1podman-update(1) General Commands Manual podman-update(1)
2
6 podman-update - Update the cgroup configuration of a given container
7
10 podman update [options] container
11 podman container update [options] container
14
17 Updates the cgroup configuration of an already existing container. The
18 currently supported options are a subset of the podman create/run re‐
19 source limits options. These new options are non-persistent and only
20 last for the current execution of the container; the configuration is
21 honored on its next run. This means that this command can only be exe‐
22 cuted on an already running container and the changes made is erased
23 the next time the container is stopped and restarted, this is to ensure
24 immutability. This command takes one argument, a container name or ID,
25 alongside the resource flags to modify the cgroup.
26
29 --blkio-weight=weight
30 Block IO relative weight. The weight is a value between 10 and 1000.
31 This option is not supported on cgroups V1 rootless systems.
34 --blkio-weight-device=device:weight
37 Block IO relative device weight.
38 --cpu-period=limit
41 Set the CPU period for the Completely Fair Scheduler (CFS), which is a
42 duration in microseconds. Once the container's CPU quota is used up, it
43 will not be scheduled to run until the current period ends. Defaults to
44 100000 microseconds.
45 On some systems, changing the resource limits may not be allowed for
48 non-root users. For more details, see https://github.com/contain‐
49 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
50 source-limits-fails-with-a-permissions-error
51 This option is not supported on cgroups V1 rootless systems.
54 --cpu-quota=limit
57 Limit the CPU Completely Fair Scheduler (CFS) quota.
58 Limit the container's CPU usage. By default, containers run with the
61 full CPU resource. The limit is a number in microseconds. If a number
62 is provided, the container is allowed to use that much CPU time until
63 the CPU period ends (controllable via --cpu-period).
64 On some systems, changing the resource limits may not be allowed for
67 non-root users. For more details, see https://github.com/contain‐
68 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
69 source-limits-fails-with-a-permissions-error
70 This option is not supported on cgroups V1 rootless systems.
73 --cpu-rt-period=microseconds
76 Limit the CPU real-time period in microseconds.
77 Limit the container's Real Time CPU usage. This option tells the kernel
80 to restrict the container's Real Time CPU usage to the period speci‐
81 fied.
82 This option is only supported on cgroups V1 rootful systems.
85 --cpu-rt-runtime=microseconds
88 Limit the CPU real-time runtime in microseconds.
89 Limit the containers Real Time CPU usage. This option tells the kernel
92 to limit the amount of time in a given CPU period Real Time tasks may
93 consume. Ex: Period of 1,000,000us and Runtime of 950,000us means that
94 this container can consume 95% of available CPU and leave the remaining
95 5% to normal priority tasks.
96 The sum of all runtimes across containers cannot exceed the amount al‐
99 lotted to the parent cgroup.
100 This option is only supported on cgroups V1 rootful systems.
103 --cpu-shares, -c=shares
106 CPU shares (relative weight).
107 By default, all containers get the same proportion of CPU cycles. This
110 proportion can be modified by changing the container's CPU share
111 weighting relative to the combined weight of all the running contain‐
112 ers. Default weight is 1024.
113 The proportion only applies when CPU-intensive processes are running.
116 When tasks in one container are idle, other containers can use the
117 left-over CPU time. The actual amount of CPU time varies depending on
118 the number of containers running on the system.
119 For example, consider three containers, one has a cpu-share of 1024 and
122 two others have a cpu-share setting of 512. When processes in all three
123 containers attempt to use 100% of CPU, the first container receives 50%
124 of the total CPU time. If a fourth container is added with a cpu-share
125 of 1024, the first container only gets 33% of the CPU. The remaining
126 containers receive 16.5%, 16.5% and 33% of the CPU.
127 On a multi-core system, the shares of CPU time are distributed over all
130 CPU cores. Even if a container is limited to less than 100% of CPU
131 time, it can use 100% of each individual CPU core.
132 For example, consider a system with more than three cores. If the con‐
135 tainer C0 is started with --cpu-shares=512 running one process, and an‐
136 other container C1 with --cpu-shares=1024 running two processes, this
137 can result in the following division of CPU shares:
138 ┌────┬───────────┬─────┬──────────────┐
141 │PID │ container │ CPU │ CPU share │
142 ├────┼───────────┼─────┼──────────────┤
143 │100 │ C0 │ 0 │ 100% of CPU0 │
144 ├────┼───────────┼─────┼──────────────┤
145 │101 │ C1 │ 1 │ 100% of CPU1 │
146 ├────┼───────────┼─────┼──────────────┤
147 │102 │ C1 │ 2 │ 100% of CPU2 │
148 └────┴───────────┴─────┴──────────────┘
149 On some systems, changing the resource limits may not be allowed for
151 non-root users. For more details, see https://github.com/contain‐
152 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
153 source-limits-fails-with-a-permissions-error
154 This option is not supported on cgroups V1 rootless systems.
157 --cpus=number
160 Number of CPUs. The default is 0.0 which means no limit. This is short‐
161 hand for --cpu-period and --cpu-quota, therefore the option cannot be
162 specified with --cpu-period or --cpu-quota.
