feat: add cpu-rt-period and cpu-rt-runtime options in nerdctl create/run

Signed-off-by: Swagat Bora <[email protected]>

Author: swagatbora90

cmd/nerdctl/container/container_create.go

@@ -159,6 +159,14 @@ func createOptions(cmd *cobra.Command) (types.ContainerCreateOptions, error) {
 	if err != nil {
 		return opt, err
 	}
+	opt.CPURealtimePeriod, err = cmd.Flags().GetUint64("cpu-rt-period")
+	if err != nil {
+		return opt, err
+	}
+	opt.CPURealtimeRuntime, err = cmd.Flags().GetUint64("cpu-rt-runtime")
+	if err != nil {
+		return opt, err
+	}
 	opt.Memory, err = cmd.Flags().GetString("memory")
 	if err != nil {
 		return opt, err

cmd/nerdctl/container/container_run.go

@@ -166,6 +166,8 @@ func setCreateFlags(cmd *cobra.Command) {
 	cmd.Flags().Uint64("cpu-shares", 0, "CPU shares (relative weight)")
 	cmd.Flags().Int64("cpu-quota", -1, "Limit CPU CFS (Completely Fair Scheduler) quota")
 	cmd.Flags().Uint64("cpu-period", 0, "Limit CPU CFS (Completely Fair Scheduler) period")
+	cmd.Flags().Uint64("cpu-rt-period", 0, "Limit CPU real-time period in microseconds")
+	cmd.Flags().Uint64("cpu-rt-runtime", 0, "Limit CPU real-time runtime in microseconds")
 	// device is defined as StringSlice, not StringArray, to allow specifying "--device=DEV1,DEV2" (compatible with Podman)
 	cmd.Flags().StringSlice("device", nil, "Add a host device to the container")
 	// ulimit is defined as StringSlice, not StringArray, to allow specifying "--ulimit=ULIMIT1,ULIMIT2" (compatible with Podman)

cmd/nerdctl/container/container_run_cgroup_linux_test.go

@@ -668,3 +668,39 @@ func TestRunBlkioSettingCgroupV2(t *testing.T) {
 
 	testCase.Run(t)
 }
+
+func TestRunCPURealTimeSettingCgroupV1(t *testing.T) {
+	nerdtest.Setup()
+
+	testCase := &test.Case{
+		Description: "cpu-rt-runtime-and-period",
+		Require: require.All(
+			require.Not(nerdtest.CGroupV2),
+			nerdtest.Rootful,
+		),
+		Command: func(data test.Data, helpers test.Helpers) test.TestableCommand {
+			return helpers.Command("create", "--name", data.Identifier(),
+				"--cpu-rt-runtime", "950000",
+				"--cpu-rt-period", "1000000",
+				testutil.AlpineImage, "sleep", "infinity")
+		},
+		Cleanup: func(data test.Data, helpers test.Helpers) {
+			helpers.Anyhow("rm", "-f", data.Identifier())
+		},
+		Expected: func(data test.Data, helpers test.Helpers) *test.Expected {
+			return &test.Expected{
+				ExitCode: 0,
+				Output: expect.All(
+					func(stdout string, info string, t *testing.T) {
+						rtRuntime := helpers.Capture("inspect", "--format", "{{.HostConfig.CPURealtimeRuntime}}", data.Identifier())
+						rtPeriod := helpers.Capture("inspect", "--format", "{{.HostConfig.CPURealtimePeriod}}", data.Identifier())
+						assert.Assert(t, strings.Contains(rtRuntime, "950000"))
+						assert.Assert(t, strings.Contains(rtPeriod, "1000000"))
+					},
+				),
+			}
+		},
+	}
+
+	testCase.Run(t)
+}

docs/command-reference.md

@@ -203,6 +203,8 @@ Resource flags:
 - :whale: `--cpu-shares`: CPU shares (relative weight)
 - :whale: `--cpuset-cpus`: CPUs in which to allow execution (0-3, 0,1)
 - :whale: `--cpuset-mems`: Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems
+- :whale: `--cpu-rt-period`: Limit CPU real-time period in microseconds. Only supported with cgroup v1.
+- :whale: `--cpu-rt-runtime`: Limit CPU real-time runtime in microseconds. Only supported with cgroup v1.
 - :whale: `--memory`: Memory limit
 - :whale: `--memory-reservation`: Memory soft limit
 - :whale: `--memory-swap`: Swap limit equal to memory plus swap: '-1' to enable unlimited swap
@@ -419,10 +421,8 @@ IPFS flags:
 - :nerd_face: `--ipfs-address`: Multiaddr of IPFS API (default uses `$IPFS_PATH` env variable if defined or local directory `~/.ipfs`)
 
