[pve-devel] [PATCH access-control 1/1] pools: define resource limits
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Apr 10 15:12:58 CEST 2024
and handle them when parsing/writing user.cfg
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
src/PVE/AccessControl.pm | 42 +++++++++++++++++++++++++++++++++++++--
src/test/parser_writer.pl | 14 ++++++-------
2 files changed, 47 insertions(+), 9 deletions(-)
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 21f93ff..755177f 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -72,6 +72,36 @@ sub pve_verify_realm {
PVE::Auth::Plugin::pve_verify_realm(@_);
}
+my $pool_limits_desc = {
+ "mem-config" => {
+ type => 'integer',
+ description => "Sum of memory (in MB) guests in this pools can be configured with.",
+ optional => 1,
+ },
+ "mem-run" => {
+ type => 'integer',
+ description => "Sum of memory (in MB) guests in this pools can be started with.",
+ optional => 1,
+ },
+ "cpu-config" => {
+ type => 'integer',
+ description => "Sum of (virtual) cores guests in this pools can be configured with.",
+ optional => 1,
+ },
+ "cpu-run" => {
+ type => 'integer',
+ description => "Sum of (virtual) cores guests in this pools can be started with.",
+ optional => 1,
+ },
+};
+
+PVE::JSONSchema::register_format('pve-pool-limits', $pool_limits_desc);
+PVE::JSONSchema::register_standard_option('pve-pool-limits', {
+ type => 'string',
+ format => $pool_limits_desc,
+ optional => 1,
+});
+
# Locking both config files together is only ever allowed in one order:
# 1) tfa config
# 2) user config
@@ -1524,7 +1554,7 @@ sub parse_user_config {
warn "user config - ignore invalid path in acl '$pathtxt'\n";
}
} elsif ($et eq 'pool') {
- my ($pool, $comment, $vmlist, $storelist) = @data;
+ my ($pool, $comment, $vmlist, $storelist, $limits) = @data;
if (!verify_poolname($pool, 1)) {
warn "user config - ignore pool '$pool' - invalid characters in pool name\n";
@@ -1575,6 +1605,13 @@ sub parse_user_config {
}
$cfg->{pools}->{$pool}->{storage}->{$storeid} = 1;
}
+
+ if ($limits) {
+ my $parsed_limits = eval { PVE::JSONSchema::parse_property_string($pool_limits_desc, $limits) };
+ warn "Failed to parse pool limits for '$pool' - $@\n" if $@;
+
+ $cfg->{pools}->{$pool}->{limits} = $parsed_limits;
+ }
} elsif ($et eq 'token') {
my ($tokenid, $expire, $privsep, $comment) = @data;
@@ -1656,7 +1693,8 @@ sub write_user_config {
my $vmlist = join (',', sort keys %{$d->{vms}});
my $storelist = join (',', sort keys %{$d->{storage}});
my $comment = $d->{comment} ? PVE::Tools::encode_text($d->{comment}) : '';
- $data .= "pool:$pool:$comment:$vmlist:$storelist:\n";
+ my $limits = $d->{limits} ? PVE::JSONSchema::print_property_string($d->{limits}, $pool_limits_desc) : '';
+ $data .= "pool:$pool:$comment:$vmlist:$storelist:$limits:\n";
}
$data .= "\n";
diff --git a/src/test/parser_writer.pl b/src/test/parser_writer.pl
index 80c346b..2e6eb61 100755
--- a/src/test/parser_writer.pl
+++ b/src/test/parser_writer.pl
@@ -431,12 +431,12 @@ my $default_raw = {
'test_role_privs_invalid' => 'role:testrole:VM.Invalid,Datastore.Audit,VM.Allocate:',
},
pools => {
- 'test_pool_empty' => 'pool:testpool::::',
- 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d:',
- 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs:',
- 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234::',
- 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms::::',
- 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs:',
+ 'test_pool_empty' => 'pool:testpool:::::',
+ 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d::',
+ 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs::',
+ 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234:::',
+ 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms:::::',
+ 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs::',
},
acl => {
'acl_simple_user' => 'acl:1:/:test at pam:PVEVMAdmin:',
@@ -1018,7 +1018,7 @@ my $tests = [
'user:test at pam:0:0::::::'."\n".
'token:test at pam!test:0:0::'."\n\n".
'group:testgroup:::'."\n\n".
- 'pool:testpool::::'."\n\n".
+ 'pool:testpool:::::'."\n\n".
'role:testrole::'."\n\n",
},
];
--
2.39.2
More information about the pve-devel
mailing list