diff options
-rwxr-xr-x | lib/container/limit | 208 | ||||
-rwxr-xr-x | lib/container/start | 96 | ||||
-rw-r--r-- | share/bash-completion/container | 15 | ||||
-rw-r--r-- | share/config/container.conf.in | 13 | ||||
-rw-r--r-- | share/man/container-limit.1.txt | 109 | ||||
-rw-r--r-- | share/man/container.1.txt | 3 |
6 files changed, 433 insertions, 11 deletions
diff --git a/lib/container/limit b/lib/container/limit new file mode 100755 index 0000000..b1ec170 --- /dev/null +++ b/lib/container/limit @@ -0,0 +1,208 @@ +#!/bin/sh + +# Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +PROJECT="open-infrastructure" +PROGRAM="container" +COMMAND="$(basename ${0})" + +HOOKS="/etc/${PROJECT}/${PROGRAM}/hooks" +MACHINES="/var/lib/machines" + +Parameters () +{ + GETOPT_LONGOPTIONS="name:,blockio-device-weight:,blockio-read-bandwidth:,blockio-weight:,blockio-write-bandwidth:,cpu-quota:,cpu-shares:,memory-limit:,tasks-max:," + GETOPT_OPTIONS="n:b:c:m:t:," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -n|--name) + NAME="${2}" + shift 2 + ;; + + -c|--cpu-quota) + CPU_QUOTA="${2}" + shift 2 + ;; + + --cpu-shares) + CPU_SHARES="${2}" + shift 2 + ;; + + -m|--memory-limit) + MEMORY_LIMIT="${2}" + shift 2 + ;; + + -t|--tasks-max) + TASKS_MAX="${2}" + shift 2 + ;; + + --blockio-device-weight) + BLOCK_IO_DEVICE_WEIGHT="${2}" + shift 2 + ;; + + --blockio-read-bandwidth) + BLOCK_IO_READ_BANDWIDTH="${2}" + shift 2 + ;; + + -b|--blockio-weight) + BLOCK_IO_WEIGHT="${2}" + shift 2 + ;; + + --blockio-write-bandwidth) + BLOCK_IO_WRITE_BANDWIDTH="${2}" + shift 2 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwidth \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwidth \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2 + exit 1 +} + +Parameters "${@}" + +if [ -z "${NAME}" ] +then + Usage +fi + +if [ ! -e "${MACHINES}/${NAME}" ] +then + echo "'${NAME}': no such container" >&2 + exit 1 +fi + +STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')" + +case "${STATE}" in + running) + ;; + + *) + echo "'${NAME}': container is not running" >&2 + exit 1 + ;; +esac + +if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ] +then + BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}" + SET_PROPERTY="true" +fi + +if [ -n "${BLOCK_IO_READ_BANDWIDTH}" ] +then + BLOCK_IO_READ_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWIDTH}" + SET_PROPERTY="true" +fi + +if [ -n "${BLOCK_IO_WEIGHT}" ] +then + BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}" + SET_PROPERTY="true" +fi + +if [ -n "${BLOCK_IO_WRITE_BANDWIDTH}" ] +then + BLOCK_IO_WRITE_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_WRITE_BANDWIDTH}" + SET_PROPERTY="true" +fi + +if [ -n "${CPU_QUOTA}" ] +then + CPU_QUOTA="CPUQuota=${CPU_QUOTA}" + SET_PROPERTY="true" +fi + +if [ -n "${CPU_SHARES}" ] +then + CPU_SHARES="CPUShares=${CPU_SHARES}" + SET_PROPERTY="true" +fi + +if [ -n "${MEMORY_LIMIT}" ] +then + MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}" + SET_PROPERTY="true" +fi + +if [ -n "${TASKS_MAX}" ] +then + TASKS_MAX="TasksMax=${TASKS_MAX}" + SET_PROPERTY="true" +fi + +if [ "${SET_PROPERTY}" != "true" ] +then + Usage +fi + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +# Run +systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWIDTH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWIDTH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX} + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done diff --git a/lib/container/start b/lib/container/start index 82f9314..d5e9059 100755 --- a/lib/container/start +++ b/lib/container/start @@ -398,6 +398,70 @@ EOF REGISTER="--register=no" ;; esac + + BLOCK_IO_DEVICE_WEIGHT="$(awk -F= '/^BlockIODeviceWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ] + then + BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}" + SET_PROPERTY="true" + fi + + BLOCK_IO_READ_BANDWIDTH="$(awk -F= '/^BlockIOReadBandwidth=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${BLOCK_IO_READ_BANDWIDTH}" ] + then + BLOCK_IO_READ_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWIDTH}" + SET_PROPERTY="true" + fi + + BLOCK_IO_WEIGHT="$(awk -F= '/^BlockIOWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${BLOCK_IO_WEIGHT}" ] + then + BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}" + SET_PROPERTY="true" + fi + + BLOCK_IO_WRITE_BANDWIDTH="$(awk -F= '/^BlockIOWriteBandwidth=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${BLOCK_IO_WRITE_BANDWIDTH}" ] + then + BLOCK_IO_WRITE_BANDWIDTH="BlockIOWriteBandwidth=${BLOCK_IO_WRITE_BANDWIDTH}" + SET_PROPERTY="true" + fi + + CPU_QUOTA="$(awk -F= '/^CPUQuota=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${CPU_QUOTA}" ] + then + CPU_QUOTA="CPUQuota=${CPU_QUOTA}" + SET_PROPERTY="true" + fi + + CPU_SHARES="$(awk -F= '/^CPUShares=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${CPU_SHARES}" ] + then + CPU_SHARES="CPUShares=${CPU_SHARES}" + SET_PROPERTY="true" + fi + + MEMORY_LIMIT="$(awk -F= '/^MemoryLimit=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${MEMORY_LIMIT}" ] + then + MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}" + SET_PROPERTY="true" + fi + + TASKS_MAX="$(awk -F= '/^TasksMax=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${TASKS_MAX}" ] + then + TASKS_MAX="TasksMax=${TASKS_MAX}" + SET_PROPERTY="true" + fi fi case "${SYSTEMCTL}" in @@ -408,14 +472,26 @@ case "${SYSTEMCTL}" in ;; esac -# Run -${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER} +case "${START}" in + true) + case "${SET_PROPERTY}" in + true) + systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWIDTH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWIDTH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX} + ;; + esac + ;; + + *) + # Run + ${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER} -# Post hooks -for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" -do - if [ -x "${FILE}" ] - then - "${FILE}" - fi -done + # Post hooks + for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" + do + if [ -x "${FILE}" ] + then + "${FILE}" + fi + done + ;; +esac diff --git a/share/bash-completion/container b/share/bash-completion/container index 710e660..e130710 100644 --- a/share/bash-completion/container +++ b/share/bash-completion/container @@ -102,6 +102,21 @@ _container() opts="-a --add -l --list -r --remove" COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) return 0 + + limit) + case "${prev}" in + -n|--name) + opts="$(container list -a -f shell)" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + opts="-n --name --blockio-device-weight --blockio-read-bandwidth -b --blockio-weight --blockio-write-bandwidth -c --cpu-quota --cpu-shares -m --memory-limit -t --tasks-max" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac ;; list|ls) diff --git a/share/config/container.conf.in b/share/config/container.conf.in index b0f35cb..ebf91b9 100644 --- a/share/config/container.conf.in +++ b/share/config/container.conf.in @@ -1,5 +1,6 @@ -# /etc/open-infrastructure/container/config/@NAME@.conf +# compute-tools: @NAME@ +[start] cnt.auto=@CNT_AUTO@ cnt.container-server=@CNT_CONTAINER_SERVER@ cnt.network-bridge=@CNT_NETWORK_BRIDGE@ @@ -15,3 +16,13 @@ machine=@MACHINE@ network-veth-extra=@NETWORK_VETH_EXTRA@ private-users=@PRIVATE_USERS@ register=@REGISTER@ + +[limit] +BlockIODeviceWeight= +BlockIOReadBandwidth= +BlockIOWeight= +BlockIOWriteBandwidth= +CPUQuota= +CPUShares= +MemoryLimit= +TasksMax= diff --git a/share/man/container-limit.1.txt b/share/man/container-limit.1.txt new file mode 100644 index 0000000..62f0288 --- /dev/null +++ b/share/man/container-limit.1.txt @@ -0,0 +1,109 @@ +// Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net> +// +// SPDX-License-Identifier: GPL-3.0+ +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +CONTAINER-LIMIT(1) +================== +:doctype: manpage +:man manual: Open Infrastructure +:man source: compute-tools +:man version: {revnumber} + + +NAME +---- +container-limit - Limit ressources of a container + + +SYNOPSIS +-------- +*container limit* ['OPTIONS'] + + +DESCRIPTION +----------- +The container limit command limits ressources available to a container at runtime. + + +OPTIONS +------- +The following container options are available: + +*-n, --name='NAME'*:: + Specify container name. + +*--blockio-device-weight='DEVICE WEIGHT'*:: + Specify device specific blockio weight, see systemd.resource-control(5). + +*--blockio-read-bandwidth='DEVICE BYTES'*:: + Specify device specific blockio read bandwidth, see systemd.resource-control(5). + +*-b, --blockio-weight='WEIGHT'*:: + Specify general blockio weight, see systemd.resource-control(5). + +*--blockio-write-bandwidth='DEVICE BYTES'*:: + Specify device specific blockio write bandwidth, see systemd.resource-control(5). + +*-c, --cpu-quota='QUOTA'*:: + Specify CPU quota, see systemd.resource-control(5). + +*--cpu-shares='SHARES'*:: + Specify CPU shares, see systemd.resource-control(5). + +*-m, --memory-limit='BYTES'*:: + Specify memory limit, see systemd.resource-control(5). + +*-t, --tasks-max='NUMBER'*:: + Specify tasks max, see systemd.resource-control(5). + + +EXAMPLES +-------- +*Set blockio weight for the example.net container:*:: + sudo container limit -n example.net --blockio-weight 100 + +*Set CPU quota for the example.net container:*:: + sudo container limit -n example.net --cpu-quota 10% + +*Set memory limit for the example.net container to 1GB:*:: + sudo container limit -n example.net --memory-limit 1G + +*Set tasks max for the example.net container to 100:*:: + sudo container limit -n example.net --tasks-max 100 + + +SEE ALSO +-------- +compute-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +CONTACT +------- +Bug reports, feature requests, help, patches, support and everything else +are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container.1.txt b/share/man/container.1.txt index b719b17..aba9141 100644 --- a/share/man/container.1.txt +++ b/share/man/container.1.txt @@ -78,6 +78,9 @@ The following container commands are available: *key*:: Manage GnuPG keyring for container operations, see container-key(1). +*limit*:: + Limit ressources of a container, see container-limit(1). + *list*:: List container on the system, see container-list(1). |