 Unimplemented `docker run` flags:
-    `--cpu-rt-*`, `--device-cgroup-rule`,
-    `--disable-content-trust`, `--expose`, `--health-*`, `--isolation`, `--no-healthcheck`,
-    `--link*`, `--publish-all`, `--storage-opt`,
-    `--userns`, `--volume-driver`
+    `--device-cgroup-rule`, `--disable-content-trust`, `--expose`, `--health-*`, `--isolation`, `--no-healthcheck`,
+    `--link*`, `--publish-all`, `--storage-opt`, `--userns`, `--volume-driver`
 
 ### :whale: :blue_square: nerdctl exec
 

pkg/api/types/container_types.go

@@ -114,6 +114,10 @@ type ContainerCreateOptions struct {
 	CPUSetCPUs string
 	// CPUSetMems specifies the memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
 	CPUSetMems string
+	// Limit CPU real-time period in microseconds
+	CPURealtimePeriod uint64
+	// Limit CPU real-time runtime in microseconds
+	CPURealtimeRuntime uint64
 	// Memory specifies the memory limit
 	Memory string
 	// MemoryReservationChanged specifies whether the memory soft limit has been changed

pkg/cmd/container/run_cgroup_linux.go

@@ -102,6 +102,19 @@ func generateCgroupOpts(id string, options types.ContainerCreateOptions, interna
 		opts = append(opts, oci.WithCPUsMems(options.CPUSetMems))
 	}
 
+	if options.CPURealtimePeriod != 0 || options.CPURealtimeRuntime != 0 {
+		if !infoutil.CPURealtime(options.GOptions.CgroupManager) {
+			// CPU realtime scheduling is not supported in cgroup V2
+			return nil, errors.New("kernel does not support CPU real-time scheduler")
+		}
+
+		if options.CPURealtimePeriod != 0 && options.CPURealtimeRuntime != 0 &&
+			options.CPURealtimeRuntime > options.CPURealtimePeriod {
+			return nil, errors.New("cpu real-time runtime cannot be higher than cpu real-time period")
+		}
+	}
+	opts = append(opts, oci.WithCPURT(int64(options.CPURealtimeRuntime), options.CPURealtimePeriod))
+
 	var mem64 int64
 	if options.Memory != "" {
 		mem64, err = units.RAMInBytes(options.Memory)

pkg/infoutil/infoutil.go

@@ -284,3 +284,8 @@ func BlockIOReadIOpsDevice(cgroupManager string) bool {
 func BlockIOWriteIOpsDevice(cgroupManager string) bool {
 	return getMobySysInfo(cgroupManager).BlkioWriteIOpsDevice
 }
+
+// CPURealtime returns whether CPU realtime period is supported or not
+func CPURealtime(cgroupManager string) bool {
+	return getMobySysInfo(cgroupManager).CPURealtime
+}

pkg/inspecttypes/dockercompat/dockercompat.go

@@ -167,17 +167,20 @@ type HostConfig struct {
 	Tmpfs   map[string]string `json:"Tmpfs,omitempty"` // List of tmpfs (mounts) used for the container
 	UTSMode string            // UTS namespace to use for the container
 	// UsernsMode      UsernsMode        // The user namespace to use for the container
-	ShmSize        int64             // Size of /dev/shm in bytes. The size must be greater than 0.
-	Sysctls        map[string]string // List of Namespaced sysctls used for the container
-	Runtime        string            // Runtime to use with this container
-	CPUSetMems     string            `json:"CpusetMems"` // CpusetMems 0-2, 0,1
-	CPUSetCPUs     string            `json:"CpusetCpus"` // CpusetCpus 0-2, 0,1
-	CPUQuota       int64             `json:"CpuQuota"`   // CPU CFS (Completely Fair Scheduler) quota
-	CPUShares      uint64            `json:"CpuShares"`  // CPU shares (relative weight vs. other containers)
-	Memory         int64             // Memory limit (in bytes)
-	MemorySwap     int64             // Total memory usage (memory + swap); set `-1` to enable unlimited swap
-	OomKillDisable bool              // specifies whether to disable OOM Killer
-	Devices        []DeviceMapping   // List of devices to map inside the container
+	ShmSize            int64             // Size of /dev/shm in bytes. The size must be greater than 0.
+	Sysctls            map[string]string // List of Namespaced sysctls used for the container
+	Runtime            string            // Runtime to use with this container
+	CPUSetMems         string            `json:"CpusetMems"`         // CpusetMems 0-2, 0,1
+	CPUSetCPUs         string            `json:"CpusetCpus"`         // CpusetCpus 0-2, 0,1
+	CPUQuota           int64             `json:"CpuQuota"`           // CPU CFS (Completely Fair Scheduler) quota
+	CPUShares          uint64            `json:"CpuShares"`          // CPU shares (relative weight vs. other containers)
+	CPUPeriod          uint64            `json:"CpuPeriod"`          // Limits the CPU CFS (Completely Fair Scheduler) period
+	CPURealtimePeriod  uint64            `json:"CpuRealtimePeriod"`  // Limits the CPU real-time period in microseconds
+	CPURealtimeRuntime int64             `json:"CpuRealtimeRuntime"` // Limits the CPU real-time runtime in microseconds
+	Memory             int64             // Memory limit (in bytes)
+	MemorySwap         int64             // Total memory usage (memory + swap); set `-1` to enable unlimited swap
+	OomKillDisable     bool              // specifies whether to disable OOM Killer
+	Devices            []DeviceMapping   // List of devices to map inside the container
 	LinuxBlkioSettings
 }
 
