This diff includes a few of things:
1. A class for monitor quota usage and tearing down containers that exceed their limits.
2. A small C program for reporting quota usage. This is necessary because repquota
has several bugs that prevent us from using it to reliably check quota usage.
3. Small refactor that moves everything under the :quota config hash. This makes sense,
as we only need the uidpool if quota support is enabled.
Test plan:
- Existing unit tests pass
- New unit tests pass
Change-Id: I8dccd91bb4571f051c7a328d22436b77c6fb3f0c
This add plumbing for setting limits on containers. The syntax is:
limit <handle> <name> # Retrieve limit named <name>
limit <handle> <name> <limit>+ # Set limit named <name>
This diff also implements support for setting and retrieving disk usage
limits (enforced via quotas).
Test plan:
- All existing tests pass
- New tests pass.
Change-Id: I9b5d3c7ffdd22e06a2dcfd2605146a3a3ae48d23
This is in preparation for adding quota support to the LXC container.
If a uid pool is supplied the LXC container will now attempt to acquire a
uid for each container that is created. A WardenError will be raised in the
event that a uid cannot be acquired. Note that the uid is the same both inside
and outside the container in order to facilitate enforcement of disk quotas.
Test plan:
- All existing tests pass.
- New tests pass.
Change-Id: Ic509c0cd9e40275f92207d35bb9bfb943d700026
Instead of simply running commands in a fire and forget manner, we want
to optionally run rollback hooks to undo (or try to undo) the mutation
caused by the initial command. When a command halfway through the
sequence fails, it should execute a rollback for all commands up to the
failing one.
This is best-effort approach, as commands may irreversibly mutate global
state. It can therefore be seen best as an abstraction to a set of nested
begin/rescue/end blocks.
Change-Id: I5132a0135fce07c69760e77fa6517d28048a3a77
This also includes prep work for supporting execution environments that
are less secure than LXC. This is required for MCF, OSX, dev, etc.
Change-Id: I82ee0aef3dce60ea0f174598663b9d78ab89bb6c
Pieter Noordhuis
mpage