1podman-update(1) General Commands Manual podman-update(1)
2
6 podman-update - Updates the cgroup configuration of a given container
7
10 podman update [options] container
11 podman container update [options] container
14
17 Updates the cgroup configuration of an already existing container. The
18 currently supported options are a subset of the podman create/run re‐
19 source limits options. These new options are non-persistent and only
20 last for the current execution of the container; the configuration will
21 be honored on its next run. This means that this command can only be
22 executed on an already running container and the changes made will be
23 erased the next time the container is stopped and restarted, this is to
24 ensure immutability. This command takes one argument, a container name
25 or ID, alongside the resource flags to modify the cgroup.
26
29 --blkio-weight=weight
30 Block IO relative weight. The weight is a value between 10 and 1000.
31 This option is not supported on cgroups V1 rootless systems.
34 --blkio-weight-device=device:weight
37 Block IO relative device weight.
38 --cpu-period=limit
41 Set the CPU period for the Completely Fair Scheduler (CFS), which is a
42 duration in microseconds. Once the container's CPU quota is used up, it
43 will not be scheduled to run until the current period ends. Defaults to
44 100000 microseconds.
45 On some systems, changing the resource limits may not be allowed for
48 non-root users. For more details, see https://github.com/contain‐
49 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
50 source-limits-fails-with-a-permissions-error
51 This option is not supported on cgroups V1 rootless systems.
54 --cpu-quota=limit
57 Limit the CPU Completely Fair Scheduler (CFS) quota.
58 Limit the container's CPU usage. By default, containers run with the
61 full CPU resource. The limit is a number in microseconds. If a number
62 is provided, the container will be allowed to use that much CPU time
63 until the CPU period ends (controllable via --cpu-period).
64 On some systems, changing the resource limits may not be allowed for
67 non-root users. For more details, see https://github.com/contain‐
68 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
69 source-limits-fails-with-a-permissions-error
70 This option is not supported on cgroups V1 rootless systems.
73 --cpu-rt-period=microseconds
76 Limit the CPU real-time period in microseconds.
77 Limit the container's Real Time CPU usage. This option tells the kernel
80 to restrict the container's Real Time CPU usage to the period speci‐
81 fied.
82 This option is only supported on cgroups V1 rootful systems.
85 --cpu-rt-runtime=microseconds
88 Limit the CPU real-time runtime in microseconds.
89 Limit the containers Real Time CPU usage. This option tells the kernel
92 to limit the amount of time in a given CPU period Real Time tasks may
93 consume. Ex: Period of 1,000,000us and Runtime of 950,000us means that
94 this container could consume 95% of available CPU and leave the remain‐
95 ing 5% to normal priority tasks.
96 The sum of all runtimes across containers cannot exceed the amount al‐
99 lotted to the parent cgroup.
100 This option is only supported on cgroups V1 rootful systems.
103 --cpu-shares, -c=shares
106 CPU shares (relative weight).
107 By default, all containers get the same proportion of CPU cycles. This
110 proportion can be modified by changing the container's CPU share
111 weighting relative to the combined weight of all the running contain‐
112 ers. Default weight is 1024.
113 The proportion will only apply when CPU-intensive processes are run‐
116 ning. When tasks in one container are idle, other containers can use
117 the left-over CPU time. The actual amount of CPU time will vary depend‐
118 ing on the number of containers running on the system.
119 For example, consider three containers, one has a cpu-share of 1024 and
122 two others have a cpu-share setting of 512. When processes in all three
123 containers attempt to use 100% of CPU, the first container would re‐
124 ceive 50% of the total CPU time. If a fourth container is added with a
125 cpu-share of 1024, the first container only gets 33% of the CPU. The
126 remaining containers receive 16.5%, 16.5% and 33% of the CPU.
127 On a multi-core system, the shares of CPU time are distributed over all
130 CPU cores. Even if a container is limited to less than 100% of CPU
131 time, it can use 100% of each individual CPU core.
132 For example, consider a system with more than three cores. If the con‐
135 tainer C0 is started with --cpu-shares=512 running one process, and an‐
136 other container C1 with --cpu-shares=1024 running two processes, this
137 can result in the following division of CPU shares:
138 ┌────┬───────────┬─────┬──────────────┐
141 │PID │ container │ CPU │ CPU share │
142 ├────┼───────────┼─────┼──────────────┤
143 │100 │ C0 │ 0 │ 100% of CPU0 │
144 ├────┼───────────┼─────┼──────────────┤
145 │101 │ C1 │ 1 │ 100% of CPU1 │
146 ├────┼───────────┼─────┼──────────────┤
147 │102 │ C1 │ 2 │ 100% of CPU2 │
148 └────┴───────────┴─────┴──────────────┘
149 On some systems, changing the resource limits may not be allowed for
151 non-root users. For more details, see https://github.com/contain‐
152 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
153 source-limits-fails-with-a-permissions-error
154 This option is not supported on cgroups V1 rootless systems.
157 --cpus=number
160 Number of CPUs. The default is 0.0 which means no limit. This is short‐
161 hand for --cpu-period and --cpu-quota, so you may only set either
162 --cpus or --cpu-period and --cpu-quota.
