def create_ulimits(limits): ulimits = [] if limits['cputime']: cpu = limits['cputime'] ulimits.append(Ulimit(name='cpu', soft=cpu, hard=cpu)) if 'file_size' in limits: fsize = limits['file_size'] ulimits.append(Ulimit(name='fsize', soft=fsize, hard=fsize)) return ulimits or None
def test_create_host_config_obj_ulimit(self): ulimit_dct = Ulimit(name='nofile', soft=8096) config = create_host_config(ulimits=[ulimit_dct]) self.assertIn('Ulimits', config) self.assertEqual(len(config['Ulimits']), 1) ulimit_obj = config['Ulimits'][0] self.assertTrue(isinstance(ulimit_obj, Ulimit)) self.assertEqual(ulimit_obj, ulimit_dct)
def configure(): BaseContainer.DCKR = JBoxCfg.dckr SessContainer.DCKR_IMAGE = JBoxCfg.get('interactive.docker_image') SessContainer.MEM_LIMIT = JBoxCfg.get('interactive.mem_limit') SessContainer.ULIMITS = [] limits = JBoxCfg.get('interactive.ulimits') for (n, v) in limits.iteritems(): SessContainer.ULIMITS.append(Ulimit(name=n, soft=v, hard=v)) SessContainer.CPU_LIMIT = JBoxCfg.get('interactive.cpu_limit') SessContainer.MAX_CONTAINERS = JBoxCfg.get('interactive.numlocalmax')
def configure(): BaseContainer.DCKR = JBoxCfg.dckr APIContainer.DCKR_IMAGE = JBoxCfg.get('api.docker_image') APIContainer.MEM_LIMIT = JBoxCfg.get('api.mem_limit') APIContainer.ULIMITS = [] limits = JBoxCfg.get('interactive.ulimits') for (n, v) in limits.iteritems(): APIContainer.ULIMITS.append(Ulimit(name=n, soft=v, hard=v)) APIContainer.CPU_LIMIT = JBoxCfg.get('api.cpu_limit') APIContainer.MAX_CONTAINERS = JBoxCfg.get('api.numlocalmax') APIContainer.MAX_PER_API_CONTAINERS = JBoxCfg.get('api.numapilocalmax') APIContainer.EXPIRE_SECS = JBoxCfg.get('api.expire')
def test_ulimit_invalid_type(self): self.assertRaises(ValueError, lambda: Ulimit(name=None)) self.assertRaises(ValueError, lambda: Ulimit(name='hello', soft='123')) self.assertRaises(ValueError, lambda: Ulimit(name='hello', hard='456'))
def create_one_container(host, version, entrypoint, env='prod', cores=None, ports=None, args=None, cpu_shares=1024, image='', need_network=False): # raw方式有些设定不同 is_raw = bool(image) if cores is None: cores = [] if ports is None: ports = [] if args is None: args = [] client = get_docker_client(host.addr) local_images = {r['RepoTags'][0] for r in client.images()} appconfig = version.appconfig appname = appconfig.appname entry = appconfig.entrypoints[entrypoint] envconfig = version.get_resource_config(env) # replace $port1... cmd = replace_ports(entry['cmd'], ports) # add extend arguments cmd = cmd + ' '.join([''] + args) if not is_raw: starter = 'launcheroot' if entry.get('privileged', '') else 'launcher' network = 'network' if need_network else 'nonetwork' cmd = '/usr/local/bin/%s %s %s' % (starter, network, cmd) network_mode = entry.get('network_mode', config.DOCKER_NETWORK_MODE) mem_limit = entry.get('mem_limit', 0) restart_policy = { 'MaximumRetryCount': 3, 'Name': entry.get('restart', 'no') } # could be no/always/on-failure # raw 模式下可以选择暴露端口 def get_ports(expose): inport, hostport = expose.split(':') return int(inport), int(hostport) exposes = [get_ports(expose) for expose in entry.get('exposes', [])] exposed_ports = None port_bindings = None if is_raw and exposes: exposed_ports = [p for p, _ in exposes] port_bindings = dict(exposes) if not image: image = '{0}/{1}:{2}'.format(config.DOCKER_REGISTRY, appname, version.short_sha) if image not in local_images: repo, tag = image.split(':', 1) for line in client.pull( repo, tag, stream=True, insecure_registry=config.DOCKER_REGISTRY_INSECURE): _log.info(line) env_dict = { 'APP_NAME': appname, 'ERU_RUNENV': env.upper(), 'ERU_POD': host.pod.name, 'ERU_HOST': host.name, } env_dict.update(envconfig.to_env_dict()) volumes = ['/writable-proc/sys'] volumes.extend(appconfig.get('volumes', [])) binds = {'/proc/sys': {'bind': '/writable-proc/sys', 'ro': False}} binds.update(appconfig.get('binds', {})) if config.ERU_CONTAINER_PERMDIR and entry.get('permdir', ''): permdir = config.ERU_CONTAINER_PERMDIR % appname env_dict['ERU_PERMDIR'] = permdir volumes.append(permdir) binds[config.ERU_HOST_PERMDIR % appname] = { 'bind': permdir, 'ro': False } extra_hosts = entry.get('hosts', None) # container name: {appname}_{entrypoint}_{ident_id} container_name = '_'.join([appname, entrypoint, gen_salt(6)]) # cpuset: '0,1,2,3' cpuset = ','.join([c.label for c in cores]) # host_config, include log_config host_config = client.create_host_config( binds=binds, network_mode=network_mode, log_config=LogConfig(type=config.DOCKER_LOG_DRIVER), ulimits=[Ulimit(name='nofile', soft=65535, hard=65535)], restart_policy=restart_policy, mem_limit=mem_limit, port_bindings=port_bindings, extra_hosts=extra_hosts, ) container = client.create_container( image=image, command=cmd, environment=env_dict, name=container_name, cpuset=cpuset, working_dir=None if is_raw else '/%s' % appname, network_disabled=config.DOCKER_NETWORK_DISABLED, volumes=volumes, host_config=host_config, cpu_shares=cpu_shares, ports=exposed_ports, ) container_id = container['Id'] client.start(container=container_id) return container_id, container_name