Do we have any declarative way of limiting percentage of resources to use in a snap or in a snap app?. A friend of mine likes a feature in docker that allows him to limit the % of cpu used by a container. Is it worthwhile having a declarative way in snapcraft.yaml to have this feature (perhaps it might be implemented using cgroups…) ?
We do not have such a feature in the YAML. Once snapcraft starts building in containers by default it’s something we could conceivably have, but you can achieve the same results today by running snapcraft from within lxc, and using its resource control features.
If I understand correctly, this topic is wrongly filed under snapcraft, when the intention was to file under snapd.
This is about limiting the installed snaps, not snapcraft itself.
Haha, good catch @Saviq! I glossed over the phrasing once I saw the question and category. @rmescandon you might want to change that.
Yes, exactly: It is about installed snaps. Changed category. I wonder how to make this easy to configure. If by using config hooks…
I don’t think it would be appropriate for a developer or packager to define resources used on your system by her snap. I think if resource limitation is to be included in snapd then it should be controlled by the user of the snap not the builder of it.
To answer @rmescandon, this isn’t available in snapd today. I agree with @lucyllewy in terms of default operation because even with well-intentioned limits it is very difficult to setup something that is useful on every system since snaps can run on embedded all the way up to huge server systems.
Today snapd doesn’t do anything with resource control in the manner described, but it could (and yes, it would need to be done with cgroups). Perhaps it would be done via ‘snap run’ which should approximate what docker is doing. Perhaps it would be configurable via a new 'snap ’ or influenced by the gadget snap. AIUI, resource controls are planned in the longer term, but what it would look like and how it operates needs design.
If you want to limit the resources of a service provided by a snap today you can do so via systemd drop-in’s. Ala
$ ls /etc/systemd/system
$ mkdir /etc/systemd/system/snap.my-snap.facny-service.service.d
$ cat << EOF > /etc/systemd/system/snap.my-snap.facny-service.service.d/limits.conf
# See https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html for details
$ systemctl daemon-reload
$ systemctl restart snap.my-snap.facny-service.service
This is how it should work. Didn’t tested this on a running system though.
I have a number of questions based on this resource limiting suggestion:
What happens when this service exceeds or tries to exceed the max memory limit? Is it possible to define the behavior of such a service?
I believe that a snap can have multiple services. Would we have to set the values to very service manually?
How would we define the resources for things that run that are not systemd services?
Being able to control this via the SnapD API would be really great.
Note that nowadays we have some limited experimental support for snap quotas, see https://snapcraft.io/docs/quota-groups