163 On some systems, changing the CPU limits may not be allowed for non-
166 root users. For more details, see https://github.com/containers/pod‐
167 man/blob/main/troubleshooting.md#26-running-containers-with-resource-
168 limits-fails-with-a-permissions-error
169 This option is not supported on cgroups V1 rootless systems.
172 --cpuset-cpus=number
175 CPUs in which to allow execution. Can be specified as a comma-separated
176 list (e.g. 0,1), as a range (e.g. 0-3), or any combination thereof
177 (e.g. 0-3,7,11-15).
178 On some systems, changing the resource limits may not be allowed for
181 non-root users. For more details, see https://github.com/contain‐
182 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
183 source-limits-fails-with-a-permissions-error
184 This option is not supported on cgroups V1 rootless systems.
187 --cpuset-mems=nodes
190 Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effec‐
191 tive on NUMA systems.
192 If there are four memory nodes on the system (0-3), use --cpuset-
195 mems=0,1 then processes in the container only uses memory from the
196 first two memory nodes.
197 On some systems, changing the resource limits may not be allowed for
200 non-root users. For more details, see https://github.com/contain‐
201 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
202 source-limits-fails-with-a-permissions-error
203 This option is not supported on cgroups V1 rootless systems.
206 --device-read-bps=path:rate
209 Limit read rate (in bytes per second) from a device (e.g. --device-
210 read-bps=/dev/sda:1mb).
211 On some systems, changing the resource limits may not be allowed for
214 non-root users. For more details, see https://github.com/contain‐
215 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
216 source-limits-fails-with-a-permissions-error
217 This option is not supported on cgroups V1 rootless systems.
220 --device-read-iops=path:rate
223 Limit read rate (in IO operations per second) from a device (e.g. --de‐
224 vice-read-iops=/dev/sda:1000).
225 On some systems, changing the resource limits may not be allowed for
228 non-root users. For more details, see https://github.com/contain‐
229 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
230 source-limits-fails-with-a-permissions-error
231 This option is not supported on cgroups V1 rootless systems.
234 --device-write-bps=path:rate
237 Limit write rate (in bytes per second) to a device (e.g. --device-
238 write-bps=/dev/sda:1mb).
239 On some systems, changing the resource limits may not be allowed for
242 non-root users. For more details, see https://github.com/contain‐
243 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
244 source-limits-fails-with-a-permissions-error
245 This option is not supported on cgroups V1 rootless systems.
248 --device-write-iops=path:rate
251 Limit write rate (in IO operations per second) to a device (e.g. --de‐
252 vice-write-iops=/dev/sda:1000).
253 On some systems, changing the resource limits may not be allowed for
256 non-root users. For more details, see https://github.com/contain‐
257 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
258 source-limits-fails-with-a-permissions-error
259 This option is not supported on cgroups V1 rootless systems.
262 --memory, -m=number[unit]
265 Memory limit. A unit can be b (bytes), k (kibibytes), m (mebibytes), or
266 g (gibibytes).
267 Allows the memory available to a container to be constrained. If the
270 host supports swap memory, then the -m memory setting can be larger
271 than physical RAM. If a limit of 0 is specified (not using -m), the
272 container's memory is not limited. The actual limit may be rounded up
273 to a multiple of the operating system's page size (the value is very
274 large, that's millions of trillions).
275 This option is not supported on cgroups V1 rootless systems.
278 --memory-reservation=number[unit]
281 Memory soft limit. A unit can be b (bytes), k (kibibytes), m
282 (mebibytes), or g (gibibytes).
283 After setting memory reservation, when the system detects memory con‐
286 tention or low memory, containers are forced to restrict their consump‐
287 tion to their reservation. So always set the value below --memory, oth‐
288 erwise the hard limit takes precedence. By default, memory reservation
289 is the same as memory limit.
290 This option is not supported on cgroups V1 rootless systems.
293 --memory-swap=number[unit]
296 A limit value equal to memory plus swap. A unit can be b (bytes), k
297 (kibibytes), m (mebibytes), or g (gibibytes).
298 Must be used with the -m (--memory) flag. The argument value must be
301 larger than that of
302 -m (--memory) By default, it is set to double the value of --memory.
303 Set number to -1 to enable unlimited swap.
306 This option is not supported on cgroups V1 rootless systems.
309 --memory-swappiness=number
312 Tune a container's memory swappiness behavior. Accepts an integer be‐
313 tween 0 and 100.
314 This flag is only supported on cgroups V1 rootful systems.
317 --pids-limit=limit
320 Tune the container's pids limit. Set to -1 to have unlimited pids for
321 the container. The default is 2048 on systems that support "pids"
322 cgroup controller.
323
326 update a container with a new cpu quota and period
327 podman update --cpus=5 myCtr
329 update a container with all available options for cgroups v2
333 podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --blkio-weight-device /dev/zero:123 --blkio-weight 123 --device-read-bps /dev/zero:10mb --device-write-bps /dev/zero:10mb --device-read-iops /dev/zero:1000 --device-write-iops /dev/zero:1000 --pids-limit 123 ctrID
335 update a container with all available options for cgroups v1
339 podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --memory-swappiness 50 --pids-limit 123 ctrID
341
345 podman(1), podman-create(1), podman-run(1)
346
349 August 2022, Originally written by Charlie Doern cdoern@redhat.com
350 ⟨mailto:cdoern@redhat.com⟩
351 podman-update(1)