summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xlib/container/limit208
-rwxr-xr-xlib/container/start96
-rw-r--r--share/bash-completion/container15
-rw-r--r--share/config/container.conf.in13
-rw-r--r--share/man/container-limit.1.txt109
-rw-r--r--share/man/container.1.txt3
6 files changed, 433 insertions, 11 deletions
diff --git a/lib/container/limit b/lib/container/limit
new file mode 100755
index 0000000..b1ec170
--- /dev/null
+++ b/lib/container/limit
@@ -0,0 +1,208 @@
+#!/bin/sh
+
+# Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+PROJECT="open-infrastructure"
+PROGRAM="container"
+COMMAND="$(basename ${0})"
+
+HOOKS="/etc/${PROJECT}/${PROGRAM}/hooks"
+MACHINES="/var/lib/machines"
+
+Parameters ()
+{
+ GETOPT_LONGOPTIONS="name:,blockio-device-weight:,blockio-read-bandwidth:,blockio-weight:,blockio-write-bandwidth:,cpu-quota:,cpu-shares:,memory-limit:,tasks-max:,"
+ GETOPT_OPTIONS="n:b:c:m:t:,"
+
+ PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
+
+ if [ "${?}" != "0" ]
+ then
+ echo "'${COMMAND}': getopt exit" >&2
+ exit 1
+ fi
+
+ eval set -- "${PARAMETERS}"
+
+ while true
+ do
+ case "${1}" in
+ -n|--name)
+ NAME="${2}"
+ shift 2
+ ;;
+
+ -c|--cpu-quota)
+ CPU_QUOTA="${2}"
+ shift 2
+ ;;
+
+ --cpu-shares)
+ CPU_SHARES="${2}"
+ shift 2
+ ;;
+
+ -m|--memory-limit)
+ MEMORY_LIMIT="${2}"
+ shift 2
+ ;;
+
+ -t|--tasks-max)
+ TASKS_MAX="${2}"
+ shift 2
+ ;;
+
+ --blockio-device-weight)
+ BLOCK_IO_DEVICE_WEIGHT="${2}"
+ shift 2
+ ;;
+
+ --blockio-read-bandwidth)
+ BLOCK_IO_READ_BANDWIDTH="${2}"
+ shift 2
+ ;;
+
+ -b|--blockio-weight)
+ BLOCK_IO_WEIGHT="${2}"
+ shift 2
+ ;;
+
+ --blockio-write-bandwidth)
+ BLOCK_IO_WRITE_BANDWIDTH="${2}"
+ shift 2
+ ;;
+
+ --)
+ shift 1
+ break
+ ;;
+
+ *)
+ echo "'${COMMAND}': getopt error" >&2
+ exit 1
+ ;;
+ esac
+ done
+}
+
+Usage ()
+{
+ echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwidth \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwidth \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2
+ exit 1
+}
+
+Parameters "${@}"
+
+if [ -z "${NAME}" ]
+then
+ Usage
+fi
+
+if [ ! -e "${MACHINES}/${NAME}" ]
+then
+ echo "'${NAME}': no such container" >&2
+ exit 1
+fi
+
+STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')"
+
+case "${STATE}" in
+ running)
+ ;;
+
+ *)
+ echo "'${NAME}': container is not running" >&2
+ exit 1
+ ;;
+esac
+
+if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ]
+then
+ BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${BLOCK_IO_READ_BANDWIDTH}" ]
+then
+ BLOCK_IO_READ_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWIDTH}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${BLOCK_IO_WEIGHT}" ]
+then
+ BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${BLOCK_IO_WRITE_BANDWIDTH}" ]
+then
+ BLOCK_IO_WRITE_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_WRITE_BANDWIDTH}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${CPU_QUOTA}" ]
+then
+ CPU_QUOTA="CPUQuota=${CPU_QUOTA}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${CPU_SHARES}" ]
+then
+ CPU_SHARES="CPUShares=${CPU_SHARES}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${MEMORY_LIMIT}" ]
+then
+ MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${TASKS_MAX}" ]
+then
+ TASKS_MAX="TasksMax=${TASKS_MAX}"
+ SET_PROPERTY="true"
+fi
+
+if [ "${SET_PROPERTY}" != "true" ]
+then
+ Usage
+fi
+
+# Pre hooks
+for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done
+
+# Run
+systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWIDTH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWIDTH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
