1
0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-08 21:17:43 +03:00

F #4089: add CPU limitations

This commit is contained in:
Christian González 2020-05-19 14:55:12 +02:00
parent 48216ca955
commit 6e5ffdeb24
No known key found for this signature in database
GPG Key ID: BC941A50DF6A42EA
6 changed files with 93 additions and 27 deletions

View File

@ -2,7 +2,7 @@ Defaults:oneadmin !requiretty
Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Cmnd_Alias ONE_CEPH = /usr/bin/rbd
Cmnd_Alias ONE_FIRECRACKER = /usr/bin/jailer, /usr/bin/mount, /usr/sbin/one-clean-firecracker-domain
Cmnd_Alias ONE_FIRECRACKER = /usr/bin/jailer, /usr/bin/mount, /usr/sbin/one-clean-firecracker-domain, /usr/sbin/one-prepare-firecracker-domain
Cmnd_Alias ONE_HA = /usr/bin/systemctl start opennebula-flow, /usr/bin/systemctl stop opennebula-flow, /usr/bin/systemctl start opennebula-gate, /usr/bin/systemctl stop opennebula-gate, /usr/bin/systemctl start opennebula-hem, /usr/bin/systemctl stop opennebula-hem, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/sbin/arping, /usr/sbin/ip address *
Cmnd_Alias ONE_LVM = /usr/sbin/lvcreate, /usr/sbin/lvremove, /usr/sbin/lvs, /usr/sbin/vgdisplay, /usr/sbin/lvchange, /usr/sbin/lvscan, /usr/sbin/lvextend
Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh

View File

@ -2,7 +2,7 @@ Defaults:oneadmin !requiretty
Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Cmnd_Alias ONE_CEPH = /usr/bin/rbd
Cmnd_Alias ONE_FIRECRACKER = /usr/bin/jailer, /bin/mount, /usr/sbin/one-clean-firecracker-domain
Cmnd_Alias ONE_FIRECRACKER = /usr/bin/jailer, /bin/mount, /usr/sbin/one-clean-firecracker-domain, /usr/sbin/one-prepare-firecracker-domain
Cmnd_Alias ONE_HA = /bin/systemctl start opennebula-flow, /bin/systemctl stop opennebula-flow, /bin/systemctl start opennebula-gate, /bin/systemctl stop opennebula-gate, /bin/systemctl start opennebula-hem, /bin/systemctl stop opennebula-hem, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/bin/arping, /sbin/ip address *
Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvs, /sbin/vgdisplay, /sbin/lvchange, /sbin/lvscan, /sbin/lvextend
Cmnd_Alias ONE_LXD = /snap/bin/lxc, /usr/bin/catfstab, /bin/mount, /bin/umount, /bin/mkdir, /bin/lsblk, /sbin/losetup, /sbin/kpartx, /usr/bin/qemu-nbd, /sbin/blkid, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd, /usr/sbin/xfs_admin, /sbin/tune2fs

View File

@ -62,7 +62,8 @@ class Sudoers
#{lib_location}/sh/create_docker_image.sh ],
:FIRECRACKER => %w[/usr/bin/jailer
mount
/usr/sbin/one-clean-firecracker-domain]
/usr/sbin/one-clean-firecracker-domain
/usr/sbin/one-prepare-firecracker-domain]
}
end

View File

@ -54,8 +54,6 @@ end
# Start VNC (only started if necessary)
microvm.vnc('start')
# Set cpu.shares (only if configured)
microvm.set_cpu_limit
# Set deploy_id
puts "one-#{vm_id}"

