Well, I’ve been asked about this quite a few times now, so I figured a blog post was in order…
When I was trying to get cyclictest running in a container, I ran into a little snag. I couldn’t run realtime prio tasks inside a container by default. I checked all the normal ulimit stuff for RT, but no dice. But I did find a way (ugly).
If you do want to run SCHED_FIFO tasks you can in fact do so, like this:
Run a privileged container (because of cap_sys_nice being dropped by docker) adding this to your docker run command:
--priveleged
Or, if you have a more recent version of Docker, add this to your docker run command:
--cap-add=sys_nice
Set rt_runtime_us > 0 for the parent cgroup of where docker containers end up in the heirarchy:
# echo 950000 > /sys/fs/cgroup/cpu/system.slice/cpu.rt_runtime_us
Still blocked:
# docker run -it cyclictest bash root@231fbb116315: ~ # chrt -f 1 w chrt: failed to set pid 0's policy: Operation not permitted
3. Update cpu.rt_runtime_us for the new container:
# echo 900000 > `find /sys/fs/cgroup/cpu/system.slice|grep docker|grep scope|grep cpu.rt_runtime_us`
Now it works:
root@231fbb116315: ~ # chrt -f 1 w 11:01:56 up 26 min, 0 users, load average: 0.08, 0.05, 0.05 USER TTY LOGIN@ IDLE JCPU PCPU WHAT
Yes, it should be made easier…the question is at what level do we integrate this; Docker or orchestration.
For more info, see this Red Hat Bugzilla.
Jeremy Eder's Blog 