Jumpserver 目前的内存最低要求是 4GB ,但是生产环境中发现 jumpserver 程序占用的实际内存更多
top - 16:44:06 up 470 days, 7:16, 3 users, load average: 0.60, 0.56, 0.62
Tasks: 190 total, 1 running, 183 sleeping, 0 stopped, 6 zombie
%Cpu(s): 1.3 us, 0.8 sy, 0.0 ni, 98.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 15732496 total, 302616 free, 14369880 used, 1060000 buff/cache
KiB Swap: 0 total, 0 free, 0 used. 1024260 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
25010 root 20 0 7025880 6.6g 2372 S 0.0 44.1 2915:50 containerd-shim
32631 work 20 0 5395604 1.4g 7812 S 2.0 9.1 37:29.80 java
23456 root 20 0 5397688 1.3g 6188 S 0.0 8.9 186:38.19 java
-
问题原因
jumpserver 使用docker部署,内置了 mysql , redis 等程序
[root@web00-and-backend00 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 610b8092947e jumpserver/nginx:alpine2 "sh -c 'crond -b -d …" 7 weeks ago Up 7 weeks (healthy) 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp jms_nginx ee26902044c2 jumpserver/luna:v2.8.0 "/docker-entrypoint.…" 7 weeks ago Up 7 weeks (healthy) 80/tcp jms_luna 38528d420c14 jumpserver/core:v2.8.0 "./entrypoint.sh sta…" 7 weeks ago Up 7 weeks (healthy) 8070/tcp, 8080/tcp jms_celery def3e263b6b5 jumpserver/koko:v2.8.0 "./entrypoint.sh" 7 weeks ago Up 25 hours (healthy) 0.0.0.0:2222->2222/tcp, 5000/tcp jms_koko f1ce3e93dc6e jumpserver/lina:v2.8.0 "/docker-entrypoint.…" 7 weeks ago Up 7 weeks (healthy) 80/tcp jms_lina 57e08381be1b jumpserver/guacamole:v2.8.0 "/init" 7 weeks ago Up 7 weeks (healthy) 8080/tcp jms_guacamole 5f31f194d92e jumpserver/core:v2.8.0 "./entrypoint.sh sta…" 7 weeks ago Up 25 hours (healthy) 8070/tcp, 8080/tcp jms_core 49889d33322c jumpserver/redis:6-alpine "docker-entrypoint.s…" 7 months ago Up 7 months (healthy) 6379/tcp jms_redis 72a2809f7b5d jumpserver/mysql:5 "docker-entrypoint.s…" 7 months ago Up 7 months (healthy) 3306/tcp, 33060/tcp jms_mysql并且这些容器都没有做内存限制
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 610b8092947e jms_nginx 0.02% 9.168MiB / 15GiB 0.06% 3GB / 3.17GB 0B / 0B 6 ee26902044c2 jms_luna 0.00% 2.961MiB / 15GiB 0.02% 918kB / 68.2MB 0B / 0B 5 38528d420c14 jms_celery 0.39% 458.6MiB / 15GiB 2.98% 12.2GB / 7.76GB 0B / 0B 28 def3e263b6b5 jms_koko 0.10% 13.05MiB / 15GiB 0.08% 136MB / 79.8MB 0B / 0B 16 f1ce3e93dc6e jms_lina 0.00% 2.996MiB / 15GiB 0.02% 2.71MB / 276MB 0B / 0B 5 57e08381be1b jms_guacamole 0.12% 277.9MiB / 15GiB 1.81% 454MB / 392MB 0B / 0B 57 5f31f194d92e jms_core 0.22% 741.9MiB / 15GiB 4.83% 229MB / 121MB 0B / 0B 41 49889d33322c jms_redis 0.15% 2.742MiB / 15GiB 0.02% 34.4GB / 63GB 0B / 0B 5 72a2809f7b5d jms_mysql 0.10% 535.3MiB / 15GiB 3.48% 15.7GB / 24.7GB 0B / 0B 54 解决方案: 限制Docker容器内存,或者通过Docker Compose 限制内存,或者通过修改 mysql , redis 等程序的配置文件来实现目的。
