WARNING you have Transparent Huge Pages (THP) support enabled

[sijnc]

When Redis starts I'm seeing the following two warnings, Is this something to be concerned about or something that should be corrected in the docker-library redis:2.8 image?

Server started, Redis version 2.8.23

WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.

WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.

[tianon]

You probably want to see both #19 and #35 -- the short version is that there's nothing we can do to enable these in the image itself. Setting net.core.somaxconn using docker run --sysctl will be possible with Docker 1.12+, but fixing the value of THP is something you're going to have to change on your host if it's necessary.

[ababich]

Any help how to do this on MacOS host?

[yosifkit]

On an OSX machine, you are still running the containers in a Linux VM, so you would have to configure it on that VM whether the VM is from docker-toolbox using docker-machine or Docker for Mac.

[mostolog]

On Linux I solved this running those on HOST:

echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag

Suggest closing ;)

[c4milo]

Here is a oneshot systemd unit to do it as well:

[Unit]
Description=Disable Transparent Huge Pages
Documentation=https://redis.io/topics/latency

[Service]
Type=oneshot
ExecStart=/usr/bin/sh -c "/usr/bin/echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled"
ExecStart=/usr/bin/sh -c "/usr/bin/echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag"

[Install]
WantedBy=multi-user.target

[ushachar]

There's nothing that can be done here -- This is a host level configuration that can't be modified inside the container (unless it runs in privileged mode).

[danrubenstein]

Leaving some more detail for this in case other Docker for Mac users still have this problem.

This solved the above problem with the following system info:
Docker version 17.12.0-ce, build c97c6d6
Mac OS X El Captain (10.11.6)
Redis version=4.0.8

This is a very naive solution this problem (mostly just cutting and pasting from SO and above, so use at your own risk).

Step 1: Start a screen session the linux VM that docker for mac is running on

$ screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty

(h/t https://stackoverflow.com/questions/39739560/how-to-access-the-vm-created-by-dockers-hyperkit)

Step 2: Run the commands above

# echo never > /sys/kernel/mm/transparent_hugepage/enabled
# echo never > /sys/kernel/mm/transparent_hugepage/defrag

Step 3: Exit screen session, and run whatever docker images / commands.

[ghost]

What's the fix on Docker for Windows?

[ababich]

@danrubenstein great hack, but does it make any practical sense?

[28554010]

What's the fix on Docker for Windows?

SSH into the Docker VM (MobyLinuxVM)

docker run --privileged -it -v /var/run/docker.sock:/var/run/docker.sock jongallant/ubuntu-docker-client
docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/host alpine /bin/sh
chroot /host

then, run the commands @mostolog wrote:

echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag

[kigawas]

@danrubenstein
Thanks for sharing solution 👍

[stephengtuggy]

@danrubenstein Your steps were helpful. However, I found that on my system, the path to Docker's Linux VM was ~/Library/Containers/com.docker.docker/Data/vms/0.

I am using macOS 10.14.2 Mojave; Docker v2.0.0.0-mac81 (29211); and Redis v5.0.3.

[tunecrew]

I created a simple shell script to fix this using nsenter that I just execute whenever I start Docker For Mac:

#!/bin/sh
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled'
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag'

I'd use alpine instead of debian, but apparently nsenter is broken for sh -c right now.

If there's a more direct way to do this w/o pulling debian I'd be glad to hear it.

[WerBinIch]

Leaving some more detail for this in case other Docker for Mac users still have this problem.

This solved the above problem with the following system info:
Docker version 17.12.0-ce, build c97c6d6
Mac OS X El Captain (10.11.6)
Redis version=4.0.8

This is a very naive solution this problem (mostly just cutting and pasting from SO and above, so use at your own risk).

Step 1: Start a screen session the linux VM that docker for mac is running on

$ screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty

(h/t https://stackoverflow.com/questions/39739560/how-to-access-the-vm-created-by-dockers-hyperkit)

Step 2: Run the commands above

# echo never > /sys/kernel/mm/transparent_hugepage/enabled
# echo never > /sys/kernel/mm/transparent_hugepage/defrag

Step 3: Exit screen session, and run whatever docker images / commands.

thank you.

[alecglen]

In case the screen paths from @danrubenstein and @stephengtuggy don't work, I found on my machine the correct path was ~/Library/Containers/com.docker.docker/Data/vms/0/tty

macOS Mojave 10.14.6, Docker 2.1.0.5, and Redis 5.0.5

[imujjwalanand]

What's the fix on Docker for Windows?

Do we have any fix for windows yet?

[yosifkit]

What's the fix on Docker for Windows?

Do we have any fix for windows yet?

Did you try #55 (comment)?

Or, since Docker for WIndows is basically the same setup as Docker for Mac, this #55 (comment) should work. Maybe minus running it as a shell script, but the two commands should be enough to modify the VM that Docker uses to run Linux containers. (basically you need to get direct access to the underlying VM so you can turn off THP).

For those wondering about using an Alpine container instead of Debian, you should be able to the same thing after installing util-linux to get nsenter.

[marioroy]

@tunecrew, notice two dashes to signify the end of command options for run followed by sh -c.

#!/bin/bash
set -ex

docker run -it --privileged --pid=host alpine:3.11 nsenter -t 1 -m -u -n -i -- sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled'
docker run -it --privileged --pid=host alpine:3.11 nsenter -t 1 -m -u -n -i -- sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag'

[korggy]

On Windows I found an easier way to get access to the host VM here:
Getting a Shell in the Docker for Windows VM

Here is the TL;DR version:
docker run -it --rm --privileged --pid=host justincormack/nsenter1

[brandoncollins7]

How would one set this on kubernetes?

[tianon]

You'll have to set it outside k8s on each of your worker hosts, as detailed above.