1podman-update(1) General Commands Manual podman-update(1)
2
3
4
6 podman-update - Update the cgroup configuration of a given container
7
8
10 podman update [options] container
11
12
13 podman container update [options] container
14
15
17 Updates the cgroup configuration of an already existing container. The
18 currently supported options are a subset of the podman create/run re‐
19 source limits options. These new options are non-persistent and only
20 last for the current execution of the container; the configuration is
21 honored on its next run. This means that this command can only be exe‐
22 cuted on an already running container and the changes made is erased
23 the next time the container is stopped and restarted, this is to ensure
24 immutability. This command takes one argument, a container name or ID,
25 alongside the resource flags to modify the cgroup.
26
27
29 --blkio-weight=weight
30 Block IO relative weight. The weight is a value between 10 and 1000.
31
32
33 This option is not supported on cgroups V1 rootless systems.
34
35
36 --blkio-weight-device=device:weight
37 Block IO relative device weight.
38
39
40 --cpu-period=limit
41 Set the CPU period for the Completely Fair Scheduler (CFS), which is a
42 duration in microseconds. Once the container's CPU quota is used up, it
43 will not be scheduled to run until the current period ends. Defaults to
44 100000 microseconds.
45
46
47 On some systems, changing the resource limits may not be allowed for
48 non-root users. For more details, see https://github.com/contain‐
49 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
50 source-limits-fails-with-a-permissions-error
51
52
53 This option is not supported on cgroups V1 rootless systems.
54
55
56 --cpu-quota=limit
57 Limit the CPU Completely Fair Scheduler (CFS) quota.
58
59
60 Limit the container's CPU usage. By default, containers run with the
61 full CPU resource. The limit is a number in microseconds. If a number
62 is provided, the container is allowed to use that much CPU time until
63 the CPU period ends (controllable via --cpu-period).
64
65
66 On some systems, changing the resource limits may not be allowed for
67 non-root users. For more details, see https://github.com/contain‐
68 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
69 source-limits-fails-with-a-permissions-error
70
71
72 This option is not supported on cgroups V1 rootless systems.
73
74
75 --cpu-rt-period=microseconds
76 Limit the CPU real-time period in microseconds.
77
78
79 Limit the container's Real Time CPU usage. This option tells the kernel
80 to restrict the container's Real Time CPU usage to the period speci‐
81 fied.
82
83
84 This option is only supported on cgroups V1 rootful systems.
85
86
87 --cpu-rt-runtime=microseconds
88 Limit the CPU real-time runtime in microseconds.
89
90
91 Limit the containers Real Time CPU usage. This option tells the kernel
92 to limit the amount of time in a given CPU period Real Time tasks may
93 consume. Ex: Period of 1,000,000us and Runtime of 950,000us means that
94 this container can consume 95% of available CPU and leave the remaining
95 5% to normal priority tasks.
96
97
98 The sum of all runtimes across containers cannot exceed the amount al‐
99 lotted to the parent cgroup.
100
101
102 This option is only supported on cgroups V1 rootful systems.
103
104
105 --cpu-shares, -c=shares
106 CPU shares (relative weight).
107
108
109 By default, all containers get the same proportion of CPU cycles. This
110 proportion can be modified by changing the container's CPU share
111 weighting relative to the combined weight of all the running contain‐
112 ers. Default weight is 1024.
113
114
115 The proportion only applies when CPU-intensive processes are running.
116 When tasks in one container are idle, other containers can use the
117 left-over CPU time. The actual amount of CPU time varies depending on
118 the number of containers running on the system.
119
120
121 For example, consider three containers, one has a cpu-share of 1024 and
122 two others have a cpu-share setting of 512. When processes in all three
123 containers attempt to use 100% of CPU, the first container receives 50%
124 of the total CPU time. If a fourth container is added with a cpu-share
125 of 1024, the first container only gets 33% of the CPU. The remaining
126 containers receive 16.5%, 16.5% and 33% of the CPU.
127
128
129 On a multi-core system, the shares of CPU time are distributed over all
130 CPU cores. Even if a container is limited to less than 100% of CPU
131 time, it can use 100% of each individual CPU core.
132
133
134 For example, consider a system with more than three cores. If the con‐
135 tainer C0 is started with --cpu-shares=512 running one process, and an‐
136 other container C1 with --cpu-shares=1024 running two processes, this
137 can result in the following division of CPU shares:
138
139
140 ┌────┬───────────┬─────┬──────────────┐
141 │PID │ container │ CPU │ CPU share │
142 ├────┼───────────┼─────┼──────────────┤
143 │100 │ C0 │ 0 │ 100% of CPU0 │
144 ├────┼───────────┼─────┼──────────────┤
145 │101 │ C1 │ 1 │ 100% of CPU1 │
146 ├────┼───────────┼─────┼──────────────┤
147 │102 │ C1 │ 2 │ 100% of CPU2 │
148 └────┴───────────┴─────┴──────────────┘
149
150 On some systems, changing the resource limits may not be allowed for
151 non-root users. For more details, see https://github.com/contain‐
152 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
153 source-limits-fails-with-a-permissions-error
154
155
156 This option is not supported on cgroups V1 rootless systems.
157
158
159 --cpus=number
160 Number of CPUs. The default is 0.0 which means no limit. This is short‐
161 hand for --cpu-period and --cpu-quota, therefore the option cannot be
162 specified with --cpu-period or --cpu-quota.
163
164
165 On some systems, changing the CPU limits may not be allowed for non-
166 root users. For more details, see https://github.com/containers/pod‐
167 man/blob/main/troubleshooting.md#26-running-containers-with-resource-
168 limits-fails-with-a-permissions-error
169
170
171 This option is not supported on cgroups V1 rootless systems.
172
173
174 --cpuset-cpus=number
175 CPUs in which to allow execution. Can be specified as a comma-separated
176 list (e.g. 0,1), as a range (e.g. 0-3), or any combination thereof
177 (e.g. 0-3,7,11-15).
