2015-02-01 11:56:27 +08:00
|
|
|
package configs
|
|
|
|
|
|
Support for setting systemd properties via annotations
In case systemd is used to set cgroups for the container,
it creates a scope unit dedicated to it (usually named
`runc-$ID.scope`).
This patch adds an ability to set arbitrary systemd properties
for the systemd unit via runtime spec annotations.
Initially this was developed as an ability to specify the
`TimeoutStopUSec` property, but later generalized to work with
arbitrary ones.
Example usage: add the following to runtime spec (config.json):
```
"annotations": {
"org.systemd.property.TimeoutStopUSec": "uint64 123456789",
"org.systemd.property.CollectMode":"'inactive-or-failed'"
},
```
and start the container (e.g. `runc --systemd-cgroup run $ID`).
The above will set the following systemd parameters:
* `TimeoutStopSec` to 2 minutes and 3 seconds,
* `CollectMode` to "inactive-or-failed".
The values are in the gvariant format (see [1]). To figure out
which type systemd expects for a particular parameter, see
systemd sources.
In particular, parameters with `USec` suffix require an `uint64`
typed argument, while gvariant assumes int32 for a numeric values,
therefore the explicit type is required.
NOTE that systemd receives the time-typed parameters as *USec
but shows them (in `systemctl show`) as *Sec. For example,
the stop timeout should be set as `TimeoutStopUSec` but
is shown as `TimeoutStopSec`.
[1] https://developer.gnome.org/glib/stable/gvariant-text.html
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-02-07 12:26:06 +08:00
|
|
|
import (
|
2020-03-01 21:52:48 +08:00
|
|
|
systemdDbus "github.com/coreos/go-systemd/v22/dbus"
|
Support for setting systemd properties via annotations
In case systemd is used to set cgroups for the container,
it creates a scope unit dedicated to it (usually named
`runc-$ID.scope`).
This patch adds an ability to set arbitrary systemd properties
for the systemd unit via runtime spec annotations.
Initially this was developed as an ability to specify the
`TimeoutStopUSec` property, but later generalized to work with
arbitrary ones.
Example usage: add the following to runtime spec (config.json):
```
"annotations": {
"org.systemd.property.TimeoutStopUSec": "uint64 123456789",
"org.systemd.property.CollectMode":"'inactive-or-failed'"
},
```
and start the container (e.g. `runc --systemd-cgroup run $ID`).
The above will set the following systemd parameters:
* `TimeoutStopSec` to 2 minutes and 3 seconds,
* `CollectMode` to "inactive-or-failed".
The values are in the gvariant format (see [1]). To figure out
which type systemd expects for a particular parameter, see
systemd sources.
In particular, parameters with `USec` suffix require an `uint64`
typed argument, while gvariant assumes int32 for a numeric values,
therefore the explicit type is required.
NOTE that systemd receives the time-typed parameters as *USec
but shows them (in `systemctl show`) as *Sec. For example,
the stop timeout should be set as `TimeoutStopUSec` but
is shown as `TimeoutStopSec`.
[1] https://developer.gnome.org/glib/stable/gvariant-text.html
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-02-07 12:26:06 +08:00
|
|
|
)
|
|
|
|
|
|
2015-02-01 11:56:27 +08:00
|
|
|
type FreezerState string
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
Undefined FreezerState = ""
|
|
|
|
|
Frozen FreezerState = "FROZEN"
|
|
|
|
|
Thawed FreezerState = "THAWED"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Cgroup struct {
|
2016-01-21 10:04:59 +08:00
|
|
|
// Deprecated, use Path instead
|
|
|
|
|
Name string `json:"name,omitempty"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
2016-01-21 10:04:59 +08:00
|
|
|
// name of parent of cgroup or slice
|
|
|
|
|
// Deprecated, use Path instead
|
|
|
|
|
Parent string `json:"parent,omitempty"`
|
|
|
|
|
|
|
|
|
|
// Path specifies the path to cgroups that are created and/or joined by the container.
|
|
|
|
|
// The path is assumed to be relative to the host system cgroup mountpoint.
|
|
|
|
|
Path string `json:"path"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
2016-10-12 07:22:48 +08:00
|
|
|
// ScopePrefix describes prefix for the scope name
|
2015-12-15 08:26:29 +08:00
|
|
|
ScopePrefix string `json:"scope_prefix"`
|
|
|
|
|
|
2016-01-21 10:04:59 +08:00
|
|
|
// Paths represent the absolute cgroups paths to join.
|
|
|
|
|
// This takes precedence over Path.
|
2016-01-12 05:12:51 +08:00
|
|
|
Paths map[string]string
|
|
|
|
|
|
2015-12-15 08:26:29 +08:00
|
|
|
// Resources contains various cgroups settings to apply
|
2016-01-19 19:08:14 +08:00
|
|
|
*Resources
|
Support for setting systemd properties via annotations
In case systemd is used to set cgroups for the container,
it creates a scope unit dedicated to it (usually named
`runc-$ID.scope`).
