openstack
/
paunch
Code Issues Proposed changes

Add --cpuset-cpus support for both Docker and Podman 

Limit the specific CPUs or cores a container can use.

If cpuset-cpus is configured in the container layout, then the value
will be used when running the container cli with --cpuset-cpus.
If 'all' is used as a value, we'll then take all available cpus,
computed by: "0-" + str(psutil.cpu_count()-1)

If unset (default), the cpuset-cpus value is computed by using psutil with a
new function which returns a comma-separated list range of CPUs that a
container can use.

This parameter is particulary useful for NFV:
https://bugzilla.redhat.com/show_bug.cgi?id=1750781
Indeed, for NFV workloads, in order to achieve 0 packet loss, linux processes,
ovs-dpdk (if applicable) and VMs are isolated thanks to kernel args (isolcpus)
and tuned profiles (cpu-partitioning).

Change-Id: I9443ad60affe9c7823b17daa259efee542c6fe22
This commit is contained in:
Emilien Macchi 2019-09-10 09:36:28 -04:00
parent f20c8f8158
commit d6ae074d25
8 changed files with 153 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
paunch/builder/compose1.py
View File

@ -14,6 +14,7 @@
import os
from paunch.builder import base
from paunch.utils import common
class ComposeV1Builder(base.BaseBuilder):
@ -85,6 +86,15 @@ class ComposeV1Builder(base.BaseBuilder):
for extra_host in cconfig.get('extra_hosts', []):
if extra_host:
cmd.append('--add-host=%s' % extra_host)
if 'cpuset_cpus' in cconfig:
# 'all' is a special value to directly configure all CPUs
# that are available.
if cconfig['cpuset_cpus'] == 'all':
cmd.append('--cpuset-cpus=%s' % common.get_all_cpus())
else:
cmd.append('--cpuset-cpus=%s' % cconfig['cpuset_cpus'])
else:
cmd.append('--cpuset-cpus=%s' % common.get_cpus_allowed_list())
self.string_arg(cconfig, cmd,
'stop_grace_period', '--stop-timeout',
@ -105,7 +115,6 @@ class ComposeV1Builder(base.BaseBuilder):
# stop_signal
# volume_driver
# cpu_quota
# cpuset
# domainname
# hostname
# mac_address

10
paunch/builder/podman.py
View File

@ -13,6 +13,7 @@
import os
from paunch.builder import base
from paunch.utils import common
class PodmanBuilder(base.BaseBuilder):
@ -93,6 +94,15 @@ class PodmanBuilder(base.BaseBuilder):
for extra_host in cconfig.get('extra_hosts', []):
if extra_host:
cmd.append('--add-host=%s' % extra_host)
if 'cpuset_cpus' in cconfig:
# 'all' is a special value to directly configure all CPUs
# that are available.
if cconfig['cpuset_cpus'] == 'all':
cmd.append('--cpuset-cpus=%s' % common.get_all_cpus())
else:
cmd.append('--cpuset-cpus=%s' % cconfig['cpuset_cpus'])
else:
cmd.append('--cpuset-cpus=%s' % common.get_cpus_allowed_list())
self.string_arg(cconfig, cmd,
'stop_grace_period', '--stop-timeout',