178
179
180 On some systems, changing the resource limits may not be allowed for
181 non-root users. For more details, see https://github.com/contain‐
182 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
183 source-limits-fails-with-a-permissions-error
184
185
186 This option is not supported on cgroups V1 rootless systems.
187
188
189 --cpuset-mems=nodes
190 Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effec‐
191 tive on NUMA systems.
192
193
194 If there are four memory nodes on the system (0-3), use --cpuset-
195 mems=0,1 then processes in the container only uses memory from the
196 first two memory nodes.
197
198
199 On some systems, changing the resource limits may not be allowed for
200 non-root users. For more details, see https://github.com/contain‐
201 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
202 source-limits-fails-with-a-permissions-error
203
204
205 This option is not supported on cgroups V1 rootless systems.
206
207
208 --device-read-bps=path:rate
209 Limit read rate (in bytes per second) from a device (e.g. --device-
210 read-bps=/dev/sda:1mb).
211
212
213 On some systems, changing the resource limits may not be allowed for
214 non-root users. For more details, see https://github.com/contain‐
215 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
216 source-limits-fails-with-a-permissions-error
217
218
219 This option is not supported on cgroups V1 rootless systems.
220
221
222 --device-read-iops=path:rate
223 Limit read rate (in IO operations per second) from a device (e.g. --de‐
224 vice-read-iops=/dev/sda:1000).
225
226
227 On some systems, changing the resource limits may not be allowed for
228 non-root users. For more details, see https://github.com/contain‐
229 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
230 source-limits-fails-with-a-permissions-error
231
232
233 This option is not supported on cgroups V1 rootless systems.
234
235
236 --device-write-bps=path:rate
237 Limit write rate (in bytes per second) to a device (e.g. --device-
238 write-bps=/dev/sda:1mb).
239
240
241 On some systems, changing the resource limits may not be allowed for
242 non-root users. For more details, see https://github.com/contain‐
243 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
244 source-limits-fails-with-a-permissions-error
245
246
247 This option is not supported on cgroups V1 rootless systems.
248
249
250 --device-write-iops=path:rate
251 Limit write rate (in IO operations per second) to a device (e.g. --de‐
252 vice-write-iops=/dev/sda:1000).
253
254
255 On some systems, changing the resource limits may not be allowed for
256 non-root users. For more details, see https://github.com/contain‐
257 ers/podman/blob/main/troubleshooting.md#26-running-containers-with-re‐
258 source-limits-fails-with-a-permissions-error
259
260
261 This option is not supported on cgroups V1 rootless systems.
262
263
264 --memory, -m=number[unit]
265 Memory limit. A unit can be b (bytes), k (kibibytes), m (mebibytes), or
266 g (gibibytes).
267
268
269 Allows the memory available to a container to be constrained. If the
270 host supports swap memory, then the -m memory setting can be larger
271 than physical RAM. If a limit of 0 is specified (not using -m), the
272 container's memory is not limited. The actual limit may be rounded up
273 to a multiple of the operating system's page size (the value is very
274 large, that's millions of trillions).
275
276
277 This option is not supported on cgroups V1 rootless systems.
278
279
280 --memory-reservation=number[unit]
281 Memory soft limit. A unit can be b (bytes), k (kibibytes), m
282 (mebibytes), or g (gibibytes).
283
284
285 After setting memory reservation, when the system detects memory con‐
286 tention or low memory, containers are forced to restrict their consump‐
287 tion to their reservation. So always set the value below --memory, oth‐
288 erwise the hard limit takes precedence. By default, memory reservation
289 is the same as memory limit.
290
291
292 This option is not supported on cgroups V1 rootless systems.
293
294
295 --memory-swap=number[unit]
296 A limit value equal to memory plus swap. A unit can be b (bytes), k
297 (kibibytes), m (mebibytes), or g (gibibytes).
298
299
300 Must be used with the -m (--memory) flag. The argument value must be
301 larger than that of
302 -m (--memory) By default, it is set to double the value of --memory.
303
304
305 Set number to -1 to enable unlimited swap.
306
307
308 This option is not supported on cgroups V1 rootless systems.
309
310
311 --memory-swappiness=number
312 Tune a container's memory swappiness behavior. Accepts an integer be‐
313 tween 0 and 100.
314
315
316 This flag is only supported on cgroups V1 rootful systems.
317
318
319 --pids-limit=limit
320 Tune the container's pids limit. Set to -1 to have unlimited pids for
321 the container. The default is 2048 on systems that support "pids"
322 cgroup controller.
323
324
326 update a container with a new cpu quota and period
327
328 podman update --cpus=5 myCtr
329
330
331
332 update a container with all available options for cgroups v2
333
334 podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --blkio-weight-device /dev/zero:123 --blkio-weight 123 --device-read-bps /dev/zero:10mb --device-write-bps /dev/zero:10mb --device-read-iops /dev/zero:1000 --device-write-iops /dev/zero:1000 --pids-limit 123 ctrID
335
336
337
338 update a container with all available options for cgroups v1
339
340 podman update --cpus 5 --cpuset-cpus 0 --cpu-shares 123 --cpuset-mems 0 --memory 1G --memory-swap 2G --memory-reservation 2G --memory-swappiness 50 --pids-limit 123 ctrID
341
342
343
345 podman(1), podman-create(1), podman-run(1)
346
347
349 August 2022, Originally written by Charlie Doern cdoern@redhat.com
350 ⟨mailto:cdoern@redhat.com⟩
351
352
353
354 podman-update(1)