This patch adds an ability to set arbitrary systemd properties
for the systemd unit via runtime spec annotations.
Initially this was developed as an ability to specify the
`TimeoutStopUSec` property, but later generalized to work with
arbitrary ones.
Example usage: add the following to runtime spec (config.json):
```
"annotations": {
"org.systemd.property.TimeoutStopUSec": "uint64 123456789",
"org.systemd.property.CollectMode":"'inactive-or-failed'"
},
```
and start the container (e.g. `runc --systemd-cgroup run $ID`).
The above will set the following systemd parameters:
* `TimeoutStopSec` to 2 minutes and 3 seconds,
* `CollectMode` to "inactive-or-failed".
The values are in the gvariant format (see [1]). To figure out
which type systemd expects for a particular parameter, see
systemd sources.
In particular, parameters with `USec` suffix require an `uint64`
typed argument, while gvariant assumes int32 for a numeric values,
therefore the explicit type is required.
NOTE that systemd receives the time-typed parameters as *USec
but shows them (in `systemctl show`) as *Sec. For example,
the stop timeout should be set as `TimeoutStopUSec` but
is shown as `TimeoutStopSec`.
[1] https://developer.gnome.org/glib/stable/gvariant-text.html
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-02-07 12:26:06 +08:00
|
|
|
|
|
|
|
|
// SystemdProps are any additional properties for systemd,
|
|
|
|
|
// derived from org.systemd.property.xxx annotations.
|
|
|
|
|
// Ignored unless systemd is used for managing cgroups.
|
|
|
|
|
SystemdProps []systemdDbus.Property `json:"-"`
|
2015-12-15 08:26:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type Resources struct {
|
2020-05-04 20:39:37 +08:00
|
|
|
// Devices is the set of access rules for devices in the container.
|
2020-05-07 11:59:36 +08:00
|
|
|
Devices []*DeviceRule `json:"devices"`
|
2015-03-31 16:36:00 +08:00
|
|
|
|
2015-02-01 11:56:27 +08:00
|
|
|
// Memory limit (in bytes)
|
2017-06-24 08:17:00 +08:00
|
|
|
Memory int64 `json:"memory"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
|
|
|
|
// Memory reservation or soft_limit (in bytes)
|
2017-06-24 08:17:00 +08:00
|
|
|
MemoryReservation int64 `json:"memory_reservation"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
2016-01-21 14:02:03 +08:00
|
|
|
// Total memory usage (memory + swap); set `-1` to enable unlimited swap
|
2017-06-24 08:17:00 +08:00
|
|
|
MemorySwap int64 `json:"memory_swap"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
2015-05-15 14:24:56 +08:00
|
|
|
// Kernel memory limit (in bytes)
|
2017-06-24 08:17:00 +08:00
|
|
|
KernelMemory int64 `json:"kernel_memory"`
|
2015-05-15 14:24:56 +08:00
|
|
|
|
2016-03-20 18:45:52 +08:00
|
|
|
// Kernel memory limit for TCP use (in bytes)
|
2017-06-24 08:17:00 +08:00
|
|
|
KernelMemoryTCP int64 `json:"kernel_memory_tcp"`
|
2016-03-20 18:45:52 +08:00
|
|
|
|
2015-02-01 11:56:27 +08:00
|
|
|
// CPU shares (relative weight vs. other containers)
|
2017-03-20 18:51:39 +08:00
|
|
|
CpuShares uint64 `json:"cpu_shares"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
|
|
|
|
// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
|
2015-02-12 08:45:23 +08:00
|
|
|
CpuQuota int64 `json:"cpu_quota"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
|
|
|
|
// CPU period to be used for hardcapping (in usecs). 0 to use system default.
|
2017-03-20 18:51:39 +08:00
|
|
|
CpuPeriod uint64 `json:"cpu_period"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
2015-05-14 20:42:10 +08:00
|
|
|
// How many time CPU will use in realtime scheduling (in usecs).