163 On some systems, changing the CPU limits may not be allowed for non-
166 root users. For more details, see https://github.com/containers/pod‐
167 man/blob/main/troubleshooting.md#26-running-containers-with-resource-
168 limits-fails-with-a-permissions-error
169 This option is not supported on cgroups V1 rootless systems.
172 --cpuset-cpus=number
175 CPUs in which to allow execution. Can be specified as a comma-separated
176 list (e.g. 0,1), as a range (e.g. 0-3), or any combination thereof
177 (e.g. 0-3,7,11-15).
178 On some systems, changing the resource limits may not be allowed for
181 non-root users. For more details, see https://github.com/contain‐
182 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
183 source-limits-fails-with-a-permissions-error
184 This option is not supported on cgroups V1 rootless systems.
187 --cpuset-mems=nodes
190 Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effec‐
191 tive on NUMA systems.
192 If there are four memory nodes on the system (0-3), use --cpuset-
195 mems=0,1 then processes in the container will only use memory from the
196 first two memory nodes.
197 On some systems, changing the resource limits may not be allowed for
200 non-root users. For more details, see https://github.com/contain‐
201 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
202 source-limits-fails-with-a-permissions-error
203 This option is not supported on cgroups V1 rootless systems.
206 --device-read-bps=path:rate
209 Limit read rate (in bytes per second) from a device (e.g. --device-
210 read-bps=/dev/sda:1mb).
211 On some systems, changing the resource limits may not be allowed for
214 non-root users. For more details, see https://github.com/contain‐
215 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
216 source-limits-fails-with-a-permissions-error
217 This option is not supported on cgroups V1 rootless systems.
220 --device-read-iops=path:rate
223 Limit read rate (in IO operations per second) from a device (e.g. --de‐
224 vice-read-iops=/dev/sda:1000).
225 On some systems, changing the resource limits may not be allowed for
228 non-root users. For more details, see https://github.com/contain‐
229 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
230 source-limits-fails-with-a-permissions-error
231 This option is not supported on cgroups V1 rootless systems.
234 --device-write-bps=path:rate
237 Limit write rate (in bytes per second) to a device (e.g. --device-
238 write-bps=/dev/sda:1mb).
239 On some systems, changing the resource limits may not be allowed for
242 non-root users. For more details, see https://github.com/contain‐
243 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
244 source-limits-fails-with-a-permissions-error
245 This option is not supported on cgroups V1 rootless systems.
248 --device-write-iops=path:rate
251 Limit write rate (in IO operations per second) to a device (e.g. --de‐
252 vice-write-iops=/dev/sda:1000).
253 On some systems, changing the resource limits may not be allowed for
256 non-root users. For more details, see https://github.com/contain‐
257 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
258 source-limits-fails-with-a-permissions-error
259 This option is not supported on cgroups V1 rootless systems.
262 --memory, -m=number[unit]
265 Memory limit. A unit can be b (bytes), k (kibibytes), m (mebibytes), or
266 g (gibibytes).
267 Allows the memory available to a container to be constrained. If the
270 host supports swap memory, then the -m memory setting can be larger
271 than physical RAM. If a limit of 0 is specified (not using -m), the
272 container's memory is not limited. The actual limit may be rounded up
273 to a multiple of the operating system's page size (the value would be
274 very large, that's millions of trillions).
275 This option is not supported on cgroups V1 rootless systems.
278 --memory-reservation=number[unit]
281 Memory soft limit. A unit can be b (bytes), k (kibibytes), m
282 (mebibytes), or g (gibibytes).
283 After setting memory reservation, when the system detects memory con‐
286 tention or low memory, containers are forced to restrict their consump‐
287 tion to their reservation. So you should always set the value below
288 --memory, otherwise the hard limit will take precedence. By default,
289 memory reservation will be the same as memory limit.
290 This option is not supported on cgroups V1 rootless systems.
293 --memory-swap=number[unit]
296 A limit value equal to memory plus swap. A unit can be b (bytes), k
297 (kibibytes), m (mebibytes), or g (gibibytes).
298 Must be used with the -m (--memory) flag. The argument value should
301 always be larger than that of
302 -m (--memory) By default, it is set to double the value of --memory.
303 Set number to -1 to enable unlimited swap.
306 This option is not supported on cgroups V1 rootless systems.
309 --memory-swappiness=number
312 Tune a container's memory swappiness behavior. Accepts an integer be‐
313 tween 0 and 100.
314 This flag is only supported on cgroups V1 rootful systems.
317
320 update a container with a new cpu quota and period
321 podman update --cpus=5 myCtr
324 update a container with all available options for cgroups v2
328 podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --blkio-weight-device /dev/zero:123 --blkio-weight 123 --device-read-bps /dev/zero:10mb --device-write-bps /dev/zero:10mb --device-read-iops /dev/zero:1000 --device-write-iops /dev/zero:1000 ctrID
331 update a container with all available options for cgroups v1
335 podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --memory-swappiness 50 ctrID
338
342 podman(1), podman-create(1), podman-run(1)
343
346 August 2022, Originally written by Charlie Doern cdoern@redhat.com
347 ⟨mailto:cdoern@redhat.com⟩
348 podman-update(1)