+
+# Post hooks
+for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done
diff --git a/lib/container/start b/lib/container/start
index 82f9314..d5e9059 100755
--- a/lib/container/start
+++ b/lib/container/start
@@ -398,6 +398,70 @@ EOF
REGISTER="--register=no"
;;
esac
+
+ BLOCK_IO_DEVICE_WEIGHT="$(awk -F= '/^BlockIODeviceWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ]
+ then
+ BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}"
+ SET_PROPERTY="true"
+ fi
+
+ BLOCK_IO_READ_BANDWIDTH="$(awk -F= '/^BlockIOReadBandwidth=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${BLOCK_IO_READ_BANDWIDTH}" ]
+ then
+ BLOCK_IO_READ_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWIDTH}"
+ SET_PROPERTY="true"
+ fi
+
+ BLOCK_IO_WEIGHT="$(awk -F= '/^BlockIOWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${BLOCK_IO_WEIGHT}" ]
+ then
+ BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}"
+ SET_PROPERTY="true"
+ fi
+
+ BLOCK_IO_WRITE_BANDWIDTH="$(awk -F= '/^BlockIOWriteBandwidth=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${BLOCK_IO_WRITE_BANDWIDTH}" ]
+ then
+ BLOCK_IO_WRITE_BANDWIDTH="BlockIOWriteBandwidth=${BLOCK_IO_WRITE_BANDWIDTH}"
+ SET_PROPERTY="true"
+ fi
+
+ CPU_QUOTA="$(awk -F= '/^CPUQuota=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${CPU_QUOTA}" ]
+ then
+ CPU_QUOTA="CPUQuota=${CPU_QUOTA}"
+ SET_PROPERTY="true"
+ fi
+
+ CPU_SHARES="$(awk -F= '/^CPUShares=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${CPU_SHARES}" ]
+ then
+ CPU_SHARES="CPUShares=${CPU_SHARES}"
+ SET_PROPERTY="true"
+ fi
+
+ MEMORY_LIMIT="$(awk -F= '/^MemoryLimit=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${MEMORY_LIMIT}" ]
+ then
+ MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}"
+ SET_PROPERTY="true"
+ fi
+
+ TASKS_MAX="$(awk -F= '/^TasksMax=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${TASKS_MAX}" ]
+ then
+ TASKS_MAX="TasksMax=${TASKS_MAX}"
+ SET_PROPERTY="true"
+ fi
fi
case "${SYSTEMCTL}" in
@@ -408,14 +472,26 @@ case "${SYSTEMCTL}" in
;;
esac
-# Run
-${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER}
+case "${START}" in
+ true)
+ case "${SET_PROPERTY}" in
+ true)
+ systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWIDTH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWIDTH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
+ ;;
+ esac
+ ;;
+
+ *)
+ # Run
+ ${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER}
-# Post hooks
-for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
-do
- if [ -x "${FILE}" ]
- then
- "${FILE}"
- fi
-done
+ # Post hooks
+ for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
+ do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+ done
+ ;;
+esac
diff --git a/share/bash-completion/container b/share/bash-completion/container
index 710e660..e130710 100644
--- a/share/bash-completion/container
+++ b/share/bash-completion/container
@@ -102,6 +102,21 @@ _container()
opts="-a --add -l --list -r --remove"
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
return 0
+
+ limit)
+ case "${prev}" in
+ -n|--name)
+ opts="$(container list -a -f shell)"
+ COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+ return 0
+ ;;
+
+ *)
+ opts="-n --name --blockio-device-weight --blockio-read-bandwidth -b --blockio-weight --blockio-write-bandwidth -c --cpu-quota --cpu-shares -m --memory-limit -t --tasks-max"
+ COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+ return 0
+ ;;
+ esac
;;
list|ls)
diff --git a/share/config/container.conf.in b/share/config/container.conf.in
index b0f35cb..ebf91b9 100644
