Performance related I/O issues

[raravena80]

Description of problem

We are seeing less than desirable numbers when running the Cassandra stress test on a 2 node Scylla cluster running on the same machine. The baseline is the same cluster but running on straight Docker containers.

We are also seeing the same behavior if using Storage Driver: devicemapper instead of Storage Driver: overlay2

More details here: http://blog.serverbooter.com/post/scylla-in-kata-containers/

Expected result

Better performance number. There's an overhead by running in VM, but the numbers show up to 80% degradation on reads for the test. Something like around like 30% degradation would be nice. Or we can take advantage of VMs talking directly to the hardware it would be great, to possible better performance(?)

Actual result

Details here:

http://blog.serverbooter.com/post/scylla-in-kata-containers/

---

Output of kata-collect-data.sh

Meta details

Running kata-collect-data.sh version 0.1.0 (commit bc83bf052de7157c3e36afa24d7f0f54e91b5ddf) at 2018-04-10.13:55:38.980643542+0000.

---

Runtime is /usr/local/bin/kata-runtime.

kata-env

Output of "/usr/local/bin/kata-runtime kata-env":

[Meta]
  Version = "1.0.10"

[Runtime]
  Debug = false
  [Runtime.Version]
    Semver = "0.1.0"
    Commit = "bc83bf052de7157c3e36afa24d7f0f54e91b5ddf"
    OCI = "1.0.1"
  [Runtime.Config]
    Path = "/usr/share/defaults/kata-containers/configuration.toml"

[Hypervisor]
  MachineType = "pc"
  Version = "QEMU emulator version 2.7.1(2.7.1+git.d4a337fe91-11.cc), Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers"
  Path = "/usr/bin/qemu-lite-system-x86_64"
  Debug = false
  BlockDeviceDriver = "virtio-scsi"

[Image]
  Path = "/usr/share/kata-containers/kata-containers-2018-04-06-03:29:24.440175437+0000-2b2b68d"

[Kernel]
  Path = "/usr/share/clear-containers/vmlinuz-4.14.22-86.container"
  Parameters = "agent.log=debug"

[Initrd]
  Path = ""

[Proxy]
  Type = "kataProxy"
  Version = "kata-proxy version 0.0.1-de18929631091cb1f079b2e6e1caa3e4625f4930"
  Path = "/usr/libexec/kata-containers/kata-proxy"
  Debug = false

[Shim]
  Type = "kataShim"
  Version = "kata-shim version 0.0.1-2bdea2e41109b6b71c600899e1bf5794b125200d"
  Path = "/usr/libexec/kata-containers/kata-shim"
  Debug = false

[Agent]
  Type = "kata"
  Version = "<<unknown>>"

[Host]
  Kernel = "4.4.122-mainline-rev1"
  Architecture = "amd64"
  VMContainerCapable = true
  [Host.Distro]
    Name = "Ubuntu"
    Version = "16.04"
  [Host.CPU]
    Vendor = "GenuineIntel"
    Model = "Intel(R) Atom(TM) CPU  C2550  @ 2.40GHz"

---

Runtime config files

Runtime default config files

/etc/kata-containers/configuration.toml
/usr/share/defaults/kata-containers/configuration.toml

Runtime config file contents

Config file /etc/kata-containers/configuration.toml not found
Output of "cat "/usr/share/defaults/kata-containers/configuration.toml"":

# XXX: WARNING: this file is auto-generated.
# XXX:
# XXX: Source file: "cli/config/configuration.toml.in"
# XXX: Project:
# XXX:   Name: Kata Containers
# XXX:   Type: kata

[hypervisor.qemu]
#path = "/usr/bin/qemu-system-x86_64"
path = "/usr/bin/qemu-lite-system-x86_64"
kernel = "/usr/share/kata-containers/vmlinuz.container"
# initrd = "/usr/share/kata-containers/kata-containers-initrd.img"
image = "/usr/share/kata-containers/kata-containers.img"
machine_type = "pc"

# Optional space-separated list of options to pass to the guest kernel.
# For example, use `kernel_params = "vsyscall=emulate"` if you are having
# trouble running pre-2.15 glibc.
#
# WARNING: - any parameter specified here will take priority over the default
# parameter value of the same name used to start the virtual machine.
# Do not set values here unless you understand the impact of doing so as you
# may stop the virtual machine from booting.
# To see the list of default parameters, enable hypervisor debug, create a
# container and look for 'default-kernel-parameters' log entries.
kernel_params = " agent.log=debug"

# Path to the firmware.
# If you want that qemu uses the default firmware leave this option empty
firmware = ""

# Machine accelerators
# comma-separated list of machine accelerators to pass to the hypervisor.
# For example, `machine_accelerators = "nosmm,nosmbus,nosata,nopit,static-prt,nofw"`
machine_accelerators=""

