Skip to content

Commit

Permalink
implement podman update
Browse files Browse the repository at this point in the history
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:

–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device

resolves containers#15067

Signed-off-by: Charlie Doern <cdoern@redhat.com>
  • Loading branch information
cdoern committed Aug 10, 2022
1 parent 89ab5c9 commit 8e70214
Show file tree
Hide file tree
Showing 28 changed files with 500 additions and 119 deletions.
85 changes: 85 additions & 0 deletions cmd/podman/containers/update.go
@@ -0,0 +1,85 @@
package containers

import (
"context"
"fmt"

"github.com/containers/podman/v4/cmd/podman/common"
"github.com/containers/podman/v4/cmd/podman/registry"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/specgen"
"github.com/containers/podman/v4/pkg/specgenutil"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/spf13/cobra"
)

var (
updateDescription = `Updates the cgroup configuration of a given container`

updateCommand = &cobra.Command{
Use: "update [options] CONTAINER",
Short: "update an existing container",
Long: updateDescription,
RunE: update,
Args: cobra.ExactArgs(1),
ValidArgsFunction: common.AutocompleteContainers,
Example: `podman update --cpus=5 foobar_container`,
}

containerUpdateCommand = &cobra.Command{
Args: updateCommand.Args,
Use: updateCommand.Use,
Short: updateCommand.Short,
Long: updateCommand.Long,
RunE: updateCommand.RunE,
ValidArgsFunction: updateCommand.ValidArgsFunction,
Example: `podman container update --cpus=5 foobar_container`,
}
)
var (
updateOpts entities.ContainerCreateOptions
)

func updateFlags(cmd *cobra.Command) {
common.DefineCreateDefaults(&updateOpts)
common.DefineCreateFlags(cmd, &updateOpts, false, false)
}

func init() {
registry.Commands = append(registry.Commands, registry.CliCommand{
Command: updateCommand,
})
updateFlags(updateCommand)

registry.Commands = append(registry.Commands, registry.CliCommand{
Command: containerUpdateCommand,
Parent: containerCmd,
})
updateFlags(containerUpdateCommand)
}

func update(cmd *cobra.Command, args []string) error {
var err error
// so here we are going to want to maybe create a new type and/or fill out a
// container resource spec. Might make sense to go specgen -->

s := &specgen.SpecGenerator{}
s.ResourceLimits = &specs.LinuxResources{}

// JUST pass the resource limits. We do not need an entire specgen.
s.ResourceLimits, err = specgenutil.GetResources(s, &updateOpts)
if err != nil {
return err
}

opts := &entities.ContainerUpdateOptions{
NameOrID: args[0],
Specgen: s,
}
rep, err := registry.ContainerEngine().ContainerUpdate(context.Background(), opts)
if err != nil {
return err
}
fmt.Println(rep)
return nil
}
1 change: 1 addition & 0 deletions docs/source/markdown/.gitignore
Expand Up @@ -6,3 +6,4 @@ podman-pod-clone.1.md
podman-pod-create.1.md
podman-pull.1.md
podman-run.1.md
podman-update.1.md
9 changes: 9 additions & 0 deletions docs/source/markdown/options/cpus.md
@@ -0,0 +1,9 @@
#### **--cpus**=*number*

Number of CPUs. The default is *0.0* which means no limit. This is shorthand
for **--cpu-period** and **--cpu-quota**, so you may only set either
**--cpus** or **--cpu-period** and **--cpu-quota**.

On some systems, changing the CPU limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
3 changes: 3 additions & 0 deletions docs/source/markdown/options/device-read-bps.md
@@ -0,0 +1,3 @@
#### **--device-read-bps**=*path*

Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb).
3 changes: 3 additions & 0 deletions docs/source/markdown/options/device-read-iops.md
@@ -0,0 +1,3 @@
#### **--device-read-iops**=*path:rate*

Limit read rate (in IO operations per second) from a device (e.g. **--device-read-iops=/dev/sda:1000**).
3 changes: 3 additions & 0 deletions docs/source/markdown/options/device-write-bps.md
@@ -0,0 +1,3 @@
#### **--device-write-bps**=*path:rate*

