kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/daemon/execdriver/native/configuration/parse.go
Victor Marmol f188b9f623 Separating cgroup Memory and MemoryReservation. 
This will allow for these to be set independently. Keep the current Docker behavior where Memory and MemoryReservation are set to the value of Memory.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-04-24 11:09:38 -07:00

200 lines
5.4 KiB
Go
Raw Blame History

package configuration
import (
"fmt"
"github.com/dotcloud/docker/pkg/libcontainer"
"github.com/dotcloud/docker/utils"
"os/exec"
"path/filepath"
"strconv"
"strings"
)
type Action func(*libcontainer.Container, interface{}, string) error
var actions = map[string]Action{
"cap.add": addCap, // add a cap
"cap.drop": dropCap, // drop a cap
"ns.add": addNamespace, // add a namespace
"ns.drop": dropNamespace, // drop a namespace when cloning
"net.join": joinNetNamespace, // join another containers net namespace
"cgroups.cpu_shares": cpuShares, // set the cpu shares
"cgroups.memory": memory, // set the memory limit
"cgroups.memory_reservation": memoryReservation, // set the memory reservation
"cgroups.memory_swap": memorySwap, // set the memory swap limit
"cgroups.cpuset.cpus": cpusetCpus, // set the cpus used
"apparmor_profile": apparmorProfile, // set the apparmor profile to apply
"fs.readonly": readonlyFs, // make the rootfs of the container read only
}
func cpusetCpus(container *libcontainer.Container, context interface{}, value string) error {
if container.Cgroups == nil {
return fmt.Errorf("cannot set cgroups when they are disabled")
}
container.Cgroups.CpusetCpus = value
return nil
}
func apparmorProfile(container *libcontainer.Container, context interface{}, value string) error {
container.Context["apparmor_profile"] = value
return nil
}
func cpuShares(container *libcontainer.Container, context interface{}, value string) error {
if container.Cgroups == nil {
return fmt.Errorf("cannot set cgroups when they are disabled")
}
v, err := strconv.ParseInt(value, 10, 0)
if err != nil {
return err
}
container.Cgroups.CpuShares = v
return nil
}
func memory(container *libcontainer.Container, context interface{}, value string) error {
if container.Cgroups == nil {
return fmt.Errorf("cannot set cgroups when they are disabled")
}
v, err := utils.RAMInBytes(value)
if err != nil {
return err
}
container.Cgroups.Memory = v
return nil
}
func memoryReservation(container *libcontainer.Container, context interface{}, value string) error {
if container.Cgroups == nil {
return fmt.Errorf("cannot set cgroups when they are disabled")
}
v, err := utils.RAMInBytes(value)
if err != nil {
return err
}
container.Cgroups.MemoryReservation = v
return nil
}
func memorySwap(container *libcontainer.Container, context interface{}, value string) error {
if container.Cgroups == nil {
return fmt.Errorf("cannot set cgroups when they are disabled")
}
v, err := strconv.ParseInt(value, 0, 64)
if err != nil {
return err
}
container.Cgroups.MemorySwap = v
return nil
}
func addCap(container *libcontainer.Container, context interface{}, value string) error {
c := container.CapabilitiesMask.Get(value)
if c == nil {
return fmt.Errorf("%s is not a valid capability", value)
}
c.Enabled = true
return nil
}
func dropCap(container *libcontainer.Container, context interface{}, value string) error {
c := container.CapabilitiesMask.Get(value)
if c == nil {
return fmt.Errorf("%s is not a valid capability", value)
}
c.Enabled = false
return nil
}
func addNamespace(container *libcontainer.Container, context interface{}, value string) error {
ns := container.Namespaces.Get(value)
if ns == nil {
return fmt.Errorf("%s is not a valid namespace", value[1:])
}
ns.Enabled = true
return nil
}
func dropNamespace(container *libcontainer.Container, context interface{}, value string) error {
ns := container.Namespaces.Get(value)
if ns == nil {
return fmt.Errorf("%s is not a valid namespace", value[1:])
}
ns.Enabled = false
return nil
}
func readonlyFs(container *libcontainer.Container, context interface{}, value string) error {
switch value {
case "1", "true":
container.ReadonlyFs = true
default:
container.ReadonlyFs = false
}
return nil
}
func joinNetNamespace(container *libcontainer.Container, context interface{}, value string) error {
var (
running = context.(map[string]*exec.Cmd)
cmd = running[value]
)
if cmd == nil || cmd.Process == nil {
return fmt.Errorf("%s is not a valid running container to join", value)
}
nspath := filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net")
container.Networks = append(container.Networks, &libcontainer.Network{
Type: "netns",
Context: libcontainer.Context{
"nspath": nspath,
},
})
return nil
}
func vethMacAddress(container *libcontainer.Container, context interface{}, value string) error {
var veth *libcontainer.Network
for _, network := range container.Networks {
if network.Type == "veth" {
veth = network
break
}
}
if veth == nil {
return fmt.Errorf("not veth configured for container")
}
veth.Context["mac"] = value
return nil
}
// configureCustomOptions takes string commands from the user and allows modification of the
// container's default configuration.
//
// TODO: this can be moved to a general utils or parser in pkg
func ParseConfiguration(container *libcontainer.Container, running map[string]*exec.Cmd, opts []string) error {
for _, opt := range opts {
kv := strings.SplitN(opt, "=", 2)
if len(kv) < 2 {
return fmt.Errorf("invalid format for %s", opt)
}
action, exists := actions[kv[0]]
if !exists {
return fmt.Errorf("%s is not a valid option for the native driver", kv[0])
}
if err := action(container, running, kv[1]); err != nil {
return err
}
}
return nil
}
View git blame Copy permalink