summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolas Vollmar <nvo@scaling.ch>2024-05-27 13:12:54 +0200
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-05-28 18:16:31 +0000
commit8007b58f1e0ecfad9ed0cca7ecec725287432439 (patch)
tree1224dc7bbc2c95e3504a1c7ce6643ae6b0a9d863
parent10df4ad8a3d7182363460b8043af2cacf128c893 (diff)
downloadvyos-1x-8007b58f1e0ecfad9ed0cca7ecec725287432439.tar.gz
vyos-1x-8007b58f1e0ecfad9ed0cca7ecec725287432439.zip
T6406: add container cpu limit option
(cherry picked from commit 81dea053e7178b8fea836a85aacde2a38ffb9e09)
-rw-r--r--interface-definitions/container.xml.in18
-rwxr-xr-xsmoketest/scripts/cli/test_container.py16
-rwxr-xr-xsrc/conf_mode/container.py9
3 files changed, 42 insertions, 1 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
index 2296a3e9e..4370f5888 100644
--- a/interface-definitions/container.xml.in
+++ b/interface-definitions/container.xml.in
@@ -192,6 +192,24 @@
</leafNode>
</children>
</tagNode>
+ <leafNode name="cpus">
+ <properties>
+ <help>This limits the number of CPU resources the container can use</help>
+ <valueHelp>
+ <format>u32:0</format>
+ <description>Unlimited</description>
+ </valueHelp>
+ <valueHelp>
+ <format>txt</format>
+ <description>Amount of CPU time the container can use in amount of cores (up to three decimals)</description>
+ </valueHelp>
+ <constraint>
+ <regex>(0|[1-9]\d*)(\.\d{1,3})?</regex>
+ </constraint>
+ <constraintErrorMessage>Container CPU limit must be a (decimal) number in range 0 to number of threads</constraintErrorMessage>
+ </properties>
+ <defaultValue>0</defaultValue>
+ </leafNode>
<leafNode name="memory">
<properties>
<help>Memory (RAM) available to this container</help>
diff --git a/smoketest/scripts/cli/test_container.py b/smoketest/scripts/cli/test_container.py
index 3201883b8..ef31d0f6f 100755
--- a/smoketest/scripts/cli/test_container.py
+++ b/smoketest/scripts/cli/test_container.py
@@ -91,6 +91,22 @@ class TestContainer(VyOSUnitTestSHIM.TestCase):
# Check for running process
self.assertEqual(process_named_running(PROCESS_NAME), pid)
+ def test_cpu_limit(self):
+ cont_name = 'c2'
+
+ self.cli_set(base_path + ['name', cont_name, 'allow-host-networks'])
+ self.cli_set(base_path + ['name', cont_name, 'image', cont_image])
+ self.cli_set(base_path + ['name', cont_name, 'cpus', '1.25'])
+
+ self.cli_commit()
+
+ pid = 0
+ with open(PROCESS_PIDFILE.format(cont_name), 'r') as f:
+ pid = int(f.read())
+
+ # Check for running process
+ self.assertEqual(process_named_running(PROCESS_NAME), pid)
+
def test_ipv4_network(self):
prefix = '192.0.2.0/24'
base_name = 'ipv4'
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 91a10e891..2294b8e57 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -16,6 +16,7 @@
import os
+from decimal import Decimal
from hashlib import sha256
from ipaddress import ip_address
from ipaddress import ip_network
@@ -127,6 +128,11 @@ def verify(container):
f'locally. Please use "add container image {image}" to add it '\
f'to the system! Container "{name}" will not be started!')
+ if 'cpus' in container_config:
+ cores = os.cpu_count()
+ if Decimal(container_config['cpus']) > cores:
+ raise ConfigError(f'Cannot set limit to more cores than available "{name}"!')
+
if 'network' in container_config:
if len(container_config['network']) > 1:
raise ConfigError(f'Only one network can be specified for container "{name}"!')
@@ -257,6 +263,7 @@ def verify(container):
def generate_run_arguments(name, container_config):
image = container_config['image']
+ cpus = container_config['cpus']
memory = container_config['memory']
shared_memory = container_config['shared_memory']
restart = container_config['restart']
@@ -333,7 +340,7 @@ def generate_run_arguments(name, container_config):
if 'allow_host_pid' in container_config:
host_pid = '--pid host'
- container_base_cmd = f'--detach --interactive --tty --replace {capabilities} ' \
+ container_base_cmd = f'--detach --interactive --tty --replace {capabilities} --cpus {cpus} ' \
f'--memory {memory}m --shm-size {shared_memory}m --memory-swap 0 --restart {restart} ' \
f'--name {name} {hostname} {device} {port} {volume} {env_opt} {label} {uid} {host_pid}'