From bb411939989dabb56eb604b9a873d1dfbf0646ef Mon Sep 17 00:00:00 2001 From: Julien Barbier Date: Thu, 26 Mar 2015 23:14:31 +0000 Subject: [PATCH 1/7] Happy birthday Docker! cgroup-parent option for docker build. Thanks to Michael, Nathan and Jessie for their support! #42 Signed-off-by: Julien Barbier --- api/client/build.go | 2 ++ api/server/server.go | 1 + builder/evaluator.go | 13 +++++++------ builder/internals.go | 13 +++++++------ builder/job.go | 2 ++ 5 files changed, 19 insertions(+), 12 deletions(-) diff --git a/api/client/build.go b/api/client/build.go index 800e04ac9b..107a1995f6 100644 --- a/api/client/build.go +++ b/api/client/build.go @@ -58,6 +58,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error { flCpuQuota := cmd.Int64([]string{"-cpu-quota"}, 0, "Limit the CPU CFS (Completely Fair Scheduler) quota") flCPUSetCpus := cmd.String([]string{"-cpuset-cpus"}, "", "CPUs in which to allow execution (0-3, 0,1)") flCPUSetMems := cmd.String([]string{"-cpuset-mems"}, "", "MEMs in which to allow execution (0-3, 0,1)") + flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container") cmd.Require(flag.Exact, 1) cmd.ParseFlags(args, true) @@ -276,6 +277,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error { v.Set("cpuquota", strconv.FormatInt(*flCpuQuota, 10)) v.Set("memory", strconv.FormatInt(memory, 10)) v.Set("memswap", strconv.FormatInt(memorySwap, 10)) + v.Set("cgroupparent", *flCgroupParent) v.Set("dockerfile", *dockerfileName) diff --git a/api/server/server.go b/api/server/server.go index cdc6c18154..08932b90e8 100644 --- a/api/server/server.go +++ b/api/server/server.go @@ -1346,6 +1346,7 @@ func (s *Server) postBuild(eng *engine.Engine, version version.Version, w http.R buildConfig.CpuQuota = int64Value(r, "cpuquota") buildConfig.CpuSetCpus = r.FormValue("cpusetcpus") buildConfig.CpuSetMems = r.FormValue("cpusetmems") + buildConfig.CgroupParent = r.FormValue("cgroupparent") // Job cancellation. Note: not all job types support this. if closeNotifier, ok := w.(http.CloseNotifier); ok { diff --git a/builder/evaluator.go b/builder/evaluator.go index 9a2b57a8f9..214499bc02 100644 --- a/builder/evaluator.go +++ b/builder/evaluator.go @@ -121,12 +121,13 @@ type Builder struct { noBaseImage bool // indicates that this build does not start from any base image, but is being built from an empty file system. // Set resource restrictions for build containers - cpuSetCpus string - cpuSetMems string - cpuShares int64 - cpuQuota int64 - memory int64 - memorySwap int64 + cpuSetCpus string + cpuSetMems string + cpuShares int64 + cpuQuota int64 + cgroupParent string + memory int64 + memorySwap int64 cancelled <-chan struct{} // When closed, job was cancelled. } diff --git a/builder/internals.go b/builder/internals.go index ba7d45bcb1..7c3b924e77 100644 --- a/builder/internals.go +++ b/builder/internals.go @@ -546,12 +546,13 @@ func (b *Builder) create() (*daemon.Container, error) { b.Config.Image = b.image hostConfig := &runconfig.HostConfig{ - CpuShares: b.cpuShares, - CpuQuota: b.cpuQuota, - CpusetCpus: b.cpuSetCpus, - CpusetMems: b.cpuSetMems, - Memory: b.memory, - MemorySwap: b.memorySwap, + CpuShares: b.cpuShares, + CpuQuota: b.cpuQuota, + CpusetCpus: b.cpuSetCpus, + CpusetMems: b.cpuSetMems, + CgroupParent: b.cgroupParent, + Memory: b.memory, + MemorySwap: b.memorySwap, } config := *b.Config diff --git a/builder/job.go b/builder/job.go index 0ad488aae8..a64375c96b 100644 --- a/builder/job.go +++ b/builder/job.go @@ -52,6 +52,7 @@ type Config struct { CpuQuota int64 CpuSetCpus string CpuSetMems string + CgroupParent string AuthConfig *cliconfig.AuthConfig ConfigFile *cliconfig.ConfigFile @@ -166,6 +167,7 @@ func Build(d *daemon.Daemon, buildConfig *Config) error { cpuQuota: buildConfig.CpuQuota, cpuSetCpus: buildConfig.CpuSetCpus, cpuSetMems: buildConfig.CpuSetMems, + cgroupParent: buildConfig.CgroupParent, memory: buildConfig.Memory, memorySwap: buildConfig.MemorySwap, cancelled: buildConfig.WaitCancelled(), From 81897adcee8813efdff8374a1f46125b7e094847 Mon Sep 17 00:00:00 2001 From: Julien Barbier Date: Thu, 26 Mar 2015 23:45:17 +0000 Subject: [PATCH 2/7] Adding doc Signed-off-by: Julien Barbier --- docs/sources/reference/commandline/cli.