# Default number of vCPUs per POD/VM:
# unspecified or 0                --> will be set to 1
# < 0                             --> will be set to the actual number of physical cores
# > 0 <= number of physical cores --> will be set to the specified number
# > number of physical cores      --> will be set to the actual number of physical cores
default_vcpus = 1


# Bridges can be used to hot plug devices.
# Limitations:
# * Currently only pci bridges are supported
# * Until 30 devices per bridge can be hot plugged.
# * Until 5 PCI bridges can be cold plugged per VM.
#   This limitation could be a bug in qemu or in the kernel
# Default number of bridges per POD/VM:
# unspecified or 0   --> will be set to 1
# > 1 <= 5           --> will be set to the specified number
# > 5                --> will be set to 5
default_bridges = 1

# Default memory size in MiB for POD/VM.
# If unspecified then it will be set 2048 MiB.
#default_memory = 2048

# Disable block device from being used for a container's rootfs.
# In case of a storage driver like devicemapper where a container's
# root file system is backed by a block device, the block device is passed
# directly to the hypervisor for performance reasons.
# This flag prevents the block device from being passed to the hypervisor,
# 9pfs is used instead to pass the rootfs.
disable_block_device_use = false

# Block storage driver to be used for the hypervisor in case the container
# rootfs is backed by a block device. This is either virtio-scsi or
# virtio-blk.
block_device_driver = "virtio-scsi"

# Enable iothreads (data-plane) to be used. This causes IO to be
# handled in a separate IO thread. This is currently only implemented
# for SCSI.
#
enable_iothreads = false

# Enable pre allocation of VM RAM, default false
# Enabling this will result in lower container density
# as all of the memory will be allocated and locked
# This is useful when you want to reserve all the memory
# upfront or in the cases where you want memory latencies
# to be very predictable
# Default false
#enable_mem_prealloc = true

# Enable huge pages for VM RAM, default false
# Enabling this will result in the VM memory
# being allocated using huge pages.
# This is useful when you want to use vhost-user network
# stacks within the container. This will automatically
# result in memory pre allocation
#enable_hugepages = true

# Enable swap of vm memory. Default false.
# The behaviour is undefined if mem_prealloc is also set to true
#enable_swap = true

# This option changes the default hypervisor and kernel parameters
# to enable debug output where available. This extra output is added
# to the proxy logs, but only when proxy debug is also enabled.
#
# Default false
enable_debug = true

# Disable the customizations done in the runtime when it detects
# that it is running on top a VMM. This will result in the runtime
# behaving as it would when running on bare metal.
#
#disable_nesting_checks = true

[proxy.kata]
path = "/usr/libexec/kata-containers/kata-proxy"

# If enabled, proxy messages will be sent to the system log
# (default: disabled)
#enable_debug = true

[shim.kata]
path = "/usr/libexec/kata-containers/kata-shim"

# If enabled, shim messages will be sent to the system log
# (default: disabled)
#enable_debug = true

[agent.kata]
# There is no field for this section. The goal is only to be able to
# specify which type of agent the user wants to use.

[runtime]
# If enabled, the runtime will log additional debug messages to the
# system log
# (default: disabled)
#enable_debug = true
#
# Internetworking model
# Determines how the VM should be connected to the
# the container network interface
# Options:
#
#   - bridged
#     Uses a linux bridge to interconnect the container interface to
#     the VM. Works for most cases except macvlan and ipvlan.
#
#   - macvtap
#     Used when the Container network interface can be bridged using
#     macvtap.
internetworking_model="macvtap"

---

Agent

version:

kata-agent version 0.0.1-c77567216cf0b9c7df4851592b25956b6f21dce1

---

Logfiles

Runtime logs

No recent runtime problems found in system journal.

Proxy logs

No recent proxy problems found in system journal.

Shim logs

No recent shim problems found in system journal.

---

Container manager details

Have docker

Docker

Output of "docker version":

Client:
 Version:	18.03.0-ce
 API version:	1.37
 Go version:	go1.9.4
 Git commit:	0520e24
 Built:	Wed Mar 21 23:10:01 2018
 OS/Arch:	linux/amd64
 Experimental:	false
 Orchestrator:	swarm

Server:
 Engine:
  Version:	18.03.0-ce
  API version:	1.37 (minimum version 1.12)
  Go version:	go1.9.4
  Git commit:	0520e24
  Built:	Wed Mar 21 23:08:31 2018
  OS/Arch:	linux/amd64
  Experimental:	false

Output of "docker info":