72
paunch/tests/test_builder_base.py
View File

@ -25,7 +25,8 @@ from paunch.tests import base
class TestBaseBuilder(base.TestCase):
def test_apply(self):
@mock.patch("psutil.Process.cpu_affinity", return_value=[0, 1, 2, 3])
def test_apply(self, mock_cpu):
orig_call = tenacity.wait.wait_random_exponential.__call__
orig_argspec = inspect.getargspec(orig_call)
config = {
@ -139,7 +140,8 @@ class TestBaseBuilder(base.TestCase):
'--label', 'container_name=one',
'--label', 'managed_by=tester',
'--label', 'config_data=%s' % json.dumps(config['one']),
'--detach=true', 'centos:7'], mock.ANY
'--detach=true', '--cpuset-cpus=0,1,2,3',
'centos:7'], mock.ANY
),
# run two
mock.call(
@ -148,7 +150,8 @@ class TestBaseBuilder(base.TestCase):
'--label', 'container_name=two',
'--label', 'managed_by=tester',
'--label', 'config_data=%s' % json.dumps(config['two']),
'--detach=true', 'centos:7'], mock.ANY
'--detach=true', '--cpuset-cpus=0,1,2,3',
'centos:7'], mock.ANY
),
# run three
mock.call(
@ -157,7 +160,8 @@ class TestBaseBuilder(base.TestCase):
'--label', 'container_name=three',
'--label', 'managed_by=tester',
'--label', 'config_data=%s' % json.dumps(config['three']),
'--detach=true', 'centos:6'], mock.ANY
'--detach=true', '--cpuset-cpus=0,1,2,3',
'centos:6'], mock.ANY
),
# run four
mock.call(
@ -166,7 +170,8 @@ class TestBaseBuilder(base.TestCase):
'--label', 'container_name=four',
'--label', 'managed_by=tester',
'--label', 'config_data=%s' % json.dumps(config['four']),
'--detach=true', 'centos:7'], mock.ANY
'--detach=true', '--cpuset-cpus=0,1,2,3',
'centos:7'], mock.ANY
),
# execute within four
mock.call(
@ -174,7 +179,8 @@ class TestBaseBuilder(base.TestCase):
),
])
def test_apply_idempotency(self):
@mock.patch("psutil.Process.cpu_affinity", return_value=[0, 1, 2, 3])
def test_apply_idempotency(self, mock_cpu):
config = {
# not running yet
'one': {
@ -295,7 +301,8 @@ three-12345678 three''', '', 0),
'--label', 'container_name=one',
'--label', 'managed_by=tester',
'--label', 'config_data=%s' % json.dumps(config['one']),
'--detach=true', 'centos:7'], mock.ANY
'--detach=true', '--cpuset-cpus=0,1,2,3',
'centos:7'], mock.ANY
),
# run two
mock.call(
@ -304,7 +311,8 @@ three-12345678 three''', '', 0),
'--label', 'container_name=two',
'--label', 'managed_by=tester',
'--label', 'config_data=%s' % json.dumps(config['two']),
'--detach=true', 'centos:7'], mock.ANY
'--detach=true', '--cpuset-cpus=0,1,2,3',
'centos:7'], mock.ANY
),
# don't run three, its already running
# run four
@ -314,7 +322,8 @@ three-12345678 three''', '', 0),
'--label', 'container_name=four',
'--label', 'managed_by=tester',
'--label', 'config_data=%s' % json.dumps(config['four']),
'--detach=true', 'centos:7'], mock.ANY
'--detach=true', '--cpuset-cpus=0,1,2,3',
'centos:7'], mock.ANY
),
# execute within four
mock.call(
@ -450,7 +459,8 @@ three-12345678 three''', '', 0),
self.assertIn(arg, cmd)
@mock.patch('os.path.exists')
def test_container_run_args_lists(self, path_exists):
@mock.patch("psutil.Process.cpu_affinity", return_value=[0, 1, 2, 3])
def test_container_run_args_lists(self, mock_cpu, path_exists):
path_exists.return_value = True
config = {
'one': {
@ -483,6 +493,48 @@ three-12345678 three''', '', 0),
'--group-add=docker', '--group-add=zuul',
'--volume=/foo:/foo:rw', '--volume=/bar:/bar:ro',
'--volumes-from=two', '--volumes-from=three',
'--cpuset-cpus=0,1,2,3',
'--cap-add=SYS_ADMIN', '--cap-add=SETUID', '--cap-drop=NET_RAW',
'centos:7', 'ls', '-l', '/foo'],
cmd
)
@mock.patch('os.path.exists')
def test_container_run_args_lists_with_cpu(self, path_exists):
path_exists.return_value = True
config = {
'one': {
'image': 'centos:7',
'detach': False,
'command': 'ls -l /foo',
'remove': True,
'tty': True,
'interactive': True,
'environment': ['FOO=BAR', 'BAR=BAZ'],
'env_file': ['/tmp/foo.env', '/tmp/bar.env'],
'ulimit': ['nofile=1024', 'nproc=1024'],
'volumes': ['/foo:/foo:rw', '/bar:/bar:ro'],
'volumes_from': ['two', 'three'],
'group_add': ['docker', 'zuul'],
'cap_add': ['SYS_ADMIN', 'SETUID'],
'cap_drop': ['NET_RAW'],
'cpuset_cpus': '0-2',
}
}
builder = compose1.ComposeV1Builder('foo', config, None)
cmd = ['docker', 'run', '--name', 'one']
builder.container_run_args(cmd, 'one')
self.assertEqual(
['docker', 'run', '--name', 'one',
'--env-file=/tmp/foo.env', '--env-file=/tmp/bar.env',
'--env=FOO=BAR', '--env=BAR=BAZ',
'--rm', '--interactive', '--tty',
'--ulimit=nofile=1024', '--ulimit=nproc=1024',
'--group-add=docker', '--group-add=zuul',
'--volume=/foo:/foo:rw', '--volume=/bar:/bar:ro',
'--volumes-from=two', '--volumes-from=three',
'--cpuset-cpus=0-2',
'--cap-add=SYS_ADMIN', '--cap-add=SETUID', '--cap-drop=NET_RAW',
'centos:7', 'ls', '-l', '/foo'],
cmd

