Dynamically Managing Container Resources (syscontainer-tools)

Resources in common containers cannot be managed. For example, a block device cannot be added to a common container, and a physical or virtual NIC cannot be inserted to a common container. In the system container scenario, the syscontainer-tools can be used to dynamically mount or unmount block devices, network devices, routes, and volumes for containers.

To use this function, you need to install the syscontainer-tools first.

[root@localhost ~]# yum install syscontainer-tools

Device Management

Function Description

isulad-tools allows you to add block devices (such as disks and logical volume managers) or character devices (such as GPUs, binners, and FUSEs) on the host to a container. The devices can be used in the container. For example, you can run the fdisk command to format the disk and write data to the file system. If the devices are not required, isulad-tools allows you to delete them from the container and return them to the host.

Command Format

isulad-tools [COMMADN][OPTIONS] <container_id> [ARG...]

In the preceding format:

COMMAND: command related to device management.

OPTIONS: option supported by the device management command.

container_id: container ID.

ARG: parameter corresponding to the command.

Parameter Description

Command

Function Description

Option Description

Parameter Description

add-device

Adds block devices or character devices on the host to a container.

Supported options are as follows:

  • --blkio-weight-device: sets the I/O weight (relative weight, ranging from 10 to 100) of a block device.
  • --device-read-bps: sets the read rate limit for the block device (byte/s).
  • --device-read-iops: sets the read rate limit for the block device (I/O/s).
  • --device-write-bps: sets the write rate limit for the block device (byte/s).
  • --device-write-iops: sets the write rate limit for the block device (I/O/s).
  • --follow-partition: If a block device is a basic block device (primary SCSI block disk), set this parameter to add all partitions of the primary disk.
  • --force: If any block device or character device already exists in the container, use this parameter to overwrite the old block device or character device files.
  • --update-config-only: updates configuration files only and does not add disks.

Parameter format: hostdevice[:containerdevice][:permission] [hostdevice[:containerdevice][:permission]]

In the preceding format:

hostdevice: path on the host for storing a device.

containerdevice: path on the container for storing a device.

permission: operation permission on a device within the container.

remove-device

Deletes block devices or character devices from a container and restores them to the host.

Supported options are as follows:

--follow-partition: If a block device is a basic block device (primary SCSI block disk), set this parameter to delete all partitions of the primary disk in the container, and restore them to the host.

Parameter format: hostdevice[:containerdevice] [hostdevice[:containerdevice]]

In the preceding format:

hostdevice: path on the host for storing a device.

containerdevice: path on the container for storing a device.

list-device

Lists all block devices or character devices in a container.

Supported options are as follows:

  • --pretty: outputs data in JSON format.
  • --sub-partition: For a primary disk, add this flag to display the primary disk and its sub-partitions.

None

update-device

Updates the disk QoS.

Supported options are as follows:

  • --device-read-bps: sets the read rate limit for the block device (byte/s). You are advised to set this parameter to a value greater than or equal to 1024.
  • --device-read-iops: sets the read rate limit for the block device (I/O/s).
  • --device-write-bps: sets the write rate limit for the block device (byte/s). You are advised to set this parameter to a value greater than or equal to 1024.
  • --device-write-iops: sets the write rate limit for the block device (I/O/s).

None

Constraints

  • You can add or delete devices when container instances are not running. After the operation is complete, you can start the container to view the device status. You can also dynamically add a device when the container is running.
  • Do not concurrently run the fdisk command to format disks in a container and on the host. Otherwise, the container disk usage will be affected.
  • When you run the add-device command to add a disk to a specific directory of a container, if the parent directory in the container is a multi-level directory (for example, /dev/a/b/c/d/e) and the directory level does not exist, isulad-tools will automatically create the corresponding directory in the container. When the disk is deleted, the created parent directory is not deleted. If you run the add-device command to add a device to this parent directory again, a message is displayed, indicating that a device already exists and cannot be added.
  • When you run the** add-device** command to add a disk or update disk parameters, you need to configure the disk QoS. Do not set the write or read rate limit for the block device (I/O/s or byte/s) to a small value. If the value is too small, the disk may be unreadable (the actual reason is the speed is too slow), affecting service functions.
  • When you run the –blkio-weight-device command to limit the weight of a specified block device, if the block device supports only the BFQ mode, an error may be reported, prompting you to check whether the current OS environment supports setting the weight of the BFQ block device.