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 26659c8ffa..072d7b40cf 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -627,8 +627,9 @@ is returned by the `docker attach` command to its caller too: -m, --memory="" Memory limit for all build containers --memory-swap="" Total memory (memory + swap), `-1` to disable swap -c, --cpu-shares CPU Shares (relative weight) - --cpuset-cpus="" CPUs in which to allow execution, e.g. `0-3`, `0,1` --cpuset-mems="" MEMs in which to allow execution, e.g. `0-3`, `0,1` + --cpuset-cpus="" CPUs in which to allow exection, e.g. `0-3`, `0,1` + --cgroup-parent="" Optional parent cgroup for the container Builds Docker images from a Dockerfile and a "context". A build's context is the files located in the specified `PATH` or `URL`. The build process can @@ -847,6 +848,9 @@ you refer to it on the command line. > children) for security reasons, and to ensure repeatable builds on remote > Docker hosts. This is also the reason why `ADD ../file` will not work. +`docker build` has a `--cgroup-parent` option that causes the containers used +in the build to be run with this option. + ## commit Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] From f40dd69c97a5a3797f07d52fe5f76e296ef629dc Mon Sep 17 00:00:00 2001 From: Marianna Date: Fri, 27 Mar 2015 19:18:24 -0700 Subject: [PATCH 3/7] Add test for cgroup parent flag for build Signed-off-by: Marianna --- integration-cli/docker_cli_build_test.go | 27 ++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index 6d6805aef5..fc5f13539a 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -5251,3 +5251,30 @@ func (s *DockerSuite) TestBuildEmptyStringVolume(c *check.C) { } } + +func TestBuildContainerWithCgroupParent(t *testing.T) { + testRequires(t, NativeExecDriver) + defer deleteImages() + + cgroupParent := "test" + data, err := ioutil.ReadFile("/proc/self/cgroup") + if err != nil { + t.Fatalf("failed to read '/proc/self/cgroup - %v", err) + } + selfCgroupPaths := parseCgroupPaths(string(data)) + _, found := selfCgroupPaths["memory"] + if !found { + t.Fatalf("unable to find self cpu cgroup path. CgroupsPath: %v", selfCgroupPaths) + } + cmd := exec.Command(dockerBinary, "build", "--cgroup-parent", cgroupParent , "-") + cmd.Stdin = strings.NewReader(` +FROM busybox +RUN cat /proc/self/cgroup +`) + + out, _, err := runCommandWithOutput(cmd) + if err != nil { + t.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err) + } + logDone("build - cgroup parent") +} From f039c699a40397b71f05838e9a9c67100ae474c6 Mon Sep 17 00:00:00 2001 From: Nathan LeClaire Date: Tue, 31 Mar 2015 18:27:53 -0700 Subject: [PATCH 4/7] Fix gofmt Mischevious comma is mischevious Signed-off-by: Nathan LeClaire --- integration-cli/docker_cli_build_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index fc5f13539a..35ea20f56f 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -5266,7 +5266,7 @@ func TestBuildContainerWithCgroupParent(t *testing.T) { if !found { t.Fatalf("unable to find self cpu cgroup path. CgroupsPath: %v", selfCgroupPaths) } - cmd := exec.Command(dockerBinary, "build", "--cgroup-parent", cgroupParent , "-") + cmd := exec.Command(dockerBinary, "build", "--cgroup-parent", cgroupParent, "-") cmd.Stdin = strings.NewReader(` FROM busybox RUN cat /proc/self/cgroup From 65aba0c9d6a72fc89f87c328e9ca21e20bf3cf7a