Containers: 2
 Running: 2
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 18.03.0-ce
Storage Driver: devicemapper
 Pool Name: docker-thinpool
 Pool Blocksize: 524.3kB
 Base Device Size: 10.74GB
 Backing Filesystem: ext4
 Udev Sync Supported: true
 Data Space Used: 1.152GB
 Data Space Total: 47.5GB
 Data Space Available: 46.34GB
 Metadata Space Used: 626.7kB
 Metadata Space Total: 499.1MB
 Metadata Space Available: 498.5MB
 Thin Pool Minimum Free Space: 4.75GB
 Deferred Removal Enabled: true
 Deferred Deletion Enabled: true
 Deferred Deleted Device Count: 0
 Library Version: 1.02.110 (2015-10-30)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: kata-runtime runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfd04396dc68220d1cecbe686a6cc3aa5ce3667c
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.4.122-mainline-rev1
Operating System: Ubuntu 16.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.752GiB
Name: katatests
ID: FVTG:DPRW:YDNR:MBR7:YPWY:3BQC:POWA:OOVQ:KHO3:CC7B:WBB5:Z6H4
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 33
 Goroutines: 42
 System Time: 2018-04-10T13:55:40.01964918Z
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Output of "systemctl show docker":

Type=simple
Restart=on-failure
NotifyAccess=none
RestartUSec=100ms
TimeoutStartUSec=infinity
TimeoutStopUSec=1min 30s
RuntimeMaxUSec=infinity
WatchdogUSec=0
WatchdogTimestamp=Tue 2018-04-10 02:59:36 UTC
WatchdogTimestampMonotonic=540000287
FailureAction=none
PermissionsStartOnly=no
RootDirectoryStartOnly=no
RemainAfterExit=no
GuessMainPID=yes
MainPID=5206
ControlPID=0
FileDescriptorStoreMax=0
NFileDescriptorStore=0
StatusErrno=0
Result=success
ExecMainStartTimestamp=Tue 2018-04-10 02:59:36 UTC
ExecMainStartTimestampMonotonic=540000226
ExecMainExitTimestampMonotonic=0
ExecMainPID=5206
ExecMainCode=0
ExecMainStatus=0
ExecStart={ path=/usr/bin/dockerd ; argv[]=/usr/bin/dockerd -D --default-runtime runc --add-runtime kata-runtime=/usr/local/bin/kata-runtime ; ignore_errors=no ; start_time=[Tue 2018-04-10 02:59:36 UTC] ; stop_time=[n/a] ; pid=5206 ; code=(null) ; status=0/0 }
ExecReload={ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
Slice=system.slice
ControlGroup=/system.slice/docker.service
MemoryCurrent=3222347776
CPUUsageNSec=8685366929353
TasksCurrent=111
Delegate=yes
CPUAccounting=no
CPUShares=18446744073709551615
StartupCPUShares=18446744073709551615
CPUQuotaPerSecUSec=infinity
BlockIOAccounting=no
BlockIOWeight=18446744073709551615
StartupBlockIOWeight=18446744073709551615
MemoryAccounting=no
MemoryLimit=18446744073709551615
DevicePolicy=auto
TasksAccounting=no
TasksMax=18446744073709551615
UMask=0022
LimitCPU=18446744073709551615
LimitCPUSoft=18446744073709551615
LimitFSIZE=18446744073709551615
LimitFSIZESoft=18446744073709551615
LimitDATA=18446744073709551615
LimitDATASoft=18446744073709551615
LimitSTACK=18446744073709551615
LimitSTACKSoft=8388608
LimitCORE=18446744073709551615
LimitCORESoft=18446744073709551615
LimitRSS=18446744073709551615
LimitRSSSoft=18446744073709551615
LimitNOFILE=1048576
LimitNOFILESoft=1048576
LimitAS=18446744073709551615
LimitASSoft=18446744073709551615
LimitNPROC=18446744073709551615
LimitNPROCSoft=18446744073709551615
LimitMEMLOCK=65536
LimitMEMLOCKSoft=65536
LimitLOCKS=18446744073709551615
LimitLOCKSSoft=18446744073709551615
LimitSIGPENDING=31712
LimitSIGPENDINGSoft=31712
LimitMSGQUEUE=819200
LimitMSGQUEUESoft=819200
LimitNICE=0
LimitNICESoft=0
LimitRTPRIO=0
LimitRTPRIOSoft=0
LimitRTTIME=18446744073709551615
LimitRTTIMESoft=18446744073709551615
OOMScoreAdjust=0
Nice=0
IOScheduling=0
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
TimerSlackNSec=50000
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardOutput=journal
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SyslogLevel=6
SyslogFacility=3
SecureBits=0
CapabilityBoundingSet=18446744073709551615
AmbientCapabilities=0
MountFlags=0
PrivateTmp=no
PrivateNetwork=no
PrivateDevices=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=no
UtmpMode=init
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=0
RuntimeDirectoryMode=0755
KillMode=process
KillSignal=15
SendSIGKILL=yes
SendSIGHUP=no
Id=docker.service
Names=docker.service
Requires=docker.socket sysinit.target system.slice
Wants=network-online.target
WantedBy=multi-user.target
ConsistsOf=docker.socket
Conflicts=shutdown.target
Before=multi-user.target shutdown.target
After=firewalld.service network-online.target docker.socket sysinit.target systemd-journald.socket system.slice basic.target
TriggeredBy=docker.socket
Documentation=https://docs.docker.com
Description=Docker Application Container Engine
LoadState=loaded
ActiveState=active
SubState=running
FragmentPath=/lib/systemd/system/docker.service
DropInPaths=/etc/systemd/system/docker.service.d/kata-containers.conf
UnitFileState=enabled
UnitFilePreset=enabled
StateChangeTimestamp=Tue 2018-04-10 02:59:36 UTC
StateChangeTimestampMonotonic=540000289
InactiveExitTimestamp=Tue 2018-04-10 02:59:36 UTC
InactiveExitTimestampMonotonic=540000289
ActiveEnterTimestamp=Tue 2018-04-10 02:59:36 UTC
ActiveEnterTimestampMonotonic=540000289
ActiveExitTimestamp=Tue 2018-04-10 02:58:06 UTC
ActiveExitTimestampMonotonic=450505725
InactiveEnterTimestamp=Tue 2018-04-10 02:58:07 UTC
InactiveEnterTimestampMonotonic=451515435
CanStart=yes
CanStop=yes
CanReload=yes
CanIsolate=no
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
OnFailureJobMode=replace
IgnoreOnIsolate=no
NeedDaemonReload=no
JobTimeoutUSec=infinity
JobTimeoutAction=none
ConditionResult=yes
AssertResult=yes
ConditionTimestamp=Tue 2018-04-10 02:59:36 UTC
ConditionTimestampMonotonic=539968286
AssertTimestamp=Tue 2018-04-10 02:59:36 UTC
AssertTimestampMonotonic=539968287
Transient=no
StartLimitInterval=60000000
StartLimitBurst=3
StartLimitAction=none