@@ -264,11 +267,14 @@ type DeviceMapping struct {
 	CgroupPermissions string
 }
 
-type cpuSettings struct {
-	cpuSetCpus string
-	cpuSetMems string
-	cpuShares  uint64
-	cpuQuota   int64
+type CPUSettings struct {
+	CPUSetCpus         string
+	CPUSetMems         string
+	CPUShares          uint64
+	CPUQuota           int64
+	CPUPeriod          uint64
+	CPURealtimePeriod  uint64
+	CPURealtimeRuntime int64
 }
 
 // DefaultNetworkSettings is from https://github.com/moby/moby/blob/v20.10.1/api/types/types.go#L405-L414
@@ -478,12 +484,15 @@ func ContainerFromNative(n *native.Container) (*Container, error) {
 
 	cpuSetting, err := cpuSettingsFromNative(n.Spec.(*specs.Spec))
 	if err != nil {
-		return nil, fmt.Errorf("failed to Decode cpuSettings: %v", err)
+		return nil, fmt.Errorf("failed to Decode cpuSetting: %v", err)
 	}
-	c.HostConfig.CPUSetCPUs = cpuSetting.cpuSetCpus
-	c.HostConfig.CPUSetMems = cpuSetting.cpuSetMems
-	c.HostConfig.CPUQuota = cpuSetting.cpuQuota
-	c.HostConfig.CPUShares = cpuSetting.cpuShares
+	c.HostConfig.CPUSetCPUs = cpuSetting.CPUSetCpus
+	c.HostConfig.CPUSetMems = cpuSetting.CPUSetMems
+	c.HostConfig.CPUQuota = cpuSetting.CPUQuota
+	c.HostConfig.CPUShares = cpuSetting.CPUShares
+	c.HostConfig.CPUPeriod = cpuSetting.CPUPeriod
+	c.HostConfig.CPURealtimePeriod = cpuSetting.CPURealtimePeriod
+	c.HostConfig.CPURealtimeRuntime = cpuSetting.CPURealtimeRuntime
 
 	cgroupNamespace, err := getCgroupnsFromNative(n.Spec.(*specs.Spec))
 	if err != nil {
@@ -728,23 +737,32 @@ func networkSettingsFromNative(n *native.NetNS, sp *specs.Spec) (*NetworkSetting
 	return res, nil
 }
 
-func cpuSettingsFromNative(sp *specs.Spec) (*cpuSettings, error) {
-	res := &cpuSettings{}
+func cpuSettingsFromNative(sp *specs.Spec) (*CPUSettings, error) {
+	res := &CPUSettings{}
 	if sp.Linux != nil && sp.Linux.Resources != nil && sp.Linux.Resources.CPU != nil {
 		if sp.Linux.Resources.CPU.Cpus != "" {
-			res.cpuSetCpus = sp.Linux.Resources.CPU.Cpus
+			res.CPUSetCpus = sp.Linux.Resources.CPU.Cpus
 		}
 
 		if sp.Linux.Resources.CPU.Mems != "" {
-			res.cpuSetMems = sp.Linux.Resources.CPU.Mems
+			res.CPUSetMems = sp.Linux.Resources.CPU.Mems
 		}
 
