Allow updating container pids limit

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This commit is contained in:
Kenfe-Mickael Laventure 2017-04-26 09:53:20 -07:00
parent b6b70e5345
commit 1e7e276aff
2 changed files with 30 additions and 2 deletions

View File

@ -33,6 +33,9 @@ function setup() {
"blockio": {
"blkioWeight": 1000
},
"pids": {
"limit": 20
},
EOF
)
DATA=$(echo ${DATA} | sed 's/\n/\\n/g')
@ -61,7 +64,7 @@ function check_cgroup_value() {
wait_for_container 15 1 test_update
# get the cgroup paths
for g in MEMORY CPUSET CPU BLKIO; do
for g in MEMORY CPUSET CPU BLKIO PIDS; do
base_path=$(grep "cgroup" /proc/self/mountinfo | gawk 'toupper($NF) ~ /\<'${g}'\>/ { print $5; exit }')
eval CGROUP_${g}="${base_path}/runc-update-integration-test"
done
@ -78,6 +81,7 @@ function check_cgroup_value() {
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 11534336
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 33554432
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 25165824
check_cgroup_value $CGROUP_PIDS "pids.max" 20
# update blkio-weight
runc update test_update --blkio-weight 500
@ -160,6 +164,11 @@ function check_cgroup_value() {
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 41943040
# update pids limit
runc update test_update --pids-limit 10
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_PIDS "pids.max" 10
# Revert to the test initial value via json on stding
runc update -r - test_update <<EOF
{
@ -177,6 +186,9 @@ function check_cgroup_value() {
},
"blockIO": {
"blkioWeight": 1000
},
"pids": {
"limit": 20
}
}
EOF
@ -190,11 +202,13 @@ EOF
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 11534336
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 33554432
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 25165824
check_cgroup_value $CGROUP_PIDS "pids.max" 20
# redo all the changes at once
runc update test_update --blkio-weight 500 \
--cpu-period 900000 --cpu-quota 600000 --cpu-share 200 --memory 67108864 \
--memory-reservation 33554432 --kernel-memory 50331648 --kernel-memory-tcp 41943040
--memory-reservation 33554432 --kernel-memory 50331648 --kernel-memory-tcp 41943040 \
--pids-limit 10
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_BLKIO "blkio.weight" 500
check_cgroup_value $CGROUP_CPU "cpu.cfs_period_us" 900000
@ -204,6 +218,7 @@ EOF
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 41943040
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 67108864
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 33554432
check_cgroup_value $CGROUP_PIDS "pids.max" 10
# reset to initial test value via json file
DATA=$(cat <<"EOF"
@ -222,6 +237,9 @@ EOF
},
"blockIO": {
"blkioWeight": 1000
},
"pids": {
"limit": 20
}
}
EOF
@ -239,6 +257,7 @@ EOF
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 11534336
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 33554432
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 25165824
check_cgroup_value $CGROUP_PIDS "pids.max" 20
}
@test "update rt period and runtime" {

View File

@ -108,6 +108,10 @@ other options are ignored.
Name: "memory-swap",
Usage: "Total memory usage (memory + swap); set '-1' to enable unlimited swap",
},
cli.IntFlag{
Name: "pids-limit",
Usage: "Maximum number of pids allowed in the container",
},
},
Action: func(context *cli.Context) error {
if err := checkArgs(context, 1, exactArgs); err != nil {
@ -138,6 +142,9 @@ other options are ignored.
BlockIO: &specs.LinuxBlockIO{
Weight: u16Ptr(0),
},
Pids: &specs.LinuxPids{
Limit: 0,
},
}
config := container.Config()
@ -228,6 +235,7 @@ other options are ignored.
*pair.dest = uint64(v)
}
}
r.Pids.Limit = int64(context.Int("pids-limit"))
}
// Update the value
@ -244,6 +252,7 @@ other options are ignored.
config.Cgroups.Resources.Memory = *r.Memory.Limit
config.Cgroups.Resources.MemoryReservation = *r.Memory.Reservation
config.Cgroups.Resources.MemorySwap = *r.Memory.Swap
config.Cgroups.Resources.PidsLimit = r.Pids.Limit
return container.Set(config)
},