1.2.13-3.2.el7.x86_64.rpm;
dnf install -y docker-ce docker-ce-cli;

In the case of CentOS 7 or earlier

sudo yum remove docker docker-common docker-selinux docker-engine
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce

Run Docker Daemon

sudo systemctl enable docker.service;
sudo systemctl start docker.service

Run the hello world docker and check the operation

docker run hello-world

If you are user with root privilege, you can make it run but if you are a general user, you may encounter following error message.

docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix/var/run/docker.sock: connect: permission denied.

In that case, docker can be executed only by a user who belongs to the docker group.
Add the user to docker group to resolve the problem.

sudo gpasswd -a $USERID docker;

Please note that even if a user is added to a group, they must be logged out and logged in again.

Then type

docker run hello-world

and check if the result is displayed properly.

Commands frequently used for Docker

Create Docker image from Dockerfile

docker build --rm -t $IMAGENAME .;

List running Docker processes

docker ps;

Execute command in specified Docker container

docker exec -i -t $container id $something $command

Stop all running Docker processes

docker kill $(docker ps -q);

Delete Docker image

docker rmi $IMAGE;

Delete all Docker images

docker images -aq | xargs docker rmi;

Remove all stopped Docker containers

docker rm $(docker ps -a -q);

Run docker-compose as a daemon (=always running process)

docker-compose up -d

Stop the process launched by docker-compose

docker-compose stop

What is VPS?

  1. CPUs of VPS : How to judge whether it is good or not

OS & Virtual Environment

  1. How to switch to AlmaLinux from CentOS(RHE’s clone)
  2. How to upgrade to CentOS 8 from CentOS 7 and its merit
  3. Benchmark of performance degradation by Docker's overhead with knowhow of installation&usage of docker

Database

  1. MariaDB vs MySQL vs PostgreSQL: Flowchart to choose best RDB

Programming Language

  1. How to install PHP8