All geek questions in one place

Cassandra, JNA, Docker, and CAP_IPC_LOCK

I am trying to optimize the performance of my Docker Cassandra containers (3.7+). I found a presentation from 2015 that mentioned (on slide 21) that I have to provide CAP_IPC_LOCK and set ulimit lock.

After a slight skew, it seems that the two options basically do not allow the system to exchange JVMs, which modern versions of Cassandra seem to achieve using JNA.

Setting --ulimit memlock=-1:-1 on my Docker containers has an effect that

 INFO 12:42:33 JNA mlockall successful

printed at boot, so I assume that everything is done and done.

Should I still need --cap-add=CAP_IPC_LOCK , and if so, how can I determine if I installed it correctly?

+5
source share
1 answer

Let's think about it.

On linux, the process requires CAP_IPC_LOCK the ability to call mlockall .

MlockAll now blocks the entire virtual address space of the calling process in RAM, preventing memory from being sent to the swap space. Thus, essentially, you cannot swap places.

Installing JNA has the same effect.

This is from Datastax docs.

Installing JNA can improve Cassandra memory usage. When installing and configuring Linux, it does not replace the JVM and thus avoids the performance issues associated with it.

http://docs.datastax.com/en/cassandra/1.2/cassandra/install/installJnaDeb.html

Also, if you see below in the magazines

JNA mlockall successful

This means that JNA is on.

I think you are fine and there is no need to add CAP_IPC_LOCK.

+1
source

Source: https://habr.com/ru/post/1260034/

More articles:


All Articles