From 1f48b32c42e0b443a1e7c8b7d21a8d9a771ec0d8 Mon Sep 17 00:00:00 2001 From: Peter Wilmott Date: Fri, 31 Jul 2015 19:35:42 +0000 Subject: [PATCH] Cleaned up cgroup implementation Set default limits to 1 core and 512MB, CGX has also been removed to try and make it more clear what is calling what. --- bocker | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/bocker b/bocker index 37e41c8..2e0b786 100755 --- a/bocker +++ b/bocker @@ -1,7 +1,6 @@ #!/usr/bin/env bash set -o errexit -o nounset -o pipefail; shopt -s nullglob -btrfs_path='/var/bocker' -cgroups='cpu,cpuacct,cpuset,memory'; $(cgget -h &> /dev/null) && CGX="cgexec -g $cgroups" || CGX='_=' +btrfs_path='/var/bocker'; cgroups='cpu,cpuacct,cpuset,memory'; function bocker_check() { btrfs subvolume list "$btrfs_path" | grep -qw "$1" && echo 0 || echo 1 @@ -76,8 +75,10 @@ function bocker_run() { #HELP Create a container:\nBOCKER run /dev/null echo 'nameserver 8.8.8.8' > "$btrfs_path/$uuid"/etc/resolv.conf echo "$cmd" > "$btrfs_path/$uuid/$uuid.cmd" - cgcreate -g $cgroups:/$uuid && cgset -r cpuset.cpus=0-$(($(grep vendor_id /proc/cpuinfo | wc -l)-1)) $uuid && cgset -r cpuset.mems=0 $uuid &> /dev/null || true - $CGX:$uuid ip netns exec netns_"$uuid" "unshare" -fmuip --mount-proc "chroot" \ + cgcreate -g "$cgroups:/$uuid" + cgset -r cpuset.cpus=0-1 "$uuid" && cgset -r cpuset.mems=0 "$uuid" + cgset -r memory.limit_in_bytes=512000000 "$uuid" + cgexec -g "$cgroups:$uuid" ip netns exec netns_"$uuid" "unshare" -fmuip --mount-proc "chroot" \ "$btrfs_path/$uuid" /bin/sh -c "/bin/mount -t proc proc /proc && $cmd" \ 2>&1 | tee "$btrfs_path/$uuid/$uuid.log" || true ip link del dev veth0_"$uuid"