Merge pull request #78 from cnlkl/issue_77

feat: 支持限制扫描器可用内存 #77
TencentBlueKing · Nov 28, 2022 · d3399b3 · d3399b3
2 parents 3ac8c0e + 486d09d
commit d3399b3
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 2 deletions.
diff --git a/...is-executor/src/main/kotlin/com/tencent/bkrepo/analysis/executor/util/DockerScanHelper.kt b/...is-executor/src/main/kotlin/com/tencent/bkrepo/analysis/executor/util/DockerScanHelper.kt
@@ -55,7 +55,7 @@ class DockerScanHelper(
         val maxScanDuration = task.scanner.maxScanDuration(scannerInputFile.length())
         // 创建容器
         val maxFileSize = maxFileSize(scannerInputFile.length())
-        val hostConfig = DockerUtils.dockerHostConfig(binds, maxFileSize)
+        val hostConfig = DockerUtils.dockerHostConfig(binds, maxFileSize, task.scanner.memory)
         val containerId = dockerClient.createContainer(image, hostConfig, args)
 
         taskContainerIdMap[task.taskId] = containerId

diff --git a/...nalysis-executor/src/main/kotlin/com/tencent/bkrepo/analysis/executor/util/DockerUtils.kt b/...nalysis-executor/src/main/kotlin/com/tencent/bkrepo/analysis/executor/util/DockerUtils.kt
@@ -106,6 +106,7 @@ object DockerUtils {
     fun dockerHostConfig(
         binds: Binds,
         maxSize: Long,
+        mem: Long,
         withPrivileged: Boolean = false
     ): HostConfig {
         return HostConfig().apply {
@@ -114,6 +115,7 @@ object DockerUtils {
             // 降低容器CPU优先级，限制可用的核心，避免调用DockerDaemon获其他系统服务时超时
             withCpuShares(CONTAINER_CPU_SHARES)
             withPrivileged(withPrivileged)
+            withMemory(mem)
             val processorCount = Runtime.getRuntime().availableProcessors()
             if (processorCount > 2) {
                 withCpusetCpus("0-${processorCount - 2}")

diff --git a/...ommon-analysis/src/main/kotlin/com/tencent/bkrepo/common/analysis/pojo/scanner/Scanner.kt b/...ommon-analysis/src/main/kotlin/com/tencent/bkrepo/common/analysis/pojo/scanner/Scanner.kt
@@ -70,7 +70,9 @@ open class Scanner(
     @ApiModelProperty("支持扫描的包类型")
     val supportPackageTypes: List<String> = emptyList(),
     @ApiModelProperty("支持扫描的类型")
-    val supportScanTypes: List<String> = emptyList()
+    val supportScanTypes: List<String> = emptyList(),
+    @ApiModelProperty("执行扫描所需要的内存大小")
+    val memory: Long = DEFAULT_MEM
 ) {
     /**
      * 获取待扫描文件最大允许扫描时长
@@ -101,5 +103,9 @@ open class Scanner(
          * 默认至少允许扫描的时间
          */
         private const val DEFAULT_MIN_SCAN_DURATION = 3 * 60L * 1000L
+        /**
+         * 默认内存大小
+         */
+        private const val DEFAULT_MEM = 32L * 1024L * 1024L * 1024L
     }
 }
diff --git a/src/frontend/devops-op/src/views/scan/components/CreateOrUpdateScannerDialog.vue b/src/frontend/devops-op/src/views/scan/components/CreateOrUpdateScannerDialog.vue
@@ -21,6 +21,11 @@
       <el-form-item label="扫描结束后是否清理" prop="cleanWorkDir" required>
         <el-switch v-model="scanner.cleanWorkDir" />
       </el-form-item>
+      <el-form-item label="执行扫描所需内存" prop="memory" required>
+        <el-input v-model.number="scanner.memory" type="number">
+          <template slot="append">Byte</template>
+        </el-input>
+      </el-form-item>
       <el-form-item label="1MB最大允许扫描时间" prop="maxScanDurationPerMb" required>
         <el-input v-model.number="scanner.maxScanDurationPerMb" type="number">
           <template slot="append">ms</template>
@@ -297,6 +302,7 @@ export default {
         description: '',
         rootPath: type,
         cleanWorkDir: true,
+        memory: 32 * 1024 * 1024 * 1024,
         maxScanDurationPerMb: 6000,
         supportFileNameExt: [],
         supportPackageTypes: [],