No kubectl

---

Packages

Have dpkg
Output of "dpkg -l|egrep "(cc-oci-runtimecc-runtimerunv|kata-proxy|kata-runtime|kata-shim|kata-containers-image|linux-container|qemu-)"":

ii  linux-container                4.14.22-86                            amd64        linux kernel optimised for container-like workloads.
ii  qemu-block-extra:amd64         1:2.5+dfsg-5ubuntu10.24               amd64        extra block backend modules for qemu-system and qemu-utils
ii  qemu-lite                      2.7.1+git.d4a337fe91-11               amd64        linux kernel optimised for container-like workloads.
ii  qemu-slof                      20151103+dfsg-1ubuntu1.1              all          Slimline Open Firmware -- QEMU PowerPC version
ii  qemu-system                    1:2.5+dfsg-5ubuntu10.24               amd64        QEMU full system emulation binaries
ii  qemu-system-arm                1:2.5+dfsg-5ubuntu10.24               amd64        QEMU full system emulation binaries (arm)
ii  qemu-system-common             1:2.5+dfsg-5ubuntu10.24               amd64        QEMU full system emulation binaries (common files)
ii  qemu-system-mips               1:2.5+dfsg-5ubuntu10.24               amd64        QEMU full system emulation binaries (mips)
ii  qemu-system-misc               1:2.5+dfsg-5ubuntu10.24               amd64        QEMU full system emulation binaries (miscelaneous)
ii  qemu-system-ppc                1:2.5+dfsg-5ubuntu10.24               amd64        QEMU full system emulation binaries (ppc)
ii  qemu-system-sparc              1:2.5+dfsg-5ubuntu10.24               amd64        QEMU full system emulation binaries (sparc)
ii  qemu-system-x86                1:2.5+dfsg-5ubuntu10.24               amd64        QEMU full system emulation binaries (x86)
ii  qemu-user                      1:2.5+dfsg-5ubuntu10.24               amd64        QEMU user mode emulation binaries
ii  qemu-user-binfmt               1:2.5+dfsg-5ubuntu10.24               amd64        QEMU user mode binfmt registration for qemu-user
ii  qemu-utils                     1:2.5+dfsg-5ubuntu10.24               amd64        QEMU utilities
No `rpm`

---

[raravena80]

Some more info. This is what it looks like in one the Scylla containers.

This is how the container is started.

docker run --runtime kata-runtime --name my-scylla -p 9042:9042 -d scylladb/scylla

# docker exec -it d052f8473bf4 /bin/bash

   _____            _ _       _____  ____
  / ____|          | | |     |  __ \|  _ \
 | (___   ___ _   _| | | __ _| |  | | |_) |
  \___ \ / __| | | | | |/ _` | |  | |  _ <
  ____) | (__| |_| | | | (_| | |__| | |_) |
 |_____/ \___|\__, |_|_|\__,_|_____/|____/
               __/ |
              |___/


Nodetool:
	nodetool help
CQL Shell:
	cqlsh
More documentation available at:
	http://www.scylladb.com/doc/

