Add option to limit pids within a container
Because we run container side applications using the swift user, we need a mechanism to limit number of processes launched inside storlet containers so that user workloads do not consume all allowed pids in host. This introduces a new option to set pids limit in each container. Change-Id: Idc07807ab7dba12c795d19d6405fc998e7b09893
This commit is contained in:
parent
ede1fe4b33
commit
5818bc046d
|
@ -257,6 +257,7 @@ class RunTimeSandbox(object):
|
|||
pass
|
||||
self.container_cpuset_cpus = conf.get('container_cpuset_cpus')
|
||||
self.container_cpuset_mems = conf.get('container_cpuset_mems')
|
||||
self.container_pids_limit = int(conf.get('container_pids_limit', 0))
|
||||
|
||||
def ping(self):
|
||||
"""
|
||||
|
@ -364,6 +365,7 @@ class RunTimeSandbox(object):
|
|||
mem_limit=self.container_mem_limit,
|
||||
cpuset_cpus=self.container_cpuset_cpus,
|
||||
cpuset_mems=self.container_cpuset_mems,
|
||||
pids_limit=self.container_pids_limit,
|
||||
labels={'managed_by': 'storlets'})
|
||||
except docker.errors.ImageNotFound:
|
||||
msg = "Image %s is not found" % docker_image_name
|
||||
|
|
Loading…
Reference in New Issue