18
paunch/tests/test_builder_compose1.py
View File

@ -19,7 +19,9 @@ from paunch.tests import test_builder_base as tbb
class TestComposeV1Builder(tbb.TestBaseBuilder):
def test_cont_run_args(self):
@mock.patch("psutil.Process.cpu_affinity", return_value=[0, 1, 2, 3])
def test_cont_run_args(self, mock_cpu):
config = {
'one': {
'image': 'centos:7',
@ -74,13 +76,15 @@ class TestComposeV1Builder(tbb.TestBaseBuilder):
'--hostname=foohostname',
'--add-host=foohost:127.0.0.1',
'--add-host=barhost:127.0.0.2',
'--cpuset-cpus=0,1,2,3',
'--cap-add=SYS_ADMIN', '--cap-add=SETUID', '--cap-drop=NET_RAW',
'centos:7'],
cmd
)
@mock.patch('os.path.exists')
def test_cont_run_args_validation_true(self, path_exists):
@mock.patch("psutil.Process.cpu_affinity", return_value=[0, 1, 2, 3])
def test_cont_run_args_validation_true(self, mock_cpu, path_exists):
path_exists.return_value = True
config = {
'one': {
@ -94,12 +98,15 @@ class TestComposeV1Builder(tbb.TestBaseBuilder):
self.assertTrue(builder.container_run_args(cmd, 'one'))
self.assertEqual(
['docker', '--detach=true',
'--volume=/foo:/foo:rw', '--volume=/bar:/bar:ro', 'foo'],
'--volume=/foo:/foo:rw', '--volume=/bar:/bar:ro',
'--cpuset-cpus=0,1,2,3',
'foo'],
cmd
)
@mock.patch('os.path.exists')
def test_cont_run_args_validation_false(self, path_exists):
@mock.patch("psutil.Process.cpu_affinity", return_value=[0, 1, 2, 3])
def test_cont_run_args_validation_false(self, mock_cpu, path_exists):
path_exists.return_value = False
config = {
'one': {
@ -113,6 +120,7 @@ class TestComposeV1Builder(tbb.TestBaseBuilder):
self.assertFalse(builder.container_run_args(cmd, 'one'))
self.assertEqual(
['docker', '--detach=true',
'--volume=/foo:/foo:rw', '--volume=/bar:/bar:ro', 'foo'],
'--volume=/foo:/foo:rw', '--volume=/bar:/bar:ro',
'--cpuset-cpus=0,1,2,3', 'foo'],
cmd
)

7
paunch/tests/test_builder_podman.py
View File

@ -12,12 +12,16 @@
# License for the specific language governing permissions and limitations
# under the License.
import mock
from paunch.builder import podman
from paunch.tests import test_builder_base as base
class TestPodmanBuilder(base.TestBaseBuilder):
def test_cont_run_args(self):
@mock.patch("psutil.Process.cpu_affinity", return_value=[0, 1, 2, 3])
def test_cont_run_args(self, mock_cpu):
config = {
'one': {
'image': 'centos:7',
@ -63,6 +67,7 @@ class TestPodmanBuilder(base.TestBaseBuilder):
'--hostname=foohostname',
'--add-host=foohost:127.0.0.1',
'--add-host=barhost:127.0.0.2',
'--cpuset-cpus=0,1,2,3',
'--cap-add=SYS_ADMIN', '--cap-add=SETUID', '--cap-drop=NET_RAW',
'centos:7'],
cmd

34
paunch/tests/test_utils_common.py Normal file
View File

@ -0,0 +1,34 @@
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import mock
from paunch.tests import base
from paunch.utils import common
class TestUtilsCommon(base.TestCase):
@mock.patch("psutil.Process.cpu_affinity", return_value=[0, 1, 2, 3])
def test_get_cpus_allowed_list(self, mock_cpu):
expected_list = '0,1,2,3'
actual_list = common.get_cpus_allowed_list()
self.assertEqual(actual_list, expected_list)
@mock.patch("psutil.cpu_count", return_value=4)
def test_get_all_cpus(self, mock_cpu):
expected_list = '0-3'
actual_list = common.get_all_cpus()
self.assertEqual(actual_list, expected_list)

17
paunch/utils/common.py
View File

@ -15,6 +15,7 @@
import logging
import os
import psutil
import sys
from paunch import constants
@ -64,3 +65,19 @@ def configure_logging_from_args(name, app_args):
log = utils.common.configure_logging(
__name__, log_level, log_file)
return (log, log_file, log_level)
def get_cpus_allowed_list(**args):
"""Returns the process's Cpus_allowed on which CPUs may be scheduled.
:return: Value for Cpus_allowed, e.g. '0-3'
"""
return ','.join([str(c) for c in psutil.Process().cpu_affinity()])
def get_all_cpus(**args):
"""Returns a single list of all CPUs.
:return: Value computed by psutil, e.g. '0-3'
"""
return "0-" + str(psutil.cpu_count() - 1)

1
requirements.txt
View File

@ -7,3 +7,4 @@ pbr>=2.0.0,!=2.1.0 # Apache-2.0
cliff>=2.6.0 # Apache-2.0
tenacity>=3.2.1 # Apache-2.0
jmespath>=0.9.0 # MIT
psutil>=3.2.2 # BSD