Cassandra, JNA, Docker and CAP_IPC_LOCK

Question

I'm trying to optimize the performance of my Cassandra (3.7+) Docker containers. I found a presentation from 2015 that mentioned (on slide 21) that I should grant CAP_IPC_LOCK and set the ulimit memlock.

After a bit of digging around, it seems two options are basically to prevent the system from swapping the JVM, which modern versions of Cassandra seem to accomplish by using JNA.

Setting --ulimit memlock=-1:-1 on my Docker containers has the effect that

INFO  12:42:33 JNA mlockall successful

is printed when booting up, so I assume I'm all set and done.

Do I still need to --cap-add=CAP_IPC_LOCK and if so, how can I detect whether I set it correctly?

Answer 1

Lets think about this.

In linux a process needs the CAP_IPC_LOCK capability to call mlockall.

Now mlockAll locks all of the calling process's virtual address space into RAM, preventing that memory from being paged to the swap area. Thus essentially not letting you swap.

Installing JNA has the same effect.

This is from Datastax docs

Installing JNA can improve Cassandra memory usage.When installed and configured, Linux does not swap out the JVM, and thus avoids related performance issues.

http://docs.datastax.com/en/cassandra/1.2/cassandra/install/installJnaDeb.html

Also if you see below in the logs

JNA mlockall successful

That means that JNA is enabled.

I Think you are ok and do not need to add CAP_IPC_LOCK.