Merge pull request #532 from q384566678/generate-solaris

generator solaris application container configuration

Author: Ma Shimiao

cmd/oci-runtime-tool/generate.go

@@ -114,6 +114,13 @@ var generateFlags = []cli.Flag{
 	cli.IntFlag{Name: "process-uid", Usage: "uid for the process"},
 	cli.StringFlag{Name: "rootfs-path", Value: "rootfs", Usage: "path to the root filesystem"},
 	cli.BoolFlag{Name: "rootfs-readonly", Usage: "make the container's rootfs readonly"},
+	cli.StringSliceFlag{Name: "solaris-anet", Usage: "set up networking for Solaris application containers"},
+	cli.StringFlag{Name: "solaris-capped-cpu-ncpus", Usage: "Specifies the percentage of CPU usage"},
+	cli.StringFlag{Name: "solaris-capped-memory-physical", Usage: "Specifies the physical caps on the memory"},
+	cli.StringFlag{Name: "solaris-capped-memory-swap", Usage: "Specifies the swap caps on the memory"},
+	cli.StringFlag{Name: "solaris-limitpriv", Usage: "privilege limit"},
+	cli.StringFlag{Name: "solaris-max-shm-memory", Usage: "Specifies the maximum amount of shared memory"},
+	cli.StringFlag{Name: "solaris-milestone", Usage: "Specifies the SMF FMRI"},
 	cli.StringFlag{Name: "template", Usage: "base template to use for creating the configuration"},
 }
 
@@ -776,6 +783,42 @@ func setupSpec(g *generate.Generator, context *cli.Context) error {
 		}
 	}
 
+	if context.IsSet("solaris-anet") {
+		anets := context.StringSlice("solaris-anet")
+		for _, anet := range anets {
+			tmpAnet := rspec.SolarisAnet{}
+			if err := json.Unmarshal([]byte(anet), &tmpAnet); err != nil {
+				return err
+			}
+
+			g.AddSolarisAnet(tmpAnet)
+		}
+	}
+
+	if context.IsSet("solaris-capped-cpu-ncpus") {
+		g.SetSolarisCappedCPUNcpus(context.String("solaris-capped-cpu-ncpus"))
+	}
+
+	if context.IsSet("solaris-capped-memory-physical") {
+		g.SetSolarisCappedMemoryPhysical(context.String("solaris-capped-memory-physical"))
+	}
+
+	if context.IsSet("solaris-capped-memory-swap") {
+		g.SetSolarisCappedMemorySwap(context.String("solaris-capped-memory-swap"))
+	}
+
+	if context.IsSet("solaris-limitpriv") {
+		g.SetSolarisLimitPriv(context.String("solaris-limitpriv"))
+	}
+
+	if context.IsSet("solaris-max-shm-memory") {
+		g.SetSolarisMaxShmMemory(context.String("solaris-max-shm-memory"))
+	}
+
+	if context.IsSet("solaris-milestone") {
+		g.SetSolarisMilestone(context.String("solaris-milestone"))
+	}
+
 	err := addSeccomp(context, g)
 	return err
 }

completions/bash/oci-runtime-tool

@@ -383,6 +383,13 @@ _oci-runtime-tool_generate() {
 		--process-rlimits-remove
 		--process-uid
 		--rootfs-path
+		--solaris-anet
+		--solaris-capped-cpu-ncpus
+		--solaris-capped-memory-physical
+		--solaris-capped-memory-swap
+		--solaris-limitpriv1
+		--solaris-max-shm-memory
+		 --solaris-milestone
 		--template
 	"
 

generate/generate.go

@@ -1448,3 +1448,45 @@ func dropBlockIOThrottleDevice(tmpList []rspec.LinuxThrottleDevice, major int64,
 
 	return throttleDevices
 }
+
+// AddSolarisAnet adds network into g.spec.Solaris.Anet
+func (g *Generator) AddSolarisAnet(anet rspec.SolarisAnet) {
+	g.initSpecSolaris()
+	g.spec.Solaris.Anet = append(g.spec.Solaris.Anet, anet)
+}
+
+// SetSolarisCappedCPUNcpus sets g.spec.Solaris.CappedCPU.Ncpus
+func (g *Generator) SetSolarisCappedCPUNcpus(ncpus string) {
+	g.initSpecSolarisCappedCPU()
+	g.spec.Solaris.CappedCPU.Ncpus = ncpus
+}
+
+// SetSolarisCappedMemoryPhysical sets g.spec.Solaris.CappedMemory.Physical
+func (g *Generator) SetSolarisCappedMemoryPhysical(physical string) {
+	g.initSpecSolarisCappedMemory()
+	g.spec.Solaris.CappedMemory.Physical = physical
+}
+
+// SetSolarisCappedMemorySwap sets g.spec.Solaris.CappedMemory.Swap
+func (g *Generator) SetSolarisCappedMemorySwap(swap string) {
+	g.initSpecSolarisCappedMemory()
+	g.spec.Solaris.CappedMemory.Swap = swap
+}
+
+// SetSolarisLimitPriv sets g.spec.Solaris.LimitPriv
+func (g *Generator) SetSolarisLimitPriv(limitPriv string) {
+	g.initSpecSolaris()
+	g.spec.Solaris.LimitPriv = limitPriv
+}
+
+// SetSolarisMaxShmMemory sets g.spec.Solaris.MaxShmMemory
+func (g *Generator) SetSolarisMaxShmMemory(memory string) {
+	g.initSpecSolaris()
+	g.spec.Solaris.MaxShmMemory = memory
+}
+
+// SetSolarisMilestone sets g.spec.Solaris.Milestone
+func (g *Generator) SetSolarisMilestone(milestone string) {
+	g.initSpecSolaris()
+	g.spec.Solaris.Milestone = milestone
+}

generate/spec.go

@@ -121,3 +121,24 @@ func (g *Generator) initSpecLinuxResourcesPids() {
 		g.spec.Linux.Resources.Pids = &rspec.LinuxPids{}
 	}
 }
+
+func (g *Generator) initSpecSolaris() {
+	g.initSpec()
+	if g.spec.Solaris == nil {
+		g.spec.Solaris = &rspec.Solaris{}
+	}
+}
+
+func (g *Generator) initSpecSolarisCappedCPU() {
+	g.initSpecSolaris()
+	if g.spec.Solaris.CappedCPU == nil {
+		g.spec.Solaris.CappedCPU = &rspec.SolarisCappedCPU{}
+	}
+}
+
+func (g *Generator) initSpecSolarisCappedMemory() {
+	g.initSpecSolaris()
+	if g.spec.Solaris.CappedMemory == nil {
+		g.spec.Solaris.CappedMemory = &rspec.SolarisCappedMemory{}
+	}
+}

man/oci-runtime-tool-generate.1.md

@@ -447,6 +447,29 @@ read the configuration from `config.json`.
 
   By default a container will have its root filesystem writable allowing processes to write files anywhere.  By specifying the `--rootfs-readonly` flag the container will have its root filesystem mounted as read only prohibiting any writes.
 
+**--solaris-anet**=[]
+  Represents the automatic creation of a network resource for an application container
+  e.g. --solaris-anet '{"allowedAddress": "172.17.0.2/16","configureAllowedAddress": "true","linkname": "net0"}'
+
+**--solaris-capped-cpu-ncpus**=""
+  Specifies the percentage of CPU usage.
+  An ncpu value of 1 means 100% of a CPU, a value of 1.25 means 125%, .75 mean 75%, and so forth.
+
+**--solaris-capped-memory-physical**=""
+  Specifies the physical caps on the memory.
+
+**--solaris-capped-memory-swap**=""
+  Specifies the swap caps on the memory.
+
+**--solaris-limitpriv**=""
+  Sets privilege limit.
+
+**--solaris-max-shm-memory**=""
+  Sets the maximum amount of shared memory.
+
+**--solaris-milestone**=""
+  Sets the SMF FMRI.
+
 **--template**=PATH
   Override the default template with your own.
   Additional options will only adjust the relevant portions of your template.