LCOW: adds memory limit for linux containers #35955
Conversation
|
Please sign your commits following these rules: $ git clone -b "lcow-adds-memory-limit-to-linux-containers" git@github.com:bruegth/moby.git somewhere
$ cd somewhere
$ git commit --amend -s --no-edit
$ git push -fAmending updates the existing PR. You DO NOT need to open a new one. |
Signed-off-by: Thomas Brueggemann <thomas.brueggemann@wuh-group.com>
|
/cc @jhowardmsft |
| @@ -418,6 +418,13 @@ func (c *client) createLinux(id string, spec *specs.Spec, runtimeOptions interfa | |||
| } | |||
| configuration.NetworkSharedContainerName = spec.Windows.Network.NetworkSharedContainerName | |||
| } | |||
|
|
|||
| // Add memory limit (if omittet the memory will be limited to default (1GB) in Hyper-V isolation) | |||
| if spec.Windows.Resources.Memory != nil { | |||
There was a problem hiding this comment.
These don't need to be nested - the second if won't be evaluated if the first is false.
There was a problem hiding this comment.
I'm not sure I follow. The first is required in case specs.Windows.Resources.Memory is nil, right?
|
@johnstep PTAL |
| @@ -418,6 +418,13 @@ func (c *client) createLinux(id string, spec *specs.Spec, runtimeOptions interfa | |||
| } | |||
| configuration.NetworkSharedContainerName = spec.Windows.Network.NetworkSharedContainerName | |||
| } | |||
|
|
|||
| // Add memory limit (if omittet the memory will be limited to default (1GB) in Hyper-V isolation) | |||
| @@ -418,6 +418,13 @@ func (c *client) createLinux(id string, spec *specs.Spec, runtimeOptions interfa | |||
| } | |||
| configuration.NetworkSharedContainerName = spec.Windows.Network.NetworkSharedContainerName | |||
| } | |||
|
|
|||
| // Add memory limit (if omittet the memory will be limited to default (1GB) in Hyper-V isolation) | |||
| if spec.Windows.Resources.Memory != nil { | |||
There was a problem hiding this comment.
I'm not sure I follow. The first is required in case specs.Windows.Resources.Memory is nil, right?
|
|
||
| // Add memory limit (if omittet the memory will be limited to default (1GB) in Hyper-V isolation) | ||
| if spec.Windows.Resources.Memory != nil { | ||
| if spec.Windows.Resources.Memory.Limit != nil { |
There was a problem hiding this comment.
I'm super confused; spec.Windows.Resources controls resources for Linux containers? I'm worried that we'll now be duplicating all functionality that's already covered by standard Linux containers;
moby/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
Lines 22 to 27 in 4f5c47a
There was a problem hiding this comment.
I think the distinction Windows / Linux is not so well chosen, possibly HCS / Docker (+plattform specific subset) would be better.
Conversely, the HCS is also a subset of the docker config.
https://github.com/Microsoft/hcsshim/blob/master/interface.go#L67
https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate
There was a problem hiding this comment.
Point is that Linux containers take a whole different set of options for Memory constraints;
moby/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
Lines 273 to 289 in 4f5c47a
IIUC, this will now map the Memory-constraints for the container to the Hyper-V VM for the container (not the container itself)
There was a problem hiding this comment.
Yes that is correct.
HyperV Isolation mode reserves the memory for the container and the container itself has a limit by container config.
So in HyperV Isolation the container count is limit by physical memory.
Signed-off-by: Thomas Brueggemann <thomas.brueggemann@wuh-group.com>
|
I think @thaJeztah's concerns about LCOW vs Windows are valid: isn't the whole point of LCOW to abstract the Linux API implementation and let userspace programs behave the same as on Linux? In which case why don't we reuse the Linux configs? Those questions have to be answered, but let's unblock this PR. LGTM |
|
@tiborvass I had an offline conversation with @johnstep, but there's a good reason here. The short answer is that on Windows, there really are two sets of "resources" to run an LCOW Some are required to configure the utility VM itself, such as layer paths, defined in OCI under Beyond that is configuration of the container inside the utility VM. That's where the Linux side of the OCI spec comes in (the Does that help clear up your question? |
|
@jhowardmsft almost! How do the windows resources get set, and shouldn't the linux resources be set instead? IOW, So is the solution to only set the windows ressources for the ones that VMs also have, and set the linux ressources only for the very cgroupy things? |
|
Please note that, while the code changes look fine, this should not be merged until the discussion above is completed, and there are still outstanding questions. Thanks. |
|
Would it be possible to get the discussion going again, as it seems to have have stopped for some reason :/ |
|
Yes... please continue the conversation. I need this feature, and I'm sure others do too. (Unless someone here knows a different workaround for "... HCS [setting] the default 1Gb which is annoying"?) |
|
Can we resolve this PR? Only being able to create a Linux container that support a hard coded ~1 GB of memory doesn't help much. I am trying to create a Linux Saltstack master + Windows minion combination and LCOW makes that combination of platform types much easier. However, Salt needs more than the default allocated memory. |
|
I think in the HCS v1 schema, this is pretty much the best we can do. In the v2 schema, it's far more flexible with clients in control of both the utility VM side and the container side. |
|
This PR would end in nil errors with only these changes. I had opened another pull request for both CPU and Memory limits on LCOW. #37296 |
|
@bruegth CI fails to error: And there is reviews above which needs to be addressed. |
|
@johnstep and @thaJeztah I suggest to close this PR and go further with #37296 |
Closing... |
- What I did
LCOW: adds memory limit to linux containers
Because if omitted a Hyper-V container is limited to 1GB and couldn't changed.
- How I did it
copy and paste from windows container creation
- How to verify it
run meminfo in linux container under windows
- Description for the changelog
LCOW: Adds memory limit for linux containers
- A picture of a cute animal (not mandatory but encouraged)