Configure the Memory Limit Support Without Swap Limit Capabilities - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-04
Category
Administrator Guide
Abstract

Configure the container memory limit support without swap limit capabilities.

When a container exceeds the specified amount of memory, the container starts to swap. Not all Linux distributions have the swap limit support enabled by default.

  • Red Hat distributions usually have swap limit support enabled by default.

  • Debian and Ubuntu distributions usually have swap limit support disabled by default.

To check if your system supports swap limit capabilities, in the engine machine run the following command:

sudo docker run --rm -it --memory=1g demisto/python:1.3-alpine true

If swap limit capabilities is enabled, Configure the Memory Limitation . To test the memory, see Test the Memory Limit.

If you see the WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap. message in the output (the message may vary between Docker versions), you have two options:

  • Configure swap limit capabilities by following the Docker documentation.

  • Follow the procedure set out below.

To protect the host from a container using too many system resources (either because of a software bug or a DoS attack), limit the resources available for each container. In the engine configuration file, some of these settings are set using the advanced parameter: python.pass.extra.keys. This key receives as a parameter full docker run options, separated with the ## string.

If you see the WARNING: No swap limit support you can configure memory support without swap limit capabilities.

To set the docker run option --memory-swap option to -1 (disables swap memory enforcement):

  1. Edit the Engine Configuration File.

  2. Add the following key:

    "python.pass.extra.keys": "--memory=1g##--memory-swap=-1"

    If you have the python.pass.extra.keys already set up with a value, add the vlaue after the ## separator.

  3. Save the changes.

  4. Restart the demisto service on the engine machine.

    sudo systemctl start d1

    (Ubuntu/DEB) sudo service d1 restart