pkg: oci: support OCI spec memory limit

[wcwxyz]

We should run VM(container) regarding OCI spec config.json memory limit.

Signed-off-by: WANG Chao [email protected]

--

This pull request resolves clearcontainers/runtime#381
The original patch is at clearcontainers/runtime#390

[coveralls]

Coverage remained the same at 66.502% when pulling a2fa066 on wcwxyz:per-container-memory into 58ebe95 on containers:master.

[sboeuf]

Please create instead a function:

func vmConfig(ocispec CompatOCISpec, runtime RuntimeConfig) (Resources, error) {
    ...
}

In case there is no memory limit defined by the config.json file, we fallback to what is provided by RuntimeConfig. Otherwise, we take the value provided by the config.json.

[wcwxyz]

Will do.

[sboeuf]

Make sure you gather all the statements together as they end up with the same result:

if ocispec.Linux == nil ||
   ocispec.Linux.Resources == nil ||
   ocispec.Linux.Resources.Memory == nil ||
   ocispec.Linux.Resources.Memory.Limit == nil {
	return nil
}

[wcwxyz]

Will do.

[sboeuf]

We don't need that much precision, I think this should be enough

mem := uint(memBytes / (1024 * 1024))

[wcwxyz]

I'm ok with less precision, because this is trivial.

But @grahamwhaley suggested that we should round up at clearcontainers/runtime#390 (comment). I just quoted here:

maybe we should round this up. Docker allows fine granularity (down to bytes). I think it is probably better we allocate more than requested rather than too little

@grahamwhaley what do you think now?

[grahamwhaley]

I still think rounding up is the technically right thing to do. I'd rather hand a container slightly more than requested, rather than artificially starve it. tbh though, the amount we are likely to drop as a % from not rounding up is tiny - given the smallest memory we can probably support might be 128m or so.
If we don't like the float math, we could do something integer like this to round up:

mem = (memBytes + ((1024*1024)-1))) / (1024*1024)

[sboeuf]

@grahamwhaley yes I like this one, you add 1MiB to make sure we round this up. My main concern was to avoid playing with float64 numbers whilst we don't really need that much precision.

[wcwxyz]

Thanks @grahamwhaley @sboeuf . I'll update the patch.

[sboeuf]

@wcwxyz Global question here, why do you use [RFC] prefix ? What does that mean ?

[wcwxyz]

@sboeuf It's Request For Comment, meaning the idea or design needs to be discussed or commented.

[sboeuf]

@wcwxyz oh okay, I didn't know. I think you can remove it since we consider every PR as something we want to review thoroughly :)

[wcwxyz]

@sboeuf Sure. Thanks for heads-up.

[grahamwhaley]

:-) RFC sort of comes from here: https://www.ietf.org/rfc.html, but funnily enough most of those RFCs pretty much become 'standards', but are still called RFCs :-)
Adding RFC here I think is fine, it is a common idiom - but, you should probably also add our 'do-not-merge' github label at the same time, to indicate this is something to discuss and work on and not to immediately merge, until agreement has been found.

[coveralls]

Coverage remained the same at 66.527% when pulling 551b0ec on wcwxyz:per-container-memory into af35aeb on containers:master.

[sboeuf]

Two tiny comments here.
Also, could you please add some unit tests for vmConfig().

[sboeuf]

We should check memBytes instead of mem, that's the one which could be negative. You should make this check right after you retrieved memBytes value.

[wcwxyz]

You're right. I missed this one while updating my code last time.

[sboeuf]

Assign directly VCPUs to config.VMConfig.VCPUs here. If we need to use a temporary variable for later, let's do that in a follow up patch.

[wcwxyz]

Sure. Will update.

[coveralls]

Coverage remained the same at 66.527% when pulling 1b02f69 on wcwxyz:per-container-memory into af35aeb on containers:master.

[sboeuf]

Thanks for the changes :)
LGTM