[root@d052f8473bf4 ~]# df
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/sda        10190136  656464   8993000   7% /
tmpfs              65536       0     65536   0% /dev
kataShared      47929956 5545460  39926708  13% /etc/hosts
shm                65536       0     65536   0% /dev/shm
tmpfs            1001948       0   1001948   0% /proc/scsi
tmpfs            1001948       0   1001948   0% /sys/firmware
[root@d052f8473bf4 ~]# mount
/dev/sda on / type ext4 (rw,relatime,stripe=128,data=ordered)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,size=65536k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
kataShared on /etc/resolv.conf type 9p (rw,nodev,relatime,sync,dirsync,access=client,trans=virtio)
kataShared on /etc/hostname type 9p (rw,nodev,relatime,sync,dirsync,access=client,trans=virtio)
kataShared on /etc/hosts type 9p (rw,nodev,relatime,sync,dirsync,access=client,trans=virtio)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
kataShared on /var/lib/scylla type 9p (rw,nodev,relatime,sync,dirsync,access=client,trans=virtio)
kataShared on /sys/fs/cgroup type 9p (rw,nodev,relatime,sync,dirsync,access=client,trans=virtio)
proc on /proc/bus type proc (ro,relatime)
proc on /proc/fs type proc (ro,relatime)
proc on /proc/irq type proc (ro,relatime)
proc on /proc/sys type proc (ro,relatime)
tmpfs on /proc/timer_list type tmpfs (rw,nosuid,size=65536k,mode=755)
tmpfs on /proc/sched_debug type tmpfs (rw,nosuid,size=65536k,mode=755)
tmpfs on /proc/scsi type tmpfs (ro,relatime)
tmpfs on /sys/firmware type tmpfs (ro,relatime)

Here's the output of docker inspect

 docker inspect d052f8473bf4
[
    {
        "Id": "d052f8473bf43c4325a372839e23d66071e94a6f322c124183fb07b22399dca3",
        "Created": "2018-04-10T03:28:28.638042603Z",
        "Path": "/docker-entrypoint.py",
        "Args": [
            "--seeds=172.17.0.2"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 7551,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2018-04-10T03:28:34.767123631Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:d02433971564e2b8d2df0191278e979f3dc98360a7b7dff1da2cf570d0e4c533",
        "ResolvConfPath": "/var/lib/docker/containers/d052f8473bf43c4325a372839e23d66071e94a6f322c124183fb07b22399dca3/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/d052f8473bf43c4325a372839e23d66071e94a6f322c124183fb07b22399dca3/hostname",
        "HostsPath": "/var/lib/docker/containers/d052f8473bf43c4325a372839e23d66071e94a6f322c124183fb07b22399dca3/hosts",
        "LogPath": "/var/lib/docker/containers/d052f8473bf43c4325a372839e23d66071e94a6f322c124183fb07b22399dca3/d052f8473bf43c4325a372839e23d66071e94a6f322c124183fb07b22399dca3-json.log",
        "Name": "/my-scylla2",
        "RestartCount": 0,
        "Driver": "devicemapper",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "shareable",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "kata-runtime",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0
        },
        "GraphDriver": {
            "Data": {
                "DeviceId": "23",
                "DeviceName": "docker-43:0-1836972-0f44df23dab874cc64069cc67cb59d6e909752af37feffa9d1095e638bff32bb",
                "DeviceSize": "10737418240"
            },
            "Name": "devicemapper"
        },
        "Mounts": [
            {
                "Type": "volume",
                "Name": "442144ed7fde3714920e8c2be0ba20a6777439252e72b9f37b3fb921eba231bf",
                "Source": "/var/lib/docker/volumes/442144ed7fde3714920e8c2be0ba20a6777439252e72b9f37b3fb921eba231bf/_data",
                "Destination": "/sys/fs/cgroup",
                "Driver": "local",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            },
            {
                "Type": "volume",
                "Name": "d78ad1d0c2a2b91738153c8c4ee1d6cb087b800f75668c4bda28b0f3ca4ce3f7",
                "Source": "/var/lib/docker/volumes/d78ad1d0c2a2b91738153c8c4ee1d6cb087b800f75668c4bda28b0f3ca4ce3f7/_data",
                "Destination": "/var/lib/scylla",
                "Driver": "local",
                "Mode": "",
                "RW": true,
                "Propagation": ""
            }
        ],
        "Config": {
            "Hostname": "d052f8473bf4",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "10000/tcp": {},
                "7000/tcp": {},
                "7001/tcp": {},
                "9042/tcp": {},
                "9160/tcp": {},
                "9180/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "container=docker"
            ],
            "Cmd": [
                "--seeds=172.17.0.2"
            ],
            "Image": "scylladb/scylla",
            "Volumes": {
                "/sys/fs/cgroup": {},
                "/var/lib/scylla": {}
            },
            "WorkingDir": "",
            "Entrypoint": [
                "/docker-entrypoint.py"
            ],
            "OnBuild": null,
            "Labels": {
                "build-date": "20180302",
                "license": "GPLv2",
                "name": "CentOS Base Image",
                "vendor": "CentOS"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "32ba07dcd67c2e2037e0e45240a24e5da1f0bb92b57558cf21bedca291cd7ebe",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "10000/tcp": null,
                "7000/tcp": null,
                "7001/tcp": null,
                "9042/tcp": null,
                "9160/tcp": null,
                "9180/tcp": null
            },
            "SandboxKey": "/var/run/docker/netns/32ba07dcd67c",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "a9268beeb573a12f5feab3336f1cf57f8904e596d9b5ab0d43a9c3aa51bcc644",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:03",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "a1f9340c191a98e5901ed9bfabeaf66e932b57d9a88b8a17892b5e82ce210954",
                    "EndpointID": "a9268beeb573a12f5feab3336f1cf57f8904e596d9b5ab0d43a9c3aa51bcc644",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:03",
                    "DriverOpts": null
                }
            }
        }
    }
]

