Several small fixes and simplifications

Author: jhkolb

spawnctl/main.go

@@ -205,7 +205,7 @@ func actionDeploy(c *cli.Context) error {
 	if len(timeoutStr) > 0 {
 		timeout, err = time.ParseDuration(timeoutStr)
 		if err != nil {
-			fmt.Println("Illegal timeout parameter")
+			fmt.Println("Illegal timeout parameter, must be in Go's time duration format, e.g. '5s'")
 			os.Exit(1)
 		} else if timeout < 0 {
 			fmt.Println("Timeout duration must be positive")

spawnd/backend/docker.go

@@ -28,6 +28,7 @@ const defaultSpawnpointImage = "jhkolb/spawnable:amd64"
 const logMaxSize = "50m"
 const cpuSharesPerCore = 1024
 const stopTimeout = 5 * time.Second
+const pidLimit = 8
 
 type Docker struct {
 	Alias     string
@@ -118,6 +119,7 @@ func (dkr *Docker) StartService(ctx context.Context, svcConfig *service.Configur
 			CPUShares: int64(svcConfig.CPUShares),
 			Memory:    int64(svcConfig.Memory * 1024 * 1024),
 			Devices:   devices,
+			PidsLimit: pidLimit,
 		},
 	}
 	if svcConfig.UseHostNet {

spawnd/daemon/core.go

@@ -19,23 +19,23 @@ const heartbeatInterval = 10 * time.Second
 const persistenceInterval = 30 * time.Second
 
 type Config struct {
-	BW2Entity string `yaml:"bw2Entity"`
-	BW2Agent  string `yaml:"bw2Agent"`
-	Path      string `yaml:"path"`
-	CPUShares uint64 `yaml:"cpuShares"`
-	Memory    uint64 `yaml:"memory"`
-	Backend   string `yaml:"backend"`
+	BW2Entity            string `yaml:"bw2Entity"`
+	BW2Agent             string `yaml:"bw2Agent"`
+	Path                 string `yaml:"path"`
+	CPUShares            uint64 `yaml:"cpuShares"`
+	Memory               uint64 `yaml:"memory"`
+	Backend              string `yaml:"backend"`
+	EnableHostNetworking bool   `yaml:"enableHostNetworking"`
+	EnableDeviceMapping  bool   `yaml:"enableDeviceMapping"`
 }
 
 type SpawnpointDaemon struct {
+	Config
 	bw2Client          *bw2.BW2Client
 	bw2Service         *bw2.Service
 	backend            backend.ServiceBackend
 	logger             *logging.Logger
-	path               string
 	alias              string
-	totalCPUShares     uint64
-	totalMemory        uint64
 	availableCPUShares uint64
 	availableMemory    uint64
 	resourceLock       sync.RWMutex
@@ -56,11 +56,9 @@ func New(config *Config, logger *logging.Logger) (*SpawnpointDaemon, error) {
 
 	pathElements := strings.Split(config.Path, "/")
 	daemon := SpawnpointDaemon{
+		Config:             *config,
 		logger:             logger,
 		alias:              pathElements[len(pathElements)-1],
-		path:               config.Path,
-		totalCPUShares:     config.CPUShares,
-		totalMemory:        config.Memory,
 		availableCPUShares: config.CPUShares,
 		availableMemory:    config.Memory,
 		serviceRegistry:    make(map[string]*serviceManifest),
@@ -152,6 +150,22 @@ func (daemon *SpawnpointDaemon) handleConfig(msg *bw2.SimpleMessage) {
 		return
 	}
 
+	if svcConfig.UseHostNet && !daemon.EnableHostNetworking {
+		daemon.logger.Debugf("(%s) Configuration requests use of host network, which is disabled", svcConfig.Name)
+		msg := "[ERROR] Use of host networking stack not allowed on this host"
+		if err := daemon.publishLogMessage(svcConfig.Name, msg); err != nil {
+			daemon.logger.Errorf("(%s) Failed to publish log message", svcConfig.Name)
+		}
+		return
+	} else if len(svcConfig.Devices) > 0 && !daemon.EnableDeviceMapping {
+		daemon.logger.Debugf("(%s) Configuration requests device mapping(s), which are disabled", svcConfig.Name)
+		msg := "[ERROR] Mapping devices into container not allowed on this host"
+		if err := daemon.publishLogMessage(svcConfig.Name, msg); err != nil {
+			daemon.logger.Errorf("(%s) Failed to publish log message", svcConfig.Name)
+		}
+		return
+	}
+
 	svc := serviceManifest{Configuration: &svcConfig}
 	daemon.addService(&svc, true)
 }

spawnd/daemon/heartbeat.go

@@ -51,8 +51,8 @@ func (daemon *SpawnpointDaemon) publishHeartbeatAux() {
 	availableMemory := daemon.availableMemory
 	daemon.resourceLock.RUnlock()
 	daemon.logger.Debug("Publishing daemon heartbeat")
-	daemon.logger.Debugf("CPU: %v/%v, Memory: %v/%v", availableCPU, daemon.totalCPUShares,
-		availableMemory, daemon.totalMemory)
+	daemon.logger.Debugf("CPU: %v/%v, Memory: %v/%v", availableCPU, daemon.CPUShares,
+		availableMemory, daemon.Memory)
 
 	services := make([]string, len(daemon.serviceRegistry))
 	daemon.registryLock.RLock()
@@ -66,8 +66,8 @@ func (daemon *SpawnpointDaemon) publishHeartbeatAux() {
 	hb := Heartbeat{
 		Version:         util.VersionNum,
 		Time:            time.Now().UnixNano(),
-		TotalCPU:        daemon.totalCPUShares,
-		TotalMemory:     daemon.totalMemory,
+		TotalCPU:        daemon.CPUShares,
+		TotalMemory:     daemon.Memory,
 		AvailableCPU:    availableCPU,
 		AvailableMemory: availableMemory,
 		Services:        services,
@@ -117,7 +117,7 @@ func (daemon *SpawnpointDaemon) publishServiceHeartbeats(ctx context.Context, sv
 
 func (daemon *SpawnpointDaemon) Decommission() error {
 	bw2Iface := daemon.bw2Service.RegisterInterface("daemon", "i.spawnpoint")
-	daemon.logger.Debugf("Decomissioning spawnpoint %s", daemon.path)
+	daemon.logger.Debugf("Decomissioning spawnpoint %s", daemon.Path)
 	// A message without any POs is effectively a metadata de-persist
 	if err := bw2Iface.PublishSignal("heartbeat"); err != nil {
 		daemon.logger.Errorf("Failed to publish de-persist message: %s", err)