-
例如1: 修改 redis 内存限制
[root@web00-and-backend00 jumpserver-installer-v2.8.0]# CD /opt/jumpserver-installer-v2.8.0 [root@web00-and-backend00 jumpserver-installer-v2.8.0]# vim ./config_init/redis/redis.conf # 可以发现 maxmemory 为 2G maxmemory 2g- config_init 目录只是默认配置,如果需要修改这些配置,则应该去 /opt/jumpserver/config 中修改
-
例如2: 修改 mysql 内存限制
cp /opt/jumpserver/config/mysql/my.cnf /opt/jumpserver/config/mysql/my.cnf-bak vim /opt/jumpserver/config/mysql/my.cnf -
例如3: 通过 docker compose 修改设置内存限制
CD /opt/jumpserver-installer-v2.8.0/compose [root@web00-and-backend00 compose]# ll 总用量 52 drwxrwxr-x 2 root root 4096 3月 18 2021 config_static -rw-rw-r-- 1 root root 1610 3月 18 2021 docker-compose-app.yml -rw-rw-r-- 1 root root 653 3月 18 2021 docker-compose-es.yml -rw-rw-r-- 1 root root 1238 3月 19 2021 docker-compose-external.yml -rw-rw-r-- 1 root root 1142 3月 18 2021 docker-compose-internal.yml -rw-rw-r-- 1 root root 697 3月 18 2021 docker-compose-lb.yml -rw-rw-r-- 1 root root 591 3月 18 2021 docker-compose-mysql.yml -rw-rw-r-- 1 root root 196 3月 18 2021 docker-compose-network_ipv6.yml -rw-rw-r-- 1 root root 134 3月 18 2021 docker-compose-network.yml -rw-rw-r-- 1 root root 450 3月 18 2021 docker-compose-omnidb.yml -rw-rw-r-- 1 root root 590 3月 18 2021 docker-compose-redis.yml -rw-rw-r-- 1 root root 619 3月 18 2021 docker-compose-task.yml -rw-rw-r-- 1 root root 547 3月 18 2021 docker-compose-xpack.yml-
修改点示例 : vim ./docker-compose-task.yml
VIM version: '2.2' services: celery: image: jumpserver/core:${VERSION} # 设置最大内存限制 mem_limit: 768M container_name: jms_celery restart: always tty: true command: start task
-
-
修改后查看内存情况
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 7414d7da5170 jms_nginx 0.01% 9.469MiB / 256MiB 3.70% 342kB / 338kB 0B / 0B 6 dfaaff16b389 jms_koko 0.07% 7.34MiB / 15GiB 0.05% 244kB / 547kB 0B / 0B 11 66c651252eec jms_core 101.51% 445.9MiB / 512MiB 87.09% 614kB / 278kB 0B / 0B 18 1c1f37f229ef jms_mysql 0.10% 265.9MiB / 1GiB 25.97% 730kB / 1.72MB 0B / 0B 44 ee26902044c2 jms_luna 0.00% 2.961MiB / 15GiB 0.02% 922kB / 68.2MB 0B / 0B 5 38528d420c14 jms_celery 0.07% 458.9MiB / 15GiB 2.99% 12.2GB / 7.76GB 0B / 0B 28 f1ce3e93dc6e jms_lina 2.28% 2.996MiB / 15GiB 0.02% 2.73MB / 276MB 0B / 0B 5 57e08381be1b jms_guacamole 0.08% 278.2MiB / 15GiB 1.81% 454MB / 392MB 0B / 0B 57 49889d33322c jms_redis 2.41% 2.723MiB / 15GiB 0.02% 34.4GB / 63GB 0B / 0B 5
方案二: 如果限制了内存后,还发现内存占用超高,那么可能是出现了僵尸进程导致内存无法释放
那么可以参考这篇文章: Jumpserver celery 僵尸进程导致内存不释放的问题
