def create_ulimits(limits):
ulimits = []
if limits['cputime']:
cpu = limits['cputime']
ulimits.append(Ulimit(name='cpu', soft=cpu, hard=cpu))
if 'file_size' in limits:
fsize = limits['file_size']
ulimits.append(Ulimit(name='fsize', soft=fsize, hard=fsize))
return ulimits or None
def test_create_host_config_obj_ulimit(self):
ulimit_dct = Ulimit(name='nofile', soft=8096)
config = create_host_config(ulimits=[ulimit_dct])
self.assertIn('Ulimits', config)
self.assertEqual(len(config['Ulimits']), 1)
ulimit_obj = config['Ulimits'][0]
self.assertTrue(isinstance(ulimit_obj, Ulimit))
self.assertEqual(ulimit_obj, ulimit_dct)
def configure():
BaseContainer.DCKR = JBoxCfg.dckr
SessContainer.DCKR_IMAGE = JBoxCfg.get('interactive.docker_image')
SessContainer.MEM_LIMIT = JBoxCfg.get('interactive.mem_limit')
SessContainer.ULIMITS = []
limits = JBoxCfg.get('interactive.ulimits')
for (n, v) in limits.iteritems():
SessContainer.ULIMITS.append(Ulimit(name=n, soft=v, hard=v))
SessContainer.CPU_LIMIT = JBoxCfg.get('interactive.cpu_limit')
SessContainer.MAX_CONTAINERS = JBoxCfg.get('interactive.numlocalmax')
def configure():
BaseContainer.DCKR = JBoxCfg.dckr
APIContainer.DCKR_IMAGE = JBoxCfg.get('api.docker_image')
APIContainer.MEM_LIMIT = JBoxCfg.get('api.mem_limit')
APIContainer.ULIMITS = []
limits = JBoxCfg.get('interactive.ulimits')
for (n, v) in limits.iteritems():
APIContainer.ULIMITS.append(Ulimit(name=n, soft=v, hard=v))
APIContainer.CPU_LIMIT = JBoxCfg.get('api.cpu_limit')
APIContainer.MAX_CONTAINERS = JBoxCfg.get('api.numlocalmax')
APIContainer.MAX_PER_API_CONTAINERS = JBoxCfg.get('api.numapilocalmax')
APIContainer.EXPIRE_SECS = JBoxCfg.get('api.expire')
def test_ulimit_invalid_type(self):
self.assertRaises(ValueError, lambda: Ulimit(name=None))
self.assertRaises(ValueError, lambda: Ulimit(name='hello', soft='123'))
self.assertRaises(ValueError, lambda: Ulimit(name='hello', hard='456'))
def create_one_container(host,
version,
entrypoint,
env='prod',
cores=None,
ports=None,
args=None,
cpu_shares=1024,
image='',
need_network=False):
# raw方式有些设定不同
is_raw = bool(image)
if cores is None:
cores = []
if ports is None:
ports = []
if args is None:
args = []
client = get_docker_client(host.addr)
local_images = {r['RepoTags'][0] for r in client.images()}
appconfig = version.appconfig
appname = appconfig.appname
entry = appconfig.entrypoints[entrypoint]
envconfig = version.get_resource_config(env)
# replace $port1...
cmd = replace_ports(entry['cmd'], ports)
# add extend arguments
cmd = cmd + ' '.join([''] + args)
if not is_raw:
starter = 'launcheroot' if entry.get('privileged', '') else 'launcher'
network = 'network' if need_network else 'nonetwork'
cmd = '/usr/local/bin/%s %s %s' % (starter, network, cmd)
network_mode = entry.get('network_mode', config.DOCKER_NETWORK_MODE)
mem_limit = entry.get('mem_limit', 0)
restart_policy = {
'MaximumRetryCount': 3,
'Name': entry.get('restart', 'no')
} # could be no/always/on-failure
# raw 模式下可以选择暴露端口
def get_ports(expose):
inport, hostport = expose.split(':')
return int(inport), int(hostport)
exposes = [get_ports(expose) for expose in entry.get('exposes', [])]
exposed_ports = None
port_bindings = None
if is_raw and exposes:
exposed_ports = [p for p, _ in exposes]
port_bindings = dict(exposes)
if not image:
image = '{0}/{1}:{2}'.format(config.DOCKER_REGISTRY, appname,
version.short_sha)
if image not in local_images:
repo, tag = image.split(':', 1)
for line in client.pull(
repo,
tag,
stream=True,
insecure_registry=config.DOCKER_REGISTRY_INSECURE):
_log.info(line)
env_dict = {
'APP_NAME': appname,
'ERU_RUNENV': env.upper(),
'ERU_POD': host.pod.name,
'ERU_HOST': host.name,
}
env_dict.update(envconfig.to_env_dict())
volumes = ['/writable-proc/sys']
volumes.extend(appconfig.get('volumes', []))
binds = {'/proc/sys': {'bind': '/writable-proc/sys', 'ro': False}}
binds.update(appconfig.get('binds', {}))
if config.ERU_CONTAINER_PERMDIR and entry.get('permdir', ''):
permdir = config.ERU_CONTAINER_PERMDIR % appname
env_dict['ERU_PERMDIR'] = permdir
volumes.append(permdir)
binds[config.ERU_HOST_PERMDIR % appname] = {
'bind': permdir,
'ro': False
}
extra_hosts = entry.get('hosts', None)
# container name: {appname}_{entrypoint}_{ident_id}
container_name = '_'.join([appname, entrypoint, gen_salt(6)])
# cpuset: '0,1,2,3'
cpuset = ','.join([c.label for c in cores])
# host_config, include log_config
host_config = client.create_host_config(
binds=binds,
network_mode=network_mode,
log_config=LogConfig(type=config.DOCKER_LOG_DRIVER),
ulimits=[Ulimit(name='nofile', soft=65535, hard=65535)],
restart_policy=restart_policy,
mem_limit=mem_limit,
port_bindings=port_bindings,
extra_hosts=extra_hosts,
)
container = client.create_container(
image=image,
command=cmd,
environment=env_dict,
name=container_name,
cpuset=cpuset,
working_dir=None if is_raw else '/%s' % appname,
network_disabled=config.DOCKER_NETWORK_DISABLED,
volumes=volumes,
host_config=host_config,
cpu_shares=cpu_shares,
ports=exposed_ports,
)
container_id = container['Id']
client.start(container=container_id)
return container_id, container_name
