mirror of
https://github.com/scylladb/scylladb.git
synced 2026-04-19 16:15:07 +00:00
e1999c76b2
Docker restricts the number of processes in a container to some
limit it calculates. This limit turns out to be too low on large
machines, since we run multiple links in parallel, and each link
runs many threads.
Remove the limit by specifying --pids-limit -1. Since dbuild is
meant to provide a build environment, not a security barrier,
this is okay (the container is still restricted by host limits).
I checked that --pids-limit is supported by old versions of
docker and by podman.
Fixes #5651.
Message-Id: <20200127090807.3528561-1-avi@scylladb.com>
(cherry picked from commit 897320f6ab)
95 lines
1.8 KiB
Bash
Executable File
95 lines
1.8 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
here="$(realpath $(dirname "$0"))"
|
|
toplevel="$(realpath "$here/../..")"
|
|
group_args=()
|
|
docker_args=()
|
|
|
|
for gid in $(id -G); do
|
|
group_args+=(--group-add "$gid")
|
|
done
|
|
|
|
interactive=
|
|
|
|
if [[ "$1" = -* ]]; then
|
|
while [[ "$1" != "--" && $# != 0 ]]; do
|
|
case "$1" in
|
|
--*)
|
|
if [[ "$1" = --interactive || "$1" = --interactive=true ]]; then
|
|
interactive=y
|
|
fi
|
|
;;
|
|
-*)
|
|
if [[ "$1" = -*i* ]]; then
|
|
interactive=y
|
|
fi
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
docker_args+=("$1")
|
|
shift
|
|
done
|
|
if [[ "$1" != "--" ]]; then
|
|
echo "Expected '--' to terminate docker flag list"
|
|
exit 1
|
|
fi
|
|
shift
|
|
fi
|
|
|
|
docker_common_args=(
|
|
--pids-limit -1 \
|
|
--network host \
|
|
-u "$(id -u):$(id -g)" \
|
|
"${group_args[@]}" \
|
|
--cap-add SYS_PTRACE \
|
|
-v "$PWD:$PWD:z" \
|
|
-v "$toplevel:$toplevel:z" \
|
|
-v /tmp:/tmp:z \
|
|
-v /etc/passwd:/etc/passwd:ro \
|
|
-v /etc/group:/etc/group:ro \
|
|
-v /etc/localtime:/etc/localtime:ro \
|
|
-w "$PWD" \
|
|
"${docker_args[@]}" \
|
|
"$(<"$here/image")" \
|
|
"$@"
|
|
)
|
|
|
|
if [[ -n "$interactive" ]]; then
|
|
# If --interactive was given on the command line, we can't run in detached mode
|
|
# as it will be impossible to interact with the container.
|
|
exec docker run --rm "${docker_common_args[@]}"
|
|
fi
|
|
|
|
container=$(
|
|
docker run \
|
|
"--detach=true" \
|
|
"${docker_common_args[@]}"
|
|
)
|
|
|
|
kill_it() {
|
|
if [[ -n "$container" ]]; then
|
|
docker rm -f "$container" > /dev/null
|
|
container=
|
|
fi
|
|
}
|
|
|
|
trap kill_it SIGTERM SIGINT SIGHUP EXIT
|
|
|
|
docker logs --follow "$container"
|
|
|
|
if [[ -n "$container" ]]; then
|
|
exitcode="$(docker wait "$container")"
|
|
else
|
|
exitcode=99
|
|
fi
|
|
|
|
kill_it
|
|
|
|
trap - SIGTERM SIGINT SIGHUP EXIT
|
|
|
|
# after "docker kill", docker wait will not print anything
|
|
[[ -z "$exitcode" ]] && exitcode=1
|
|
|
|
exit "$exitcode"
|