Limit write rate (in bytes per second) to a device (e.g. **--device-write-bps=/dev/sda:1mb**).
3 changes: 3 additions & 0 deletions docs/source/markdown/options/device-write-iops.md
@@ -0,0 +1,3 @@
#### **--device-write-iops**=*path*

Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)
9 changes: 9 additions & 0 deletions docs/source/markdown/options/memory-reservation.md
@@ -0,0 +1,9 @@
#### **--memory-reservation**=*limit*

Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))

After setting memory reservation, when the system detects memory contention
or low memory, containers are forced to restrict their consumption to their
reservation. So you should always set the value below **--memory**, otherwise the
hard limit will take precedence. By default, memory reservation will be the same
as memory limit.
10 changes: 10 additions & 0 deletions docs/source/markdown/options/memory-swap.md
@@ -0,0 +1,10 @@
#### **--memory-swap**=*limit*

A limit value equal to memory plus swap. Must be used with the **-m**
(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
(**--memory**) value. By default, the swap `LIMIT` will be set to double
the value of --memory.

The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
9 changes: 9 additions & 0 deletions docs/source/markdown/options/memory.md
@@ -0,0 +1,9 @@
#### **--memory**, **-m**=*limit*

Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))

Allows you to constrain the memory available to a container. If the host
supports swap memory, then the **-m** memory setting can be larger than physical
RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of trillions).
8 changes: 2 additions & 6 deletions docs/source/markdown/podman-container-clone.1.md.in
Expand Up @@ -50,13 +50,9 @@ If none are specified, the original container's CPU memory nodes are used.

@@option destroy

#### **--device-read-bps**=*path*
@@option device-read-bps

Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb).

#### **--device-write-bps**=*path*

Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
@@option device-write-bps

#### **--force**, **-f**

Expand Down
61 changes: 10 additions & 51 deletions docs/source/markdown/podman-create.1.md.in
Expand Up @@ -96,9 +96,7 @@ environment variable. `export REGISTRY_AUTH_FILE=path`

@@option blkio-weight

#### **--blkio-weight-device**=*device:weight*

Block IO relative device weight.
@@option blkio-weight-device

@@option cap-add

Expand All @@ -124,21 +122,15 @@ Write the container ID to the file

@@option cpu-quota

@@option cpu-quota

@@option cpu-rt-period

@@option cpu-rt-runtime

@@option cpu-shares

#### **--cpus**=*number*

Number of CPUs. The default is *0.0* which means no limit. This is shorthand
for **--cpu-period** and **--cpu-quota**, so you may only set either
**--cpus** or **--cpu-period** and **--cpu-quota**.

On some systems, changing the CPU limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/main/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
@@option cpus

@@option cpuset-cpus

Expand Down Expand Up @@ -170,21 +162,13 @@ Add a rule to the cgroup allowed devices list. The rule is expected to be in the
- major and minor: either a number, or * for all;
- mode: a composition of r (read), w (write), and m (mknod(2)).

#### **--device-read-bps**=*path*

Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)

#### **--device-read-iops**=*path*
@@option device-read-bps

Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)
@@option device-read-iops

#### **--device-write-bps**=*path*
@@option device-write-bps

Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)

#### **--device-write-iops**=*path*

Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)

#### **--disable-content-trust**

Expand Down Expand Up @@ -365,36 +349,11 @@ This option is currently supported only by the **journald** log driver.

@@option mac-address

#### **--memory**, **-m**=*limit*

Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))

Allows you to constrain the memory available to a container. If the host
supports swap memory, then the **-m** memory setting can be larger than physical
RAM. If a limit of 0 is specified (not using **-m**), the container's memory is
not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of trillions).

#### **--memory-reservation**=*limit*

Memory soft limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))

After setting memory reservation, when the system detects memory contention
or low memory, containers are forced to restrict their consumption to their
reservation. So you should always set the value below **--memory**, otherwise the
hard limit will take precedence. By default, memory reservation will be the same
as memory limit.

#### **--memory-swap**=*limit*
@@option memory

A limit value equal to memory plus swap. Must be used with the **-m**
(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
(**--memory**) value. By default, the swap `LIMIT` will be set to double
the value of --memory.
@@option memory-reservation

The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
`k` (kibibytes), `m` (mebibytes), or `g` (gibibytes). If you don't specify a
unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
@@option memory-swap

@@option memory-swappiness

Expand Down
8 changes: 2 additions & 6 deletions docs/source/markdown/podman-pod-clone.1.md.in
Expand Up @@ -48,13 +48,9 @@ Podman may load kernel modules required for using the specified
device. The devices that Podman will load modules for when necessary are:
/dev/fuse.