Mon Sep 17 00:00:00 2001 From: Nathan LeClaire Date: Fri, 17 Apr 2015 15:35:56 -0700 Subject: [PATCH 5/7] Add dep to test Signed-off-by: Nathan LeClaire --- integration-cli/docker_cli_build_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index 35ea20f56f..93affbc5f9 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -5254,6 +5254,7 @@ func (s *DockerSuite) TestBuildEmptyStringVolume(c *check.C) { func TestBuildContainerWithCgroupParent(t *testing.T) { testRequires(t, NativeExecDriver) + testRequires(t, SameHostDaemon) defer deleteImages() cgroupParent := "test" From a8dfafc98642455ed83f9422f3174fa828dde4df Mon Sep 17 00:00:00 2001 From: Marianna Date: Fri, 17 Apr 2015 19:01:16 -0700 Subject: [PATCH 6/7] Make the docs for --cgroup-parent better Signed-off-by: Marianna --- docs/sources/reference/commandline/cli.md | 6 ++++-- docs/sources/reference/run.md | 7 +++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 072d7b40cf..3ffa5bd5c1 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -848,8 +848,10 @@ you refer to it on the command line. > children) for security reasons, and to ensure repeatable builds on remote > Docker hosts. This is also the reason why `ADD ../file` will not work. -`docker build` has a `--cgroup-parent` option that causes the containers used -in the build to be run with this option. +When `docker build` is run with the `--cgroup-parent` option the containers used +in the build will be run with the [corresponding `docker run` +flag](/reference/run/#specifying-custom-cgroups). + ## commit diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 7218fab649..0cd43eaacd 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -465,6 +465,13 @@ Note: You would have to write policy defining a `svirt_apache_t` type. +## Specifying custom cgroups + +Using the `--cgroup-parent` flag, you can pass a specific cgroup to run a +container in. This allows you to create and manage cgroups on their own. You can +define custom resources for those cgroups and put containers under a common +parent group. + ## Runtime constraints on resources The operator can also adjust the performance parameters of the From 9dbe12b792a46538c01862930c85ace18dbe14f3 Mon Sep 17 00:00:00 2001 From: Nathan LeClaire Date: Sat, 25 Apr 2015 16:42:30 -0400 Subject: [PATCH 7/7] Migrate integration test to new method Signed-off-by: Nathan LeClaire --- integration-cli/docker_cli_build_test.go | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index 93affbc5f9..dd8635f953 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -5252,20 +5252,20 @@ func (s *DockerSuite) TestBuildEmptyStringVolume(c *check.C) { } -func TestBuildContainerWithCgroupParent(t *testing.T) { - testRequires(t, NativeExecDriver) - testRequires(t, SameHostDaemon) +func (s *DockerSuite) TestBuildContainerWithCgroupParent(c *check.C) { + testRequires(c, NativeExecDriver) + testRequires(c, SameHostDaemon) defer deleteImages() cgroupParent := "test" data, err := ioutil.ReadFile("/proc/self/cgroup") if err != nil { - t.Fatalf("failed to read '/proc/self/cgroup - %v", err) + c.Fatalf("failed to read '/proc/self/cgroup - %v", err) } selfCgroupPaths := parseCgroupPaths(string(data)) _, found := selfCgroupPaths["memory"] if !found { - t.Fatalf("unable to find self cpu cgroup path. CgroupsPath: %v", selfCgroupPaths) + c.Fatalf("unable to find self cpu cgroup path. CgroupsPath: %v", selfCgroupPaths) } cmd := exec.Command(dockerBinary, "build", "--cgroup-parent", cgroupParent, "-") cmd.Stdin = strings.NewReader(` @@ -5275,7 +5275,6 @@ RUN cat /proc/self/cgroup out, _, err := runCommandWithOutput(cmd) if err != nil { - t.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err) + c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err) } - logDone("build - cgroup parent") }