sam/obmp-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add container memory limits to all services

Browse Source 
Sets mem_limit on every service to cap the OOM/swap-exhaustion risk (the lab
host had only 5 MiB swap free). The three heavy services (psql, kafka,
psql-app) read their limits from .env so production can raise them; the rest
use lab-appropriate fixed values. Total ~25 GB, leaving headroom on the 31 GB
lab host.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
sam 2026-05-18 20:04:37 -07:00
parent 8ac156ce86
commit 4e9bd7cc5a
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.env.example
View File

@ -19,6 +19,12 @@ OBMP_DOMAIN=changeme.example.com
# cookie is valid across subpaths/subdomains. # cookie is valid across subpaths/subdomains.
OBMP_COOKIE_DOMAIN=example.com OBMP_COOKIE_DOMAIN=example.com
# Container memory limits. Lab defaults shown; raise for production
# (see docs/production-sizing.md). psql-app's limit must exceed its MEM heap.
PSQL_MEM_LIMIT=6g
PSQL_APP_MEM_LIMIT=4g
KAFKA_MEM_LIMIT=4g
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# ExaBGP route injector (test profile) # ExaBGP route injector (test profile)
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------

20
docker-compose.yml
View File

@ -18,6 +18,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-zookeeper container_name: obmp-zookeeper
image: confluentinc/cp-zookeeper:7.1.1 image: confluentinc/cp-zookeeper:7.1.1
mem_limit: 1g
volumes: volumes:
- ${OBMP_DATA_ROOT}/zk-data:/var/lib/zookeeper/data - ${OBMP_DATA_ROOT}/zk-data:/var/lib/zookeeper/data
- ${OBMP_DATA_ROOT}/zk-log:/var/lib/zookeeper/log - ${OBMP_DATA_ROOT}/zk-log:/var/lib/zookeeper/log
@ -29,6 +30,8 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-kafka container_name: obmp-kafka
image: confluentinc/cp-kafka:7.1.1 image: confluentinc/cp-kafka:7.1.1
# Raise KAFKA_MEM_LIMIT for production (full-table initial dumps are bursty).
mem_limit: ${KAFKA_MEM_LIMIT:-4g}
# Change the mount point to where you want to store Kafka data. # Change the mount point to where you want to store Kafka data.
# Normally 80GB or more # Normally 80GB or more
@ -85,6 +88,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-grafana container_name: obmp-grafana
image: grafana/grafana:9.1.7 image: grafana/grafana:9.1.7
mem_limit: 1g
ports: ports:
- "3000:3000" - "3000:3000"
volumes: volumes:
@ -125,6 +129,8 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-psql container_name: obmp-psql
image: openbmp/postgres:2.2.1 image: openbmp/postgres:2.2.1
# Raise PSQL_MEM_LIMIT for production (see docs/production-sizing.md).
mem_limit: ${PSQL_MEM_LIMIT:-6g}
privileged: true privileged: true
shm_size: 1536m shm_size: 1536m
sysctls: sysctls:
@ -148,6 +154,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-collector container_name: obmp-collector
image: openbmp/collector:2.2.3 image: openbmp/collector:2.2.3
mem_limit: 2g
sysctls: sysctls:
- net.ipv4.tcp_keepalive_intvl=30 - net.ipv4.tcp_keepalive_intvl=30
- net.ipv4.tcp_keepalive_probes=5 - net.ipv4.tcp_keepalive_probes=5
@ -163,6 +170,9 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-psql-app container_name: obmp-psql-app
image: openbmp/psql-app:2.2.2 image: openbmp/psql-app:2.2.2
# mem_limit must exceed the MEM (JVM heap) env below. Raise both for
# production — see docs/production-sizing.md.
mem_limit: ${PSQL_APP_MEM_LIMIT:-4g}
sysctls: sysctls:
- net.ipv4.tcp_keepalive_intvl=30 - net.ipv4.tcp_keepalive_intvl=30
- net.ipv4.tcp_keepalive_probes=5 - net.ipv4.tcp_keepalive_probes=5
@ -207,6 +217,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-exabgp container_name: obmp-exabgp
profiles: ["test"] profiles: ["test"]
mem_limit: 512m
build: build:
context: ./exabgp context: ./exabgp
dockerfile: Dockerfile dockerfile: Dockerfile
@ -231,6 +242,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-exabgp-ui container_name: obmp-exabgp-ui
profiles: ["test"] profiles: ["test"]
mem_limit: 256m
build: build:
context: ./exabgp-ui context: ./exabgp-ui
dockerfile: Dockerfile dockerfile: Dockerfile
@ -245,6 +257,7 @@ services:
container_name: obmp-influxdb container_name: obmp-influxdb
profiles: ["test"] profiles: ["test"]
image: influxdb:2.7 image: influxdb:2.7
mem_limit: 2g
ports: ports:
- "8086:8086" - "8086:8086"
volumes: volumes:
@ -262,6 +275,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-telegraf container_name: obmp-telegraf
profiles: ["test"] profiles: ["test"]
mem_limit: 512m
build: build:
context: ./telegraf context: ./telegraf
dockerfile: Dockerfile dockerfile: Dockerfile
@ -277,6 +291,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-traffic-gen container_name: obmp-traffic-gen
profiles: ["test"] profiles: ["test"]
mem_limit: 1g
build: build:
context: ./traffic-gen context: ./traffic-gen
dockerfile: Dockerfile dockerfile: Dockerfile
@ -293,6 +308,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-traffic-gen-ui container_name: obmp-traffic-gen-ui
profiles: ["test"] profiles: ["test"]
mem_limit: 256m
build: build:
context: ./traffic-gen-ui context: ./traffic-gen-ui
dockerfile: Dockerfile dockerfile: Dockerfile
@ -303,6 +319,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-traffic-gen-responder container_name: obmp-traffic-gen-responder
profiles: ["test"] profiles: ["test"]
mem_limit: 1g
build: build:
context: ./traffic-gen context: ./traffic-gen
dockerfile: Dockerfile dockerfile: Dockerfile
@ -324,6 +341,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-whois container_name: obmp-whois
image: openbmp/whois:2.2.0 image: openbmp/whois:2.2.0
mem_limit: 1g
sysctls: sysctls:
- net.ipv4.tcp_keepalive_intvl=30 - net.ipv4.tcp_keepalive_intvl=30
- net.ipv4.tcp_keepalive_probes=5 - net.ipv4.tcp_keepalive_probes=5
@ -343,6 +361,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-authelia container_name: obmp-authelia
profiles: ["auth"] profiles: ["auth"]
mem_limit: 256m
image: authelia/authelia:4.38 image: authelia/authelia:4.38
ports: ports:
- "9091:9091" - "9091:9091"
@ -355,6 +374,7 @@ services:
restart: unless-stopped restart: unless-stopped
container_name: obmp-portal container_name: obmp-portal
profiles: ["auth"] profiles: ["auth"]
mem_limit: 128m
image: nginx:alpine image: nginx:alpine
ports: ports:
- "8080:80" - "8080:80"