[egernst]

/cc @grahamwhaley @amshinde - FYI.

[grahamwhaley]

@egernst yep, I asked @raravena80 for the mount info. @raravena80 - is the scylla DB on /var/lib/scylla? - as we have

kataShared on /var/lib/scylla type 9p (rw,nodev,relatime,sync,dirsync,access=client,trans=virtio)

being a 9p mount, rather than a direct block mapping.
I'll let @amshinde comment on how, why etc., presuming that is they key volume mount we'd like 'optimised'

[raravena80]

@grahamwhaley yes. All the DB items including data, and commit logs are under /var/lib/scylla

[amshinde]

@raravena80 @egernst @grahamwhaley Since the actual database is on a shared 9pfs mount, the performance measured is over 9p. Using devicemapper here would not make much of a difference since the database files are read/written on a 9p mount(/var/lib/scylla)

@raravena80 I think you would see better numbers if you had your database on the rootfs itself, since in case of devicemapper this would be a block based device and would show better numbers.

[raravena80]

@amshinde the numbers are even lower using the bare metal rootfs as the data storage. As per https://hub.docker.com/r/scylladb/scylla/ where it says: "Configuring data volume for storage
". Basically, I started the 2 node cluster like this:

docker run --volume /var/lib/scylla:/var/lib/scylla --runtime kata-runtime --name scylla -p 9042:9042 -d scylladb/scylla
docker run --volume /var/lib/scylla:/var/lib/scylla --runtime kata-runtime --name scylla2 -d scylladb/scylla --seeds="$(docker inspect --format='{{ .NetworkSettings.IPAddress }}' my-scylla)"

and the numbers:

Write

Results:
Op rate                   :    2,783 op/s  [WRITE: 2,783 op/s]
Partition rate            :    2,783 pk/s  [WRITE: 2,783 pk/s]
Row rate                  :    2,783 row/s [WRITE: 2,783 row/s]
Latency mean              :   71.8 ms [WRITE: 71.8 ms]
Latency median            :   70.9 ms [WRITE: 70.9 ms]
Latency 95th percentile   :   90.6 ms [WRITE: 90.6 ms]
Latency 99th percentile   :  110.0 ms [WRITE: 110.0 ms]
Latency 99.9th percentile :  179.4 ms [WRITE: 179.4 ms]
Latency max               :  444.6 ms [WRITE: 444.6 ms]
Total partitions          :  2,500,000 [WRITE: 2,500,000]
Total errors              :          0 [WRITE: 0]
Total GC count            : 0
Total GC memory           : 0.000 KiB
Total GC time             :    0.0 seconds
Avg GC time               :    NaN ms
StdDev GC time            :    0.0 ms
Total operation time      : 00:14:58

Read:

Results:
Op rate                   :      908 op/s  [READ: 908 op/s]
Partition rate            :      908 pk/s  [READ: 908 pk/s]
Row rate                  :      908 row/s [READ: 908 row/s]
Latency mean              :  220.2 ms [READ: 220.2 ms]
Latency median            :  219.7 ms [READ: 219.7 ms]
Latency 95th percentile   :  244.4 ms [READ: 244.4 ms]
Latency 99th percentile   :  259.7 ms [READ: 259.7 ms]
Latency 99.9th percentile :  310.6 ms [READ: 310.6 ms]
Latency max               :  658.0 ms [READ: 658.0 ms]
Total partitions          :  2,500,000 [READ: 2,500,000]
Total errors              :          0 [READ: 0]
Total GC count            : 0
Total GC memory           : 0.000 KiB
Total GC time             :    0.0 seconds
Avg GC time               :    NaN ms
StdDev GC time            :    0.0 ms
Total operation time      : 00:45:53

[amshinde]

@raravena80 I am afraid that creates a directory on the host that is still shared with the guest using 9p. I think the scylla docker workload itself is very much tied to Docker volumes, as it creates the /var/lib/scylla directory as a volume.
I havent found the exact Dockerfile, but it should be similar to
https://github.com/scylladb/scylla/blob/master/dist/docker/ubuntu/Dockerfile#L16

Had the VOLUME /var/lib/scylla been replaced by RUN mkdir /var/lib/scylla, that would have created the data directory on the rootfs.

One way to improve performance would be to use a volume that is block based, but using block-based volumes is something that is still missing in kata. I have opened an issue here related to this: #198

[raravena80]

Ran the tests with /var/lib/scylla inside the container and got almost the same results. (Slightly better) I believe the performance penalty might not just be necessarily related to 9pfs

Modified the last couple of lines of the Dockerfile like this:

#VOLUME [ "/var/lib/scylla" ]
RUN mkdir -p /var/lib/scylla

Then built the container:

docker build -t localscylla:latest .

Write Results:

Results:
Op rate                   :    3,656 op/s  [WRITE: 3,656 op/s]
Partition rate            :    3,656 pk/s  [WRITE: 3,656 pk/s]
Row rate                  :    3,656 row/s [WRITE: 3,656 row/s]
Latency mean              :   54.6 ms [WRITE: 54.6 ms]
Latency median            :   47.0 ms [WRITE: 47.0 ms]
Latency 95th percentile   :  118.5 ms [WRITE: 118.5 ms]
Latency 99th percentile   :  166.5 ms [WRITE: 166.5 ms]
Latency 99.9th percentile :  521.1 ms [WRITE: 521.1 ms]
Latency max               : 1249.9 ms [WRITE: 1,249.9 ms]
Total partitions          :  2,500,000 [WRITE: 2,500,000]
Total errors              :          0 [WRITE: 0]
Total GC count            : 0
Total GC memory           : 0.000 KiB
Total GC time             :    0.0 seconds
Avg GC time               :    NaN ms
StdDev GC time            :    0.0 ms
Total operation time      : 00:11:23

Read Results:

Results:
Op rate                   :    1,605 op/s  [READ: 1,605 op/s]
Partition rate            :    1,605 pk/s  [READ: 1,605 pk/s]
Row rate                  :    1,605 row/s [READ: 1,605 row/s]
Latency mean              :  124.5 ms [READ: 124.5 ms]
Latency median            :  121.0 ms [READ: 121.0 ms]
Latency 95th percentile   :  264.4 ms [READ: 264.4 ms]
Latency 99th percentile   :  308.8 ms [READ: 308.8 ms]
Latency 99.9th percentile :  380.1 ms [READ: 380.1 ms]
Latency max               :  772.3 ms [READ: 772.3 ms]
Total partitions          :  2,500,000 [READ: 2,500,000]
Total errors              :          0 [READ: 0]
Total GC count            : 0
Total GC memory           : 0.000 KiB
Total GC time             :    0.0 seconds
Avg GC time               :    NaN ms
StdDev GC time            :    0.0 ms
Total operation time      : 00:25:57

[grahamwhaley]

Hi @raravena80 . I was re-creating this test when I noticed something. I saw from the rolling results the test prints that there seems to be a ramp up period of ops/s, and then it settles down. This led me to a couple of conclusions:

• I could run the test for a shorter time...
• but the ramp up period would then have a larger effect on the final average ops/s result that is printed :-)
• when I reduced the test size (to 500kops), my results went up!

This last point led me to realise that maybe we can configure the containers to be a bit more 'equal'. At the moment the kata default VM gets 1vcpu and 2G or RAM, but I think your runc container on your machine will have unlimited access to the machine - from the blog, 8G of RAM and 4CPUs. Can you try configuring the kata container to have the equivalent of full system access, and re-run?

You can use the '-m 8G' option to docker run to get the memory setup, but I think --cpus=4 may not be working right now (iirc there was an Issue open for that). It might be easiest for you to just edit the lines in the kata toml config file for the test run:

default_vcpus = 4
default_memory = 8192

Oh, I'll also note, the cassandra-stress -graph option is quite good for looking at the pattern of the data to see the ramp up/downs - which gives a little more view than just the final average. Maybe that or we could try dropping the no-warmup from the test to let things settle etc.

[amshinde]

@raravena80 Can you also test with your localscylla image with setting enable_iothreads as true in your kata toml file and see if it helps the performance results.

[raravena80]

K, I ran the test with the devicemapper option in Docker and with an external /var/lib/scylla directory which I suppose goes over 9pfs. Since the machine has 4 CPUs and 8G and I needed to start 2 containers, plus needed to leave some extra room (2G). I changed the kata toml configs like this

default_vcpus = 4
default_memory = 3072

I also ran 500000 ops instead of 2500000 I see better results between Writes and Reads. (There's not a lot discrepancy between them)

