[lxc-devel] [lxd/master] Add limits to routed & tweak network list

stgraber on Github lxc-bot at linuxcontainers.org
Mon May 25 20:31:03 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200525/b2448436/attachment.bin>
-------------- next part --------------
From 464ce02658ce93f962485331317501665cd75c51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 25 May 2020 13:05:09 -0400
Subject: [PATCH 1/3] lxc/network: Add IPv4/IPv6 columns
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxc/network.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/lxc/network.go b/lxc/network.go
index 2c24635e5a..e86e50600b 100644
--- a/lxc/network.go
+++ b/lxc/network.go
@@ -855,7 +855,15 @@ func (c *cmdNetworkList) Run(cmd *cobra.Command, args []string) error {
 		}
 
 		strUsedBy := fmt.Sprintf("%d", len(network.UsedBy))
-		details := []string{network.Name, network.Type, strManaged, network.Description, strUsedBy}
+		details := []string{
+			network.Name,
+			network.Type,
+			strManaged,
+			network.Config["ipv4.address"],
+			network.Config["ipv6.address"],
+			network.Description,
+			strUsedBy,
+		}
 		if resource.server.IsClustered() {
 			details = append(details, strings.ToUpper(network.Status))
 		}
@@ -867,6 +875,8 @@ func (c *cmdNetworkList) Run(cmd *cobra.Command, args []string) error {
 		i18n.G("NAME"),
 		i18n.G("TYPE"),
 		i18n.G("MANAGED"),
+		i18n.G("IPV4"),
+		i18n.G("IPV6"),
 		i18n.G("DESCRIPTION"),
 		i18n.G("USED BY"),
 	}

From 6bc26a9ecbdd6fc918411476822c3185f22efefb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 25 May 2020 16:29:59 -0400
Subject: [PATCH 2/3] api: Add container_nic_routed_limits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 doc/api-extensions.md | 3 +++
 shared/version/api.go | 1 +
 2 files changed, 4 insertions(+)

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index dfb2c878fa..2361e704dd 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -1041,3 +1041,6 @@ It also introduces the following new endpoint:
 
 ## network\_dns\_search
 This introduces the `dns.search` config option on networks.
+
+## container\_nic\_routed\_limits
+This introduces `limits.ingress`, `limits.egress` and `limits.max` for routed NICs.
diff --git a/shared/version/api.go b/shared/version/api.go
index 975d0221cf..cecebe0847 100644
--- a/shared/version/api.go
+++ b/shared/version/api.go
@@ -211,6 +211,7 @@ var APIExtensions = []string{
 	"resources_system",
 	"images_push_relay",
 	"network_dns_search",
+	"container_nic_routed_limits",
 }
 
 // APIExtensionsCount returns the number of available API extensions.

From d56333ab8292a56daf9f98969c31219dc5b5cfd1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 25 May 2020 16:30:12 -0400
Subject: [PATCH 3/3] lxd/device/nic/routed: Add limits support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #7318

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 doc/instances.md         |  3 +++
 lxd/device/nic_routed.go | 36 ++++++++++++++++++++++++++++++++++--
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/doc/instances.md b/doc/instances.md
index 0991bd9c41..7d6328f504 100644
--- a/doc/instances.md
+++ b/doc/instances.md
@@ -474,6 +474,9 @@ name                    | string    | kernel assigned   | no        | The name o
 host\_name              | string    | randomly assigned | no        | The name of the interface inside the host
 mtu                     | integer   | parent MTU        | no        | The MTU of the new interface
 hwaddr                  | string    | randomly assigned | no        | The MAC address of the new interface
+limits.ingress          | string    | -                 | no        | I/O limit in bit/s for incoming traffic (various suffixes supported, see below)
+limits.egress           | string    | -                 | no        | I/O limit in bit/s for outgoing traffic (various suffixes supported, see below)
+limits.max              | string    | -                 | no        | Same as modifying both limits.ingress and limits.egress
 ipv4.address            | string    | -                 | no        | Comma delimited list of IPv4 static addresses to add to the instance
 ipv4.gateway            | string    | auto              | no        | Whether to add an automatic default IPv4 gateway, can be "auto" or "none"
 ipv4.host\_address      | string    | 169.254.0.1       | no        | The IPv4 address to add to the host-side veth interface.
diff --git a/lxd/device/nic_routed.go b/lxd/device/nic_routed.go
index 3aa0681338..15c0548b3d 100644
--- a/lxd/device/nic_routed.go
+++ b/lxd/device/nic_routed.go
@@ -23,7 +23,7 @@ type nicRouted struct {
 }
 
 func (d *nicRouted) CanHotPlug() (bool, []string) {
-	return false, []string{}
+	return false, []string{"limits.ingress", "limits.egress", "limits.max"}
 }
 
 // validateConfig checks the supplied config for correctness.
@@ -40,6 +40,9 @@ func (d *nicRouted) validateConfig(instConf instance.ConfigReader) error {
 		"hwaddr",
 		"host_name",
 		"vlan",
+		"limits.ingress",
+		"limits.egress",
+		"limits.max",
 		"ipv4.gateway",
 		"ipv6.gateway",
 		"ipv4.host_address",
@@ -292,14 +295,43 @@ func (d *nicRouted) setupParentSysctls(parentName string) error {
 	return nil
 }
 
+// Update returns an error as most devices do not support live updates without being restarted.
+func (d *nicRouted) Update(oldDevices deviceConfig.Devices, isRunning bool) error {
+	v := d.volatileGet()
+
+	// If instance is running, apply host side limits.
+	if isRunning {
+		err := d.validateEnvironment()
+		if err != nil {
+			return err
+		}
+
+		// Apply host-side limits.
+		d.config["host_name"] = v["host_name"]
+		err = networkSetVethLimits(d.config)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 // postStart is run after the instance is started.
 func (d *nicRouted) postStart() error {
 	v := d.volatileGet()
 
 	// If volatile host_name is defined (and it should be), then configure the host-side interface.
 	if v["host_name"] != "" {
+		// Apply host-side limits.
+		d.config["host_name"] = v["host_name"]
+		err := networkSetVethLimits(d.config)
+		if err != nil {
+			return err
+		}
+
 		// Attempt to disable IPv6 router advertisement acceptance.
-		err := util.SysctlSet(fmt.Sprintf("net/ipv6/conf/%s/accept_ra", v["host_name"]), "0")
+		err = util.SysctlSet(fmt.Sprintf("net/ipv6/conf/%s/accept_ra", v["host_name"]), "0")
 		if err != nil && !os.IsNotExist(err) {
 			return err
 		}

More information about the lxc-devel mailing list