I'm trying to optimize the performance of my Cassandra (3.7+) Docker containers. I found a presentation from 2015 that mentioned (on slide 21) that I should grant CAP_IPC_LOCK and set the ulimit memlock.
After a bit of digging around, it seems two options are basically to prevent the system from swapping the JVM, which modern versions of Cassandra seem to accomplish by using JNA.
Setting --ulimit memlock=-1:-1 on my Docker containers has the effect that
INFO 12:42:33 JNA mlockall successful
is printed when booting up, so I assume I'm all set and done.
Do I still need to --cap-add=CAP_IPC_LOCK and if so, how can I detect whether I set it correctly?
Lets think about this.
In linux a process needs the CAP_IPC_LOCK capability to call mlockall.
Now mlockAll locks all of the calling process's virtual address space into RAM, preventing that memory from being paged to the swap area. Thus essentially not letting you swap.
Installing JNA has the same effect.
This is from Datastax docs
Installing JNA can improve Cassandra memory usage.When installed and configured, Linux does not swap out the JVM, and thus avoids related performance issues.
http://docs.datastax.com/en/cassandra/1.2/cassandra/install/installJnaDeb.html
Also if you see below in the logs
JNA mlockall successful
That means that JNA is enabled.
I Think you are ok and do not need to add CAP_IPC_LOCK.