 		if sp.Linux.Resources.CPU.Shares != nil && *sp.Linux.Resources.CPU.Shares > 0 {
-			res.cpuShares = *sp.Linux.Resources.CPU.Shares
+			res.CPUShares = *sp.Linux.Resources.CPU.Shares
 		}
 
 		if sp.Linux.Resources.CPU.Quota != nil && *sp.Linux.Resources.CPU.Quota > 0 {
-			res.cpuQuota = *sp.Linux.Resources.CPU.Quota
+			res.CPUQuota = *sp.Linux.Resources.CPU.Quota
+		}
+		if sp.Linux.Resources.CPU.Period != nil && *sp.Linux.Resources.CPU.Period > 0 {
+			res.CPUPeriod = *sp.Linux.Resources.CPU.Period
+		}
+		if sp.Linux.Resources.CPU.RealtimePeriod != nil && *sp.Linux.Resources.CPU.RealtimePeriod > 0 {
+			res.CPURealtimePeriod = *sp.Linux.Resources.CPU.RealtimePeriod
+		}
+		if sp.Linux.Resources.CPU.RealtimeRuntime != nil && *sp.Linux.Resources.CPU.RealtimeRuntime > 0 {
+			res.CPURealtimeRuntime = *sp.Linux.Resources.CPU.RealtimeRuntime
 		}
 	}
 

pkg/inspecttypes/dockercompat/dockercompat_test.go

@@ -417,3 +417,97 @@ func TestNetworkSettingsFromNative(t *testing.T) {
 		})
 	}
 }
+
+func TestCpuSettingsFromNative(t *testing.T) {
+	// Helper function to create uint64 pointer
+	uint64Ptr := func(i uint64) *uint64 {
+		return &i
+	}
+
+	int64Ptr := func(i int64) *int64 {
+		return &i
+	}
+
+	testcases := []struct {
+		name     string
+		spec     *specs.Spec
+		expected *CPUSettings
+	}{
+		{
+			name:     "Test with empty spec",
+			spec:     &specs.Spec{},
+			expected: &CPUSettings{},
+		},
+		{
+			name: "Full CPU Settings",
+			spec: &specs.Spec{
+				Linux: &specs.Linux{
+					Resources: &specs.LinuxResources{
+						CPU: &specs.LinuxCPU{
+							Cpus:            "0-3",
+							Mems:            "0-1",
+							Shares:          uint64Ptr(1024),
+							Quota:           int64Ptr(100000),
+							Period:          uint64Ptr(100000),
+							RealtimePeriod:  uint64Ptr(1000000),
+							RealtimeRuntime: int64Ptr(950000),
+						},
+					},
+				},
+			},
+			expected: &CPUSettings{
+				CPUSetCpus:         "0-3",
+				CPUSetMems:         "0-1",
+				CPUShares:          1024,
+				CPUQuota:           100000,
+				CPUPeriod:          100000,
+				CPURealtimePeriod:  1000000,
+				CPURealtimeRuntime: 950000,
+			},
+		},
+		{
+			name: "Partial CPU Settings",
+			spec: &specs.Spec{
+				Linux: &specs.Linux{
+					Resources: &specs.LinuxResources{
+						CPU: &specs.LinuxCPU{
+							Cpus:   "0,1",
+							Shares: uint64Ptr(512),
+						},
+					},
+				},
+			},
+			expected: &CPUSettings{
+				CPUSetCpus: "0,1",
+				CPUShares:  512,
+			},
+		},
+		{
+			name: "Zero Values Should Be Ignored",
+			spec: &specs.Spec{
+				Linux: &specs.Linux{
+					Resources: &specs.LinuxResources{
+						CPU: &specs.LinuxCPU{
+							Shares:          uint64Ptr(0),
+							Quota:           int64Ptr(0),
+							Period:          uint64Ptr(0),
+							RealtimePeriod:  uint64Ptr(0),
+							RealtimeRuntime: int64Ptr(0),
+						},
+					},
+				},
+			},
+			expected: &CPUSettings{},
+		},
+	}
+
+	for _, tc := range testcases {
+		t.Run(tc.name, func(t *testing.T) {
+			result, err := cpuSettingsFromNative(tc.spec)
+			if err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+			assert.DeepEqual(t, result, tc.expected)
+		})
+	}
+}

pkg/inspecttypes/dockercompat/info.go

@@ -37,6 +37,7 @@ type Info struct {
 	CPUCfsQuota       bool `json:"CpuCfsQuota"`
 	CPUShares         bool
 	CPUSet            bool
+	CPURealtime       bool
 	PidsLimit         bool
 	IPv4Forwarding    bool
 	BridgeNfIptables  bool