summaryrefslogtreecommitdiff
path: root/src/conf_mode/container.py
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-05-28 21:51:17 +0200
committerGitHub <noreply@github.com>2024-05-28 21:51:17 +0200
commit9d0a453c923fe8efd5dafe6230dafe7d267aa9d6 (patch)
tree605277202acb37767fde9cced01c371d3bc8fd42 /src/conf_mode/container.py
parent6954288ea6b1ec7a64cec1d370f8b11884166c18 (diff)
parentd180595aff41d8c23c35937656fbc8fe4d93ad7a (diff)
downloadvyos-1x-9d0a453c923fe8efd5dafe6230dafe7d267aa9d6.tar.gz
vyos-1x-9d0a453c923fe8efd5dafe6230dafe7d267aa9d6.zip
Merge pull request #3535 from vyos/mergify/bp/sagitta/pr-3530
T6406: Container CPU limits (backport #3530)
Diffstat (limited to 'src/conf_mode/container.py')
-rwxr-xr-xsrc/conf_mode/container.py9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 91a10e891..ca09dff9f 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -16,6 +16,7 @@
import os
+from decimal import Decimal
from hashlib import sha256
from ipaddress import ip_address
from ipaddress import ip_network
@@ -127,6 +128,11 @@ def verify(container):
f'locally. Please use "add container image {image}" to add it '\
f'to the system! Container "{name}" will not be started!')
+ if 'cpu_quota' in container_config:
+ cores = vyos.cpu.get_core_count()
+ if Decimal(container_config['cpu_quota']) > cores:
+ raise ConfigError(f'Cannot set limit to more cores than available "{name}"!')
+
if 'network' in container_config:
if len(container_config['network']) > 1:
raise ConfigError(f'Only one network can be specified for container "{name}"!')
@@ -257,6 +263,7 @@ def verify(container):
def generate_run_arguments(name, container_config):
image = container_config['image']
+ cpu_quota = container_config['cpu_quota']
memory = container_config['memory']
shared_memory = container_config['shared_memory']
restart = container_config['restart']
@@ -333,7 +340,7 @@ def generate_run_arguments(name, container_config):
if 'allow_host_pid' in container_config:
host_pid = '--pid host'
- container_base_cmd = f'--detach --interactive --tty --replace {capabilities} ' \
+ container_base_cmd = f'--detach --interactive --tty --replace {capabilities} --cpus {cpu_quota} ' \
f'--memory {memory}m --shm-size {shared_memory}m --memory-swap 0 --restart {restart} ' \
f'--name {name} {hostname} {device} {port} {volume} {env_opt} {label} {uid} {host_pid}'