Example

  • Start a system container, and set hook spec to the isulad hook execution script.

    [root@localhost ~]# isula run -tid --hook-spec /etc/isulad-tools/hookspec.json --system-container --external-rootfs /root/root-fs none init
    eed1096c8c7a0eca6d92b1b3bc3dd59a2a2adf4ce44f18f5372408ced88f8350
    
  • Add a block device to a container.

    [root@localhost ~]# isulad-tools add-device ee /dev/sdb:/dev/sdb123
    Add device (/dev/sdb) to container(ee,/dev/sdb123) done.
    [root@localhost ~]# isula exec ee fdisk -l /dev/sdb123
    Disk /dev/sdb123: 50 GiB, 53687091200 bytes, 104857600 sectors
    Units: sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disklabel type: dos
    Disk identifier: 0xda58a448
    
    Device        Boot Start       End   Sectors Size Id Type
    /dev/sdb123p1       2048 104857599 104855552  50G  5 Extended
    /dev/sdb123p5       4096 104857599 104853504  50G 83 Linux
    
  • Update the device information.

    [root@localhost ~]# isulad-tools update-device --device-read-bps /dev/sdb:10m ee
    Update read bps for device (/dev/sdb,10485760) done.
    
  • Delete a device.

    [root@localhost ~]# isulad-tools remove-device ee /dev/sdb:/dev/sdb123
    Remove device (/dev/sdb) from container(ee,/dev/sdb123) done.
    Remove read bps for device (/dev/sdb) done.
    

NIC Management

Function Description

isulad-tools allows you to insert physical or virtual NICs on the host to a container. If the NICs are not required, isulad-tools allows you to delete them from the container and return them to the host. In addition, the NIC configurations can be dynamically modified. To insert a physical NIC, add the NIC on the host to the container. To insert a virtual NIC, create a veth pair and insert its one end to the container.

Command Format

isulad-tools [COMMADN][OPTIONS] <container_id>

In the preceding format:

COMMAND: command related to NIC management.

OPTIONS: option supported by the NIC management command.

container_id: container ID.

Parameter Description

Command

Function Description

Option Description

add-nic

Creates an NIC for a container.

Supported options are as follows:

  • --type: specifies the NIC type. Only eth and veth are supported.
  • --name: specifies the NIC name. The format is [host:]container. If host is not specified, a random value is used.
  • --ip: specifies the NIC IP address.
  • --mac: specifies the NIC MAC address.
  • --bridge: specifies the network bridge bound to the NIC.
  • --mtu: specifies the MTU value of the NIC. The default value is 1500.
  • --update-config-only: If this flag is set, only configuration files are updated and NICs are not added.
  • --qlen: specifies the value of QLEN. The default value is 1000.

remove-nic

Deletes NICs from a container and restores them to the host.

Supported options are as follows:

  • --type: specifies the NIC type.
  • --name: specifies the name of the NIC. The format is [host:]container.

list-nic

Lists all NICs in a container.

Supported options are as follows:

  • --pretty: outputs data in JSON format.
  • --filter: outputs filtered data in the specific format, for example, --filter' {"ip":"192.168.3.4/24", "Mtu":1500}'.

update-nic

Modifies configuration parameters of a specified NIC in a container.

Supported options are as follows:

  • --name: specifies the name of the NIC in the container. This parameter is mandatory.
  • --ip: specifies the NIC IP address.
  • --mac: specifies the NIC MAC address.
  • --bridge: specifies the network bridge bound to the NIC.
  • --mtu: specifies the MTU value of the NIC.
  • --update-config-only: If this flag is set, configuration files are updated and NICs are not updated.
  • --qlen: specifies the value of QLEN.

