/swarmkit

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add sysctls support #2729

Merged
merged 1 commit into from Aug 24, 2018
+367 −145

Conversation

Reviewers

@thaJeztah thaJeztah

@ctelfer ctelfer

@anshulpundir anshulpundir

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
6 participants
@dperny @cballou @gittycat @thaJeztah @ctelfer @anshulpundir
@dperny
Member

dperny commented Aug 22, 2018

- What I did

Adds support for sysctl options to the container spec. This is equivalent to the --sysctl flag on docker run.

- How I did it
Added a field to the protocol buffer for sysctl options.

Only API changes are required for swarmkit. All of the other changes involving plumbing through these options happens downstream in the engine.

- How to test it

N/A, we don't even use this field directly in swarmkit.

- Description for the changelog

Added support for sysctls in services. This is equivalent to the --sysctl flag on docker run.
@ctelfer

ctelfer approved these changes Aug 22, 2018
View changes

LGTM FWIW

Obviously swarm doesn't care much about this ... just needs to carry the information.

dperny added a commit to dperny/docker that referenced this pull request Aug 22, 2018

@dperny
Add support for sysctl options in services 
Adds support for sysctl options in docker services.

* Adds API plumbing for creating services with sysctl options set.
* Adds swagger.yaml documentation for new API field.
* Changes executor package to make use of the Sysctls field on objects
* Includes integration test to verify that new behavior works.

Essentially, everything needed to support the equivalent of docker run's
`--sysctl` option except the CLI.

Depends on docker/swarmkit#2729, which is not merged yet, and so has my
fork branch of swarmkit vendored in to demonstrate passing integration
test.

Signed-off-by: Drew Erny <drew.erny@docker.com>
3ff99e4

@dperny dperny referenced this pull request Aug 22, 2018

Merged

Add support for sysctl options in services #37701

@anshulpundir

anshulpundir approved these changes Aug 22, 2018
View changes

api/specs.proto Outdated
// Sysctls sets namespaced kernel parameters (sysctls) in the container. This
// option is equivalent to passing --sysctl to docker run.
//
// Note that while options are are subject to the same restrictions as

This comment has been minimized.

Sign in to view
Copy link
@anshulpundir

anshulpundir Aug 22, 2018

Contributor

remove one 'are'

This was referenced Aug 23, 2018

Open
Closed
Open
Open
Open
Open

dperny added a commit to dperny/docker that referenced this pull request Aug 23, 2018

@dperny
Add support for sysctl options in services 
Adds support for sysctl options in docker services.

* Adds API plumbing for creating services with sysctl options set.
* Adds swagger.yaml documentation for new API field.
* Updates the API version history document.
* Changes executor package to make use of the Sysctls field on objects
* Includes integration test to verify that new behavior works.

Essentially, everything needed to support the equivalent of docker run's
`--sysctl` option except the CLI.

Depends on docker/swarmkit#2729, which is not merged yet, and so has my
fork branch of swarmkit vendored in to demonstrate passing integration
test.

Signed-off-by: Drew Erny <drew.erny@docker.com>
a8e023b

dperny added a commit to dperny/docker that referenced this pull request Aug 23, 2018

@dperny
Add support for sysctl options in services 
Adds support for sysctl options in docker services.

* Adds API plumbing for creating services with sysctl options set.
* Adds swagger.yaml documentation for new API field.
* Updates the API version history document.
* Changes executor package to make use of the Sysctls field on objects
* Includes integration test to verify that new behavior works.

Essentially, everything needed to support the equivalent of docker run's
`--sysctl` option except the CLI.

Depends on docker/swarmkit#2729, which is not merged yet, and so has my
fork branch of swarmkit vendored in to demonstrate passing integration
test.

Signed-off-by: Drew Erny <drew.erny@docker.com>
6a24f7b
@thaJeztah

thaJeztah approved these changes Aug 23, 2018
View changes

LGTM (perhaps after @anshulpundir's nit was addressed, but not a blocker for me)

api/specs.pb.go
@@ -2064,6 +2085,25 @@ func (m *ContainerSpec) MarshalTo(dAtA []byte) (int, error) {
i++
i = encodeVarintSpecs(dAtA, i, uint64(m.PidsLimit))
}
if len(m.Sysctls) > 0 {

This comment has been minimized.

Sign in to view
Copy link
@thaJeztah

thaJeztah Aug 23, 2018

Member

this check looks redundant; the code inside the for loop won't be executed if it's empty; https://play.golang.org/p/SkHL_G_iJtv

edit: nevermind. Didn't notice I was looking at generated code ("Code generated by protoc-gen-gogo. DO NOT EDIT.") 😊
api/specs.pb.go
@@ -2781,6 +2821,14 @@ func (m *ContainerSpec) Size() (n int) {
if m.PidsLimit != 0 {
n += 2 + sovSpecs(uint64(m.PidsLimit))
}
if len(m.Sysctls) > 0 {

This comment has been minimized.

Sign in to view
Copy link
@thaJeztah

thaJeztah Aug 23, 2018

Member

Same here; this check looks redundant

edit: nevermind. Didn't notice I was looking at generated code ("Code generated by protoc-gen-gogo. DO NOT EDIT.") 😊
@dperny
Add sysctls support 
Adds support for sysctl options to the container spec. This is
equivalent to the --sysctl flag on `docker run`.