kata_write_9pfs
---------------------------------------
op rate                    : 3,335 op/s [WRITE: 3,358 op/s]
partition rate             : 3,335 pk/s [WRITE: 3,358 pk/s]
row rate                   : 3,335 row/s [WRITE: 3,358 row/s]
latency mean               : 59.4 ms [WRITE: 59.4 ms]
latency median             : 43.8 ms [WRITE: 43.8 ms]
latency 95th percentile    : 163.3 ms [WRITE: 163.3 ms]
latency 99th percentile    : 261.4 ms [WRITE: 261.4 ms]
latency 99.9th percentile  : 439.1 ms [WRITE: 439.1 ms]
latency max                : 901.3 ms [WRITE: 901.3 ms]
total gc count             : 0
total gc memory            : 0.000 KiB
total gc time              : 0.0 seconds
avg gc time                : NaN ms
stddev gc time             : 0.0 ms
Total operation time       : 00:02:29
cmd: write no-warmup n=500000 -node 127.0.0.1 -rate threads=200 -mode native cql3 -schema keyspace=ksX -graph file=graphfile revision=kata_write_9pfs title=Kata_Write_9pfs

kata_read_9pfs
---------------------------------------
op rate                    : 2,704 op/s [READ: 2,704 op/s]
partition rate             : 2,704 pk/s [READ: 2,704 pk/s]
row rate                   : 2,704 row/s [READ: 2,704 row/s]
latency mean               : 73.5 ms [READ: 73.5 ms]
latency median             : 31.5 ms [READ: 31.5 ms]
latency 95th percentile    : 379.6 ms [READ: 379.6 ms]
latency 99th percentile    : 552.1 ms [READ: 552.1 ms]
latency 99.9th percentile  : 665.3 ms [READ: 665.3 ms]
latency max                : 828.9 ms [READ: 828.9 ms]
total gc count             : 0
total gc memory            : 0.000 KiB
total gc time              : 0.0 seconds
avg gc time                : NaN ms
stddev gc time             : 0.0 ms
Total operation time       : 00:03:04
cmd: read no-warmup n=500000 -node 127.0.0.1 -rate threads=200 -mode native cql3 -schema keyspace=ksX -graph file=graphfile revision=kata_read_9pfs title=Kata_9pfs

graphfile_9pfs.gz

Next, I'll run with an internal /var/lib/scylla directory and I'll post the results afterward.

[raravena80]

K, there's not a lot of difference if I run the tests with /var/lib/scylla locally in the container. Perhaps a little better in terms of reads.

kata_write_local
---------------------------------------
op rate                    : 3,336 op/s [WRITE: 3,336 op/s]
partition rate             : 3,336 pk/s [WRITE: 3,336 pk/s]
row rate                   : 3,336 row/s [WRITE: 3,336 row/s]
latency mean               : 59.5 ms [WRITE: 59.5 ms]
latency median             : 44.9 ms [WRITE: 44.9 ms]
latency 95th percentile    : 161.2 ms [WRITE: 161.2 ms]
latency 99th percentile    : 276.6 ms [WRITE: 276.6 ms]
latency 99.9th percentile  : 440.7 ms [WRITE: 440.7 ms]
latency max                : 1226.8 ms [WRITE: 1,226.8 ms]
total gc count             : 0
total gc memory            : 0.000 KiB
total gc time              : 0.0 seconds
avg gc time                : NaN ms
stddev gc time             : 0.0 ms
Total operation time       : 00:02:29
cmd: write no-warmup n=500000 -node 127.0.0.1 -rate threads=200 -mode native cql3 -schema keyspace=ksX -graph file=graphfile_local revision=kata_write_local title=Kata_Local

kata_read_local
---------------------------------------
op rate                    : 2,864 op/s [READ: 2,864 op/s]
partition rate             : 2,864 pk/s [READ: 2,864 pk/s]
row rate                   : 2,864 row/s [READ: 2,864 row/s]
latency mean               : 69.5 ms [READ: 69.5 ms]
latency median             : 35.7 ms [READ: 35.7 ms]
latency 95th percentile    : 309.6 ms [READ: 309.6 ms]
latency 99th percentile    : 432.8 ms [READ: 432.8 ms]
latency 99.9th percentile  : 519.6 ms [READ: 519.6 ms]
latency max                : 1139.8 ms [READ: 1,139.8 ms]
total gc count             : 0
total gc memory            : 0.000 KiB
total gc time              : 0.0 seconds
avg gc time                : NaN ms
stddev gc time             : 0.0 ms
Total operation time       : 00:02:54
cmd: read no-warmup n=500000 -node 127.0.0.1 -rate threads=200 -mode native cql3 -schema keyspace=ksX -graph file=graphfile_local revision=kata_read_local title=Kata_Local

graphfile_local.gz

[grahamwhaley]

Thanks @raravena80 . Are you and @amshinde happy that we now understand where the disparity (at least the read/write disparity) was coming from (small RAM for kata by default). If both @raravena80 and @amshinde are happy, then I think we can close the Issue?
Otherwise, please detail any more configs we wan to try here.

thanks!

[raravena80]

@amshinde you ok with this? Performance overall should be better if we have block device support in the VM. Overall it's hard to match raw container performance unless the VM has more components directly talking to the hardware.