--- a/share/config/container.conf.in
+++ b/share/config/container.conf.in
@@ -1,5 +1,6 @@
-# /etc/open-infrastructure/container/config/@NAME@.conf
+# compute-tools: @NAME@
+[start]
cnt.auto=@CNT_AUTO@
cnt.container-server=@CNT_CONTAINER_SERVER@
cnt.network-bridge=@CNT_NETWORK_BRIDGE@
@@ -15,3 +16,13 @@ machine=@MACHINE@
network-veth-extra=@NETWORK_VETH_EXTRA@
private-users=@PRIVATE_USERS@
register=@REGISTER@
+
+[limit]
+BlockIODeviceWeight=
+BlockIOReadBandwidth=
+BlockIOWeight=
+BlockIOWriteBandwidth=
+CPUQuota=
+CPUShares=
+MemoryLimit=
+TasksMax=
diff --git a/share/man/container-limit.1.txt b/share/man/container-limit.1.txt
new file mode 100644
index 0000000..62f0288
--- /dev/null
+++ b/share/man/container-limit.1.txt
@@ -0,0 +1,109 @@
+// Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+//
+// SPDX-License-Identifier: GPL-3.0+
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+CONTAINER-LIMIT(1)
+==================
+:doctype: manpage
+:man manual: Open Infrastructure
+:man source: compute-tools
+:man version: {revnumber}
+
+
+NAME
+----
+container-limit - Limit ressources of a container
+
+
+SYNOPSIS
+--------
+*container limit* ['OPTIONS']
+
+
+DESCRIPTION
+-----------
+The container limit command limits ressources available to a container at runtime.
+
+
+OPTIONS
+-------
+The following container options are available:
+
+*-n, --name='NAME'*::
+ Specify container name.
+
+*--blockio-device-weight='DEVICE WEIGHT'*::
+ Specify device specific blockio weight, see systemd.resource-control(5).
+
+*--blockio-read-bandwidth='DEVICE BYTES'*::
+ Specify device specific blockio read bandwidth, see systemd.resource-control(5).
+
+*-b, --blockio-weight='WEIGHT'*::
+ Specify general blockio weight, see systemd.resource-control(5).
+
+*--blockio-write-bandwidth='DEVICE BYTES'*::
+ Specify device specific blockio write bandwidth, see systemd.resource-control(5).
+
+*-c, --cpu-quota='QUOTA'*::
+ Specify CPU quota, see systemd.resource-control(5).
+
+*--cpu-shares='SHARES'*::
+ Specify CPU shares, see systemd.resource-control(5).
+
+*-m, --memory-limit='BYTES'*::
+ Specify memory limit, see systemd.resource-control(5).
+
+*-t, --tasks-max='NUMBER'*::
+ Specify tasks max, see systemd.resource-control(5).
+
+
+EXAMPLES
+--------
+*Set blockio weight for the example.net container:*::
+ sudo container limit -n example.net --blockio-weight 100
+
+*Set CPU quota for the example.net container:*::
+ sudo container limit -n example.net --cpu-quota 10%
+
+*Set memory limit for the example.net container to 1GB:*::
+ sudo container limit -n example.net --memory-limit 1G
+
+*Set tasks max for the example.net container to 100:*::
+ sudo container limit -n example.net --tasks-max 100
+
+
+SEE ALSO
+--------
+compute-tools(7),
+container(1).
+
+
+HOMEPAGE
+--------
+More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net.
+
+
+CONTACT
+-------
+Bug reports, feature requests, help, patches, support and everything else
+are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>.
+
+Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org.
+
+
+AUTHORS
+-------
+compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others.
diff --git a/share/man/container.1.txt b/share/man/container.1.txt
index b719b17..aba9141 100644
--- a/share/man/container.1.txt
+++ b/share/man/container.1.txt
@@ -78,6 +78,9 @@ The following container commands are available:
*key*::
Manage GnuPG keyring for container operations, see container-key(1).
+*limit*::
+ Limit ressources of a container, see container-limit(1).
+
*list*::
List container on the system, see container-list(1).