Only API changes are required for swarmkit. All of the other changes
involving plumbing through these options happens downstream in the
engine.

Signed-off-by: Drew Erny <drew.erny@docker.com>
Loading status checks…
ae22e33

@dperny dperny force-pushed the dperny:add-sysctls-support branch from 0e685ac to ae22e33 Aug 24, 2018

@dperny

This comment has been minimized.

Sign in to view
Member

dperny commented Aug 24, 2018

Removed one of two consecutive "are"s.
@codecov

This comment has been minimized.

Sign in to view

codecov bot commented Aug 24, 2018

Codecov Report

Merging #2729 into master will increase coverage by <.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #2729      +/-   ##
==========================================
+ Coverage   61.71%   61.72%   +<.01%     
==========================================
  Files         134      134              
  Lines       21888    21888              
==========================================
+ Hits        13508    13510       +2     
+ Misses       6916     6912       -4     
- Partials     1464     1466       +2

dperny added a commit to dperny/docker that referenced this pull request Aug 24, 2018

@dperny
Add support for sysctl options in services 
Adds support for sysctl options in docker services.

* Adds API plumbing for creating services with sysctl options set.
* Adds swagger.yaml documentation for new API field.
* Updates the API version history document.
* Changes executor package to make use of the Sysctls field on objects
* Includes integration test to verify that new behavior works.

Essentially, everything needed to support the equivalent of docker run's
`--sysctl` option except the CLI.

Depends on docker/swarmkit#2729, which is not merged yet, and so has my
fork branch of swarmkit vendored in to demonstrate passing integration
test.

Signed-off-by: Drew Erny <drew.erny@docker.com>
1f8f6c3
@anshulpundir

anshulpundir reviewed Aug 24, 2018
View changes

api/specs.proto
@@ -315,9 +315,24 @@ message ContainerSpec {
// Runtimes that don't support it ignore that field
Isolation isolation = 24;
// PidsLimit prevents from OS resource damage by applications inside the container
// PidsLimit prevents from OS resource damage by applications inside the container

This comment has been minimized.

Sign in to view
Copy link
@anshulpundir

anshulpundir Aug 24, 2018

Contributor

supernit: remove 'from'
@anshulpundir

anshulpundir approved these changes Aug 24, 2018
View changes

@anshulpundir anshulpundir merged commit 27f5625 into docker:master Aug 24, 2018
3 checks passed

3 checks passed

ci/circleci Your tests passed on CircleCI!
Details
codecov/project 61.72% (target 0%)
Details
dco-signed All commits are signed

@thaJeztah thaJeztah referenced this pull request Sep 12, 2018

Merged

Global Default AddressPool - Update #37736

@cballou

This comment has been minimized.

Sign in to view

cballou commented Sep 15, 2018
edited

I see this was merged into master. What version of docker-ce can we find this in? Edge? Experimental? I'm looking for docker compose support of sysctls when using docker stack deploy -f docker-compose.yaml.

I'm currently running docker version 18.06.1-ce with a docker-compose.yaml file on version 3.7 which continues to include the warning: Ignoring unsupported options: sysctls when running docker stack deploy.
@gittycat

This comment has been minimized.

Sign in to view

gittycat commented Sep 17, 2018

@thaJeztah The #2729 was pushed to SwarmKit on Aug 25. SwarmKit hasn't been updated in docker-ce since Aug 4th. You did the bump. This would be an important missing feature to add to docker-ce 18.9.0 while it's still in beta. Is this a possibility?

tiborvass added a commit to tiborvass/docker that referenced this pull request Sep 22, 2018

@tiborvass
vendor: remove boltdb dependency which is superseded by bbolt 
This also brings in these PRs from swarmkit:
- docker/swarmkit#2691
- docker/swarmkit#2744
- docker/swarmkit#2732
- docker/swarmkit#2729
- docker/swarmkit#2748

Signed-off-by: Tibor Vass <tibor@docker.com>
e3fbb5f

@tiborvass tiborvass referenced this pull request Sep 22, 2018

Merged

[18.09] Remove boltdb dependency #60

tiborvass added a commit to tiborvass/docker that referenced this pull request Sep 22, 2018

@tiborvass
vendor: remove boltdb dependency which is superseded by bbolt 
This also brings in these PRs from swarmkit:
- docker/swarmkit#2691
- docker/swarmkit#2744
- docker/swarmkit#2732
- docker/swarmkit#2729
- docker/swarmkit#2748

Signed-off-by: Tibor Vass <tibor@docker.com>
cce1763

docker-jenkins pushed a commit to docker/docker-ce that referenced this pull request Sep 22, 2018

@tiborvass
vendor: remove boltdb dependency which is superseded by bbolt 
This also brings in these PRs from swarmkit:
- docker/swarmkit#2691
- docker/swarmkit#2744
- docker/swarmkit#2732
- docker/swarmkit#2729
- docker/swarmkit#2748

Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: cce1763d57b5c8fc446b0863517bb5313e7e53be
Component: engine
47296e7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment