Skip to content

Commit

Permalink
config: Support for sysctl configuration (#82) (#83)
Browse files Browse the repository at this point in the history
  • Loading branch information
towe75 authored Jan 23, 2021
1 parent 228fa51 commit 64d9535
Show file tree
Hide file tree
Showing 5 changed files with 66 additions and 5 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## Unreleased

* config: Support for sysctl configuration [[GH-82](https://github.com/hashicorp/nomad-driver-podman/issues/82)]

## 0.2.0

FEATURES:
Expand Down
10 changes: 10 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,16 @@ config {
}
```

* **sysctl** - (Optional) A key-value map of sysctl configurations to set to the containers on start.

```
config {
sysctl = {
"net.core.somaxconn" = "16384"
}
}
```

## Example job

```
Expand Down
2 changes: 2 additions & 0 deletions config.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ var (
"network_mode": hclspec.NewAttr("network_mode", "string", false),
"port_map": hclspec.NewAttr("port_map", "list(map(number))", false),
"ports": hclspec.NewAttr("ports", "list(string)", false),
"sysctl": hclspec.NewAttr("sysctl", "list(map(string))", false),
"tmpfs": hclspec.NewAttr("tmpfs", "list(string)", false),
"volumes": hclspec.NewAttr("volumes", "list(string)", false),
})
Expand Down Expand Up @@ -96,6 +97,7 @@ type TaskConfig struct {
MemorySwappiness int64 `codec:"memory_swappiness"`
PortMap hclutils.MapStrInt `codec:"port_map"`
Ports []string `codec:"ports"`
Sysctl hclutils.MapStrStr `codec:"sysctl"`
Tmpfs []string `codec:"tmpfs"`
Volumes []string `codec:"volumes"`
CapAdd []string `codec:"cap_add"`
Expand Down
1 change: 1 addition & 0 deletions driver.go
Original file line number Diff line number Diff line change
Expand Up @@ -359,6 +359,7 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
createOpts.ContainerBasicConfig.Command = allArgs
createOpts.ContainerBasicConfig.Env = cfg.Env
createOpts.ContainerBasicConfig.Hostname = driverConfig.Hostname
createOpts.ContainerBasicConfig.Sysctl = driverConfig.Sysctl

createOpts.ContainerBasicConfig.LogConfiguration.Path = cfg.StdoutPath

Expand Down
54 changes: 49 additions & 5 deletions driver_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1106,8 +1106,8 @@ func TestPodmanDriver_DefaultCaps(t *testing.T) {

// a default container should not have SYS_TIME
require.NotContains(t, inspectData.EffectiveCaps, "CAP_SYS_TIME")
// a default container gets MKNOD cap
require.Contains(t, inspectData.EffectiveCaps, "CAP_MKNOD")
// a default container gets CHOWN cap
require.Contains(t, inspectData.EffectiveCaps, "CAP_CHOWN")
}

// check modified capabilities (CapAdd/CapDrop)
Expand All @@ -1120,14 +1120,14 @@ func TestPodmanDriver_Caps(t *testing.T) {
// cap_drop = [
// "MKNOD",
// ]
taskCfg.CapDrop = []string{"MKNOD"}
taskCfg.CapDrop = []string{"CHOWN"}

inspectData := startDestroyInspect(t, taskCfg, "caps")

// we added SYS_TIME, so we should see it in inspect
require.Contains(t, inspectData.EffectiveCaps, "CAP_SYS_TIME")
// we dropped CAP_MKNOD, so we should NOT see it in inspect
require.NotContains(t, inspectData.EffectiveCaps, "CAP_MKNOD")
// we dropped CAP_CHOWN, so we should NOT see it in inspect
require.NotContains(t, inspectData.EffectiveCaps, "CAP_CHOWN")
}

// check dns server configuration
Expand Down Expand Up @@ -1297,6 +1297,50 @@ func TestPodmanDriver_SignalTask(t *testing.T) {
}
}

func TestPodmanDriver_Sysctl(t *testing.T) {
if !tu.IsCI() {
t.Parallel()
}

// set a uncommon somaxconn value and echo the effective
// in-container value
taskCfg := newTaskConfig("", []string{
"sysctl",
"net.core.somaxconn",
})
taskCfg.Sysctl = map[string]string{"net.core.somaxconn": "12321"}
task := &drivers.TaskConfig{
ID: uuid.Generate(),
Name: "sysctl",
AllocID: uuid.Generate(),
Resources: createBasicResources(),
}
require.NoError(t, task.EncodeConcreteDriverConfig(&taskCfg))

d := podmanDriverHarness(t, nil)
cleanup := d.MkAllocDir(task, true)
defer cleanup()

_, _, err := d.StartTask(task)
require.NoError(t, err)

defer d.DestroyTask(task.ID, true)

// Attempt to wait
waitCh, err := d.WaitTask(context.Background(), task.ID)
require.NoError(t, err)

select {
case <-waitCh:
case <-time.After(time.Duration(tu.TestMultiplier()*2) * time.Second):
t.Fatalf("Container did not exit in time")
}

tasklog := readLogfile(t, task)
require.Contains(t, tasklog, "net.core.somaxconn = 12321")

}

// read a tasks logfile into a string, fail on error
func readLogfile(t *testing.T, task *drivers.TaskConfig) string {
logfile := filepath.Join(filepath.Dir(task.StdoutPath), fmt.Sprintf("%s.stdout.0", task.Name))
Expand Down

0 comments on commit 64d9535

Please sign in to comment.