|
2016-07-18 15:02:30 +08:00
|
|
|
CpuRtRuntime int64 `json:"cpu_rt_quota"`
|
2015-05-14 20:42:10 +08:00
|
|
|
|
|
|
|
|
// CPU period to be used for realtime scheduling (in usecs).
|
2017-03-20 18:51:39 +08:00
|
|
|
CpuRtPeriod uint64 `json:"cpu_rt_period"`
|
2015-05-14 20:42:10 +08:00
|
|
|
|
2015-02-01 11:56:27 +08:00
|
|
|
// CPU to use
|
2015-02-12 08:45:23 +08:00
|
|
|
CpusetCpus string `json:"cpuset_cpus"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
|
|
|
|
// MEM to use
|
2015-02-12 08:45:23 +08:00
|
|
|
CpusetMems string `json:"cpuset_mems"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
2015-12-14 21:33:56 +08:00
|
|
|
// Process limit; set <= `0' to disable limit.
|
|
|
|
|
PidsLimit int64 `json:"pids_limit"`
|
|
|
|
|
|
2015-09-18 07:37:34 +08:00
|
|
|
// Specifies per cgroup weight, range is from 10 to 1000.
|
|
|
|
|
BlkioWeight uint16 `json:"blkio_weight"`
|
|
|
|
|
|
|
|
|
|
// Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only
|
|
|
|
|
BlkioLeafWeight uint16 `json:"blkio_leaf_weight"`
|
|
|
|
|
|
|
|
|
|
// Weight per cgroup per device, can override BlkioWeight.
|
|
|
|
|
BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device"`
|
|
|
|
|
|
2015-04-17 15:27:21 +08:00
|
|
|
// IO read rate limit per cgroup per device, bytes per second.
|
2015-09-18 07:37:34 +08:00
|
|
|
BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device"`
|
2015-04-17 15:27:21 +08:00
|
|
|
|
2016-10-12 07:22:48 +08:00
|
|
|
// IO write rate limit per cgroup per device, bytes per second.
|
2015-09-18 07:37:34 +08:00
|
|
|
BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device"`
|
2015-04-17 15:27:21 +08:00
|
|
|
|
|
|
|
|
// IO read rate limit per cgroup per device, IO per second.
|
2015-09-18 07:37:34 +08:00
|
|
|
BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device"`
|
2015-04-17 15:27:21 +08:00
|
|
|
|
|
|
|
|
// IO write rate limit per cgroup per device, IO per second.
|
2015-09-18 07:37:34 +08:00
|
|
|
BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device"`
|
2015-04-08 14:11:29 +08:00
|
|
|
|
2015-02-01 11:56:27 +08:00
|
|
|
// set the freeze value for the process
|
2015-02-12 08:45:23 +08:00
|
|
|
Freezer FreezerState `json:"freezer"`
|
2015-02-01 11:56:27 +08:00
|
|
|
|
2015-04-27 16:34:36 +08:00
|
|
|
// Hugetlb limit (in bytes)
|
|
|
|
|
HugetlbLimit []*HugepageLimit `json:"hugetlb_limit"`
|
|
|
|
|
|
2015-03-07 02:37:56 +08:00
|
|
|
// Whether to disable OOM Killer
|
|
|
|
|
OomKillDisable bool `json:"oom_kill_disable"`
|
2015-05-14 10:48:46 +08:00
|
|
|
|
2015-06-11 19:26:03 +08:00
|
|
|
// Tuning swappiness behaviour per cgroup
|
2017-03-20 18:51:39 +08:00
|
|
|
MemorySwappiness *uint64 `json:"memory_swappiness"`
|
2015-06-11 19:26:03 +08:00
|
|
|
|
2015-05-14 10:48:46 +08:00
|
|
|
// Set priority of network traffic for container
|
|
|
|
|
NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap"`
|
2015-05-14 09:09:14 +08:00
|
|
|
|
|
|
|
|
// Set class identifier for container's network packets
|
2016-09-10 06:40:33 +08:00
|
|
|
NetClsClassid uint32 `json:"net_cls_classid_u"`
|
2019-09-02 16:25:04 +08:00
|
|
|
|
|
|
|
|
// Used on cgroups v2:
|
|
|
|
|
|
|
|
|
|
// CpuWeight sets a proportional bandwidth limit.
|
|
|
|
|
CpuWeight uint64 `json:"cpu_weight"`
|
2015-02-01 11:56:27 +08:00
|
|
|
}
|