View File

@ -32,7 +32,8 @@ class MicroVM
#---------------------------------------------------------------------------
COMMANDS = {
:clean => 'sudo -n /usr/sbin/one-clean-firecracker-domain',
:map_context => '/var/tmp/one/vmm/firecracker/map_context'
:map_context => '/var/tmp/one/vmm/firecracker/map_context',
:preapre_domain => 'sudo -n /usr/sbin/one-prepare-firecracker-domain'
}
#---------------------------------------------------------------------------
@ -91,15 +92,6 @@ class MicroVM
"#{@one.sysds_path}/#{@one.vm_id}"
end
def map_chroot_path
rc = Command.execute_rc_log("mkdir -p #{@rootfs_dir}")
return false unless rc
# TODO, add option for hard links
Command.execute_rc_log("sudo -n mount -o bind #{@one.sysds_path}/#{@one.vm_id} #{@rootfs_dir}")
end
def get_pid
rc, stdout, = Command.execute('ps auxwww | grep ' \
"\"^.*firecracker.*--id['\\\"=[[:space:]]]*#{@one.vm_name}\" " \
@ -151,6 +143,9 @@ class MicroVM
def cpu_shares(cpu)
# default value for cpu.shares
default_value = 1024
shares_enabled = @one.fcrc[:cgroup_cpu_shares].downcase == 'true'
return default_value if !shares_enabled || cpu.nil? || cpu == ''
shares_val = (cpu * default_value).round
@ -160,6 +155,18 @@ class MicroVM
shares_val
end
def preapre_domain
cgroup_path = @one.fcrc[:cgroup_location]
cpu_val = cpu_shares(@one.get_cpu)
params = "-c #{cgroup_path} -p #{cpu_val} -s #{@one.sysds_path}"\
" -v #{@one.vm_id}"
cmd = "#{COMMANDS[:preapre_domain]} #{params}"
Command.execute_rc_log(cmd)
end
#---------------------------------------------------------------------------
# VNC
#---------------------------------------------------------------------------
@ -222,7 +229,7 @@ class MicroVM
cmd << " --#{key} #{val}"
end
return false unless map_chroot_path
return false unless preapre_domain
return false unless map_context
@ -265,14 +272,4 @@ class MicroVM
# rubocop:enable Naming/AccessorMethodName
# rubocop:enable Layout/LineLength
def set_cpu_limit
return unless @one.fcrc[:cgroup_cpu_shares]
shares_location = "#{@one.fcrc[:cgroup_location]}/cpu/" \
"firecracker/one-#{@one.vm_id}/cpu.shares"
cmd = "echo #{cpu_shares(@one.get_cpu)} > #{shares_location}"
`echo "AAA#{Command.execute_once(cmd, false)}" > /tmp/a`
end
end

View File

@ -0,0 +1,70 @@
#!/bin/bash
# -------------------------------------------------------------------------- #
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
# exit when any command fails
set -e
CGROUP_PATH=""
CPU_VAL=""
SYSDS_PATH=""
VM_ID=""
while getopts ":c:p:s:v:" opt; do
case $opt in
c) CGROUP_PATH="$OPTARG" ;; # root of cgroup FS
p) CPU_VAL="$OPTARG" ;; # cpu.shares value
s) SYSDS_PATH="$OPTARG" ;; # system datastore path
v) VM_ID="$OPTARG" ;; # VM id
esac
done
# Check $CGROUP_PATH is an existing directory
if [ ! -d "$CGROUP_PATH" ]; then
exit -1
fi
# Check $SYSDS_PATH is an existing directory
if [ ! -d "$SYSDS_PATH" ]; then
exit -1
fi
regex_num='^[0-9]+$'
# Check $VM_ID is an integer
if ! [[ "$VM_ID" =~ $regex_num ]]; then
exit -1
fi
# Check $CPU_VAL is an integer
if ! [[ "$CPU_VAL" =~ $regex_num ]]; then
exit -1
fi
###############################################################################
# Map the jailer chroot path to the OpenNebula VM location
###############################################################################
ROOTFS_PATH="/srv/jailer/firecracker/one-$VM_ID/root"
mkdir -p "$ROOTFS_PATH"
mount -o bind "$SYSDS_PATH/$VM_ID" "$ROOTFS_PATH"
###############################################################################
# Set cpu.shares value to restrict cpu usage
###############################################################################
mkdir "$CGROUP_PATH/cpu/firecracker/one-$VM_ID"
echo "$CPU_VAL" > "$CGROUP_PATH/cpu/firecracker/one-$VM_ID/cpu.shares"