Skip to content

Commit

Permalink
Merge pull request #19755 from zexi/container-cgroup
Browse files Browse the repository at this point in the history 
feat(host): set container memory limit
  • Loading branch information
@zexi
zexi authored Mar 21, 2024
2 parents c73ac42 + 3bcc09a commit 8f0af93
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 21 deletions.
1 change: 1 addition & 0 deletions cmd/climc/shell/compute/containers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ func init() {
cmd := shell.NewResourceCmd(&modules.Containers)
cmd.Create(new(options.ContainerCreateOptions))
cmd.List(new(options.ContainerListOptions))
cmd.Show(new(options.ContainerShowOptions))
cmd.BatchDelete(new(options.ContainerDeleteOptions))
cmd.BatchPerform("stop", new(options.ContainerStopOptions))
cmd.BatchPerform("start", new(options.ContainerStartOptions))
Expand Down
58 changes: 37 additions & 21 deletions pkg/hostman/guestman/pod.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,7 +335,7 @@ func (s *sPodGuestInstance) getPortMapping(pm *computeapi.PodPortMapping) (*runt
if pm.HostPort != nil {
runtimePm.HostPort = int32(*pm.HostPort)
if getport.IsPortUsed(portProtocol, "", *pm.HostPort) {
return nil, httperrors.NewInputParameterError("host_port %d is used", pm.HostPort)
return nil, httperrors.NewInputParameterError("host_port %d is used", *pm.HostPort)
}
usedPorts, ok := otherPorts[pm.Protocol]
if ok {
Expand Down Expand Up @@ -364,6 +364,11 @@ func (s *sPodGuestInstance) getPortMapping(pm *computeapi.PodPortMapping) (*runt
}
}

func (s *sPodGuestInstance) getCgroupParent() string {
// return fmt.Sprintf("/cloudpods/%s", s.GetId())
return "/cloudpods"
}

func (s *sPodGuestInstance) startPod(ctx context.Context, userCred mcclient.TokenCredential) (*computeapi.PodStartResponse, error) {
podInput, err := s.getPodCreateParams()
if err != nil {
Expand All @@ -386,7 +391,7 @@ func (s *sPodGuestInstance) startPod(ctx context.Context, userCred mcclient.Toke
Labels: nil,
Annotations: nil,
Linux: &runtimeapi.LinuxPodSandboxConfig{
CgroupParent: "",
CgroupParent: s.getCgroupParent(),
SecurityContext: &runtimeapi.LinuxSandboxSecurityContext{
NamespaceOptions: nil,
SelinuxOptions: nil,
Expand All @@ -395,8 +400,12 @@ func (s *sPodGuestInstance) startPod(ctx context.Context, userCred mcclient.Toke
ReadonlyRootfs: false,
SupplementalGroups: nil,
Privileged: s.getPodPrivilegedMode(podInput),
Seccomp: nil,
Apparmor: nil,
Seccomp: &runtimeapi.SecurityProfile{
ProfileType: runtimeapi.SecurityProfile_Unconfined,
},
Apparmor: &runtimeapi.SecurityProfile{
ProfileType: runtimeapi.SecurityProfile_Unconfined,
},
SeccompProfilePath: "",
},
Sysctls: nil,
Expand Down Expand Up @@ -667,8 +676,8 @@ func (s *sPodGuestInstance) getContainerLogPath(ctrId string) string {
}

func (s *sPodGuestInstance) getLxcfsMounts() []*runtimeapi.Mount {
// TODO: make lxcfs configurable or be able to auto detect
lxcfsPath := "/var/lib/lxc/lxcfs"
// lxcfsPath := "/var/lib/lxc/lxcfs"
lxcfsPath := options.HostOptions.LxcfsPath
return []*runtimeapi.Mount{
{
ContainerPath: "/proc/uptime",
Expand Down Expand Up @@ -737,6 +746,9 @@ func (s *sPodGuestInstance) createContainer(ctx context.Context, userCred mcclie
if err != nil {
return "", errors.Wrap(err, "get container mounts")
}

// REF: https://docs.docker.com/config/containers/resource_constraints/#configure-the-default-cfs-scheduler
var defaultCPUPeriod int64 = 1000
spec := input.Spec
ctrCfg := &runtimeapi.ContainerConfig{
Metadata: &runtimeapi.ContainerMetadata{
Expand All @@ -746,18 +758,18 @@ func (s *sPodGuestInstance) createContainer(ctx context.Context, userCred mcclie
Image: spec.Image,
},
Linux: &runtimeapi.LinuxContainerConfig{
//Resources: &runtimeapi.LinuxContainerResources{
// CpuPeriod: 0,
// CpuQuota: 0,
// CpuShares: 0,
// MemoryLimitInBytes: 1024 * 1024 * 4,
// OomScoreAdj: 0,
// CpusetCpus: "",
// CpusetMems: "",
// HugepageLimits: nil,
// Unified: nil,
// MemorySwapLimitInBytes: 0,
//},
Resources: &runtimeapi.LinuxContainerResources{
CpuPeriod: defaultCPUPeriod,
//CpuQuota: s.GetDesc().Cpu * defaultCPUPeriod,
//CpuShares: defaultCPUPeriod,
MemoryLimitInBytes: s.GetDesc().Mem * 1024 * 1024,
OomScoreAdj: 0,
CpusetCpus: "",
CpusetMems: "",
HugepageLimits: nil,
Unified: nil,
MemorySwapLimitInBytes: 0,
},
SecurityContext: &runtimeapi.LinuxContainerSecurityContext{
Capabilities: &runtimeapi.Capability{},
Privileged: spec.Privileged,
Expand All @@ -768,11 +780,15 @@ func (s *sPodGuestInstance) createContainer(ctx context.Context, userCred mcclie
RunAsUsername: "",
ReadonlyRootfs: false,
SupplementalGroups: nil,
NoNewPrivs: false,
NoNewPrivs: true,
MaskedPaths: nil,
ReadonlyPaths: nil,
Seccomp: nil,
Apparmor: nil,
Seccomp: &runtimeapi.SecurityProfile{
ProfileType: runtimeapi.SecurityProfile_Unconfined,
},
Apparmor: &runtimeapi.SecurityProfile{
ProfileType: runtimeapi.SecurityProfile_Unconfined,
},
ApparmorProfile: "",
SeccompProfilePath: "",
},
Expand Down
1 change: 1 addition & 0 deletions pkg/hostman/options/options.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,7 @@ type SHostOptions struct {
// EnableContainerRuntime bool `help:"enable container runtime" default:"false"`
ContainerRuntimeEndpoint string `help:"endpoint of container runtime service" default:"unix:///var/run/onecloud/containerd/containerd.sock"`
ContainerDeviceConfigFile string `help:"container device configuration file path"`
LxcfsPath string `help:"lxcfs directory path" default:"/var/lib/lxcfs"`
}

var (
Expand Down
4 changes: 4 additions & 0 deletions pkg/mcclient/options/compute/containers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ func (o *ContainerListOptions) Params() (jsonutils.JSONObject, error) {
return options.ListStructToParams(o)
}

type ContainerShowOptions struct {
ServerIdOptions
}

type ContainerDeleteOptions struct {
ServerIdsOptions
}
Expand Down

0 comments on commit 8f0af93

Please sign in to comment.