#### **--device-read-bps**=*path*
@@option device-read-bps

Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb).

#### **--device-write-bps**=*path*

Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
@@option device-write-bps

#### **--gidmap**=*pod_gid:host_gid:amount*

Expand Down
8 changes: 2 additions & 6 deletions docs/source/markdown/podman-pod-create.1.md.in
Expand Up @@ -65,13 +65,9 @@ Podman may load kernel modules required for using the specified
device. The devices that Podman will load modules for when necessary are:
/dev/fuse.

#### **--device-read-bps**=*path*
@@option device-read-bps

Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)

#### **--device-write-bps**=*path*

Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)
@@option device-write-bps

#### **--dns**=*ipaddr*

Expand Down
16 changes: 4 additions & 12 deletions docs/source/markdown/podman-run.1.md.in
Expand Up @@ -201,21 +201,13 @@ device. The devices that Podman will load modules when necessary are:

Add a rule to the cgroup allowed devices list

#### **--device-read-bps**=*path:rate*
@@option device-read-bps

Limit read rate (in bytes per second) from a device (e.g. **--device-read-bps=/dev/sda:1mb**).
@@option device-read-iops

#### **--device-read-iops**=*path:rate*
@@option device-write-bps

Limit read rate (in IO operations per second) from a device (e.g. **--device-read-iops=/dev/sda:1000**).

#### **--device-write-bps**=*path:rate*

Limit write rate (in bytes per second) to a device (e.g. **--device-write-bps=/dev/sda:1mb**).

#### **--device-write-iops**=*path:rate*

Limit write rate (in IO operations per second) to a device (e.g. **--device-write-iops=/dev/sda:1000**).
@@option device-write-iops

#### **--disable-content-trust**

Expand Down
58 changes: 58 additions & 0 deletions docs/source/markdown/podman-update.1.md.in
@@ -0,0 +1,58 @@
% podman-update(1)

## NAME
podman\-update - Updates the cgroup configuration of a given container

## SYNOPSIS
**podman update** [*options*] *container*

**podman container update** [*options*] *container*

## DESCRIPTION

Updates the cgroup configuration of an already existing container. The currently supported options are a susbet of the
podman create/run resource limits options. This command takes one argument, a container name or ID, alongside the resource flags to modify the cgroup.

## OPTIONS

@@option blkio-weight

@@option blkio-weight-device

@@option cpu-period

@@option cpu-quota

@@option cpu-rt-period

@@option cpu-rt-runtime

@@option cpu-shares

@@option cpus

@@option cpuset-cpus

@@option cpuset-mems

@@option device-read-bps

@@option device-read-iops

@@option device-write-bps

@@option device-write-iops

@@option memory

@@option memory-reservation

@@option memory-swappiness

@@option memory-swap

## SEE ALSO
**[podman(1)](podman.1.md)**, **[podman-create(1)](podman-create.1.md.in)**, **[podman-run(1)](podman-run.1.md.in)**

## HISTORY
August 2022, Originally written by Charlie Doern <cdoern@redhat.com>
1 change: 1 addition & 0 deletions docs/source/markdown/podman.1.md
Expand Up @@ -355,6 +355,7 @@ the exit codes follow the `chroot` standard, see below:
| [podman-unpause(1)](podman-unpause.1.md) | Unpause one or more containers. |
| [podman-unshare(1)](podman-unshare.1.md) | Run a command inside of a modified user namespace. |
| [podman-untag(1)](podman-untag.1.md) | Removes one or more names from a locally-stored image. |
| [podman-update(1)](podman-update.1.md) | Updates the cgroup configuration of a given container. |
| [podman-version(1)](podman-version.1.md) | Display the Podman version information. |
| [podman-volume(1)](podman-volume.1.md) | Simple management tool for volumes. |
| [podman-wait(1)](podman-wait.1.md) | Wait on one or more containers to stop and print their exit codes. |
Expand Down

0 comments on commit 8e70214

Please sign in to comment.