Constraints

  • Physical NICs (eth) and virtual NICs (veth) can be added.
  • When adding a NIC, you can also configure the NIC. The configuration parameters include –ip, –mac, –bridge, –mtu, –qlen.
  • A maximum of eight physical NICs can be added to a container.
  • If you run the isulad-tools add-nic command to add an eth NIC to a container and do not add a hook, you must manually delete the NIC before the container exits. Otherwise, the name of the eth NIC on the host will be changed to the name of that in the container.
  • For a physical NIC (except 1822 VF NIC), use the original MAC address when running the add-nic command. Do not change the MAC address in the container, or when running the update-nic command.
  • When using the isulad-tools add-nic command, set the MTU value. The value range depends on the NIC model.
  • When using isulad-tools to add NICs and routes to containers, you are advised to run the add-nic command to add NICs and then run the add-route command to add routes. When using isulad-tools to delete NICs and routes from a container, you are advised to run the remove-route command to delete routes and then run the remove-nic command to delete NICs.
  • When using isulad-tools to add NICs, add a NIC to only one container.

Example

  • Start a system container, and set hook spec to the isulad hook execution script.

    [root@localhost ~]# isula run -tid --hook-spec /etc/isulad-tools/hookspec.json --system-container --external-rootfs /root/root-fs none init
    2aaca5c1af7c872798dac1a468528a2ccbaf20b39b73fc0201636936a3c32aa8
    
  • Add a virtual NIC to a container.

    [root@localhost ~]# isulad-tools add-nic --type "veth" --name abc2:bcd2 --ip 172.17.28.5/24 --mac 00:ff:48:13:xx:xx --bridge docker0 2aaca5c1af7c
    Add network interface to container 2aaca5c1af7c (bcd2,abc2) done  
    
  • Add a physical NIC to a container.

    [root@localhost ~]# isulad-tools add-nic --type "eth" --name eth3:eth1 --ip 172.17.28.6/24  --mtu 1300  --qlen 2100 2aaca5c1af7c
    Add network interface to container 2aaca5c1af7c (eth3,eth1) done
    

    NOTE:
    When adding a virtual or physical NIC, ensure that the NIC is in the idle state. Adding a NIC in use will disconnect the system network.

Route Management

Function Description

isulad-tools can be used to dynamically add or delete routing tables for system containers.

Command Format

isulad-tools [COMMADN][OPTIONS] <container_id> [ARG...]

In the preceding format:

COMMAND: command related to route management.

OPTIONS: option supported by the route management command.

container_id: container ID.

ARG: parameter corresponding to the command.

API Description

Command

Function Description

Option Description

Parameter Description

add-route

Adds the network routing rules to a container.

Supported options are as follows:

--update-config-only: If this parameter is configured, configuration files are updated and routing tables are not updated.

Parameter format: [{rule1},{rule2}]

Example of rule:

'[{"dest":"default", "gw":"192.168.10.1"},{"dest":"192.168.0.0/16","dev":"eth0","src":"192.168.1.2"}]'

  • dest: target network. If this parameter is left blank, the default gateway is used.
  • src: source IP address of a route.
  • gw: route gateway.
  • dev: network device.

remove-route

Deletes a route from a container.

Supported options are as follows:

--update-config-only: If this parameter is configured, only configuration files are updated and routes are not deleted from the container.

Parameter format: [{rule1},{rule2}]

Example of rule:

'[{"dest":"default", "gw":"192.168.10.1"},{"dest":"192.168.0.0/16","dev":"eth0","src":"192.168.1.2"}]'

  • dest: target network. If this parameter is left blank, the default gateway is used.
  • src: source IP address of a route.
  • gw: route gateway.
  • dev: network device.

list-route

Lists all routing rules in a container.

Supported options are as follows:

  • --pretty: outputs data in JSON format.
  • --filter: outputs filtered data in the specific format, for example, --filter' {"ip":"192.168.3.4/24", "Mtu":1500}'.

None

Constraints

  • When using isulad-tools to add NICs and routes to containers, you are advised to run the add-nic command to add NICs and then run the add-route command to add routes. When using isulad-tools to delete NICs and routes from a container, you are advised to run the remove-route command to delete routes and then run the remove-nic command to delete NICs.
  • When adding a routing rule to a container, ensure that the added routing rule does not conflict with existing routing rules in the container.

Example

  • Start a system container, and set hook spec to the isulad hook execution script.

    [root@localhost ~]# isula run -tid --hook-spec /etc/isulad-tools/hookspec.json --system-container --external-rootfs /root/root-fs none init
    0d2d68b45aa0c1b8eaf890c06ab2d008eb8c5d91e78b1f8fe4d37b86fd2c190b
    
  • Use isulad-tools to add a physical NIC to the system container.

    [root@localhost ~]# isulad-tools add-nic --type "eth" --name enp4s0:eth123 --ip 172.17.28.6/24  --mtu 1300  --qlen 2100 0d2d68b45aa0
    Add network interface (enp4s0) to container (0d2d68b45aa0,eth123) done
    
  • isulad-tools adds a routing rule to the system container. Format example: [{“dest”:“default”, “gw”:“192.168.10.1”},{“dest”:“192.168.0.0/16”,“dev”:“eth0”,“src”:“192.168.1.2”}]. If dest is left blank, its value will be default.

    [root@localhost ~]# isulad-tools add-route 0d2d68b45aa0 '[{"dest":"172.17.28.0/32", "gw":"172.17.28.5","dev":"eth123"}]'
    Add route to container 0d2d68b45aa0, route: {dest:172.17.28.0/32,src:,gw:172.17.28.5,dev:eth123} done
    
  • Check whether a routing rule is added in the container.

    [root@localhost ~]# isula exec -it 0d2d68b45aa0 route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    172.17.28.0     172.17.28.5     255.255.255.255 UGH   0      0        0 eth123
    172.17.28.0     0.0.0.0         255.255.255.0   U     0      0        0 eth123
    

Volume Mounting Management

Function Description

In a common container, you can set the –volume parameter during container creation to mount directories or volumes of the host to the container for resource sharing. However, during container running, you cannot unmount directories or volumes that are mounted to the container, or mount directories or volumes of the host to the container. Only the system container can use the isulad-tools tool to dynamically mount directories or volumes of the host to the container and unmount directories or volumes from the container.

Command Format

isulad-tools [COMMADN][OPTIONS] <container_id> [ARG...]

In the preceding format:

COMMAND: command related to route management.

OPTIONS: option supported by the route management command.

container_id: container ID.

ARG: parameter corresponding to the command.

API Description

Table 1   

Command

Function Description

Option Description

Parameter Description

add-path

Adds files or directories on the host to a container.

None

The parameter format is as follows:

hostpath:containerpath:permission [hostpath:containerpath:permission ...]

In the preceding format:

hostpath: path on the host for storing a volume.

containerpath: path on the container for storing a volume.

permission: operation permission on a mount path within the container.

remove-path

Deletes directories or files from the container and restores them to the host.

None

Parameter format: hostpath:containerpath[hostpath:containerpath ]

In the preceding format:

hostpath: path on the host for storing a volume.

containerpath: path on the container for storing a volume.

list-path

Lists all path directories in a container.

Supported options are as follows:

--pretty: outputs data in JSON format.

None

Constraints

  • When running the add-path command, specify an absolute path as the mount path.
  • The mount point /.sharedpath is generated on the host after the mount path is specified by running the add-path command.
  • A maximum of 128 volumes can be added to a container.
  • Do not overwrite the root directory (/) in a container with the host directory by running the add-path command. Otherwise, the function is affected.

Example

  • Start a system container, and set hook spec to the isulad hook execution script.

    [root@localhost ~]# isula run -tid --hook-spec /etc/isulad-tools/hookspec.json --system-container --external-rootfs /root/root-fs none init
    e45970a522d1ea0e9cfe382c2b868d92e7b6a55be1dd239947dda1ee55f3c7f7
    
  • Use isulad-tools to mount a directory on the host to a container, implementing resource sharing.

    [root@localhost ~]# isulad-tools add-path e45970a522d1 /home/test123:/home/test123
    Add path (/home/test123) to container(e45970a522d1,/home/test123) done.
    
  • Create a file in the /home/test123 directory on the host and check whether the file can be accessed in the container.

    [root@localhost ~]# echo "hello world" > /home/test123/helloworld
    [root@localhost ~]# isula exec e45970a522d1 bash
    [root@localhost /]# cat /home/test123/helloworld
    hello world
    
  • Use isulad-tools to delete the mount directory from the container.

    [root@localhost ~]# isulad-tools remove-path e45970a522d1 /home/test123:/home/test123
    Remove path (/home/test123) from container(e45970a522d1,/home/test123) done
    [root@localhost ~]# isula exec e45970a522d1 bash
    [root@localhost /]# ls /home/test123/helloworld
    ls: cannot access '/home/test123/helloworld': No such file or directory
    
Rating

search results about are found