From 2202e7f39b8d385e73f7c0d99c4835ce236f857d Mon Sep 17 00:00:00 2001
From: Tyler Ramer <tramer@pivotal.io>
Date: Wed, 11 Sep 2019 11:50:00 -0400
Subject: [PATCH] Add support for setting container ulimit

- supports `ulimit: host` or other single value
- As well as `ulimit: [nofile=5000, nproc=5000]` array
- As well as `ulimit: {nofile: 5000, nproc: 5000}` dict

Authored-by: Tyler Ramer <tramer@pivotal.io>
---
 podman_compose.py                | 22 ++++++++++++++++++++++
 tests/ulimit/Dockerfile          |  3 +++
 tests/ulimit/docker-compose.yaml | 30 ++++++++++++++++++++++++++++++
 tests/ulimit/ulimit.sh           | 10 ++++++++++
 4 files changed, 65 insertions(+)
 create mode 100644 tests/ulimit/Dockerfile
 create mode 100644 tests/ulimit/docker-compose.yaml
 create mode 100755 tests/ulimit/ulimit.sh

diff --git a/podman_compose.py b/podman_compose.py
index bfae417..4138ab1 100755
--- a/podman_compose.py
+++ b/podman_compose.py
@@ -206,6 +206,17 @@ def norm_as_dict(src):
         raise ValueError("dictionary or iterable is expected")
     return dst
 
+def norm_ulimit(inner_value):
+    if is_dict(inner_value):
+        if not inner_value.keys() & {"soft", "hard"}:
+            raise ValueError("expected at least one soft or hard limit")
+        soft = inner_value.get("soft", inner_value.get("hard"))
+        hard = inner_value.get("hard", inner_value.get("soft"))
+        return "{}:{}".format(soft, hard)
+    elif is_list(inner_value): return norm_ulimit(norm_as_dict(inner_value))
+    # if int or string return as is
+    return inner_value
+
 
 # transformation helpers
 
@@ -477,6 +488,17 @@ def container_to_args(compose, cnt, detached=True, podman_command='run'):
         podman_args.append('-i')
     if cnt.get('tty'):
         podman_args.append('--tty')
+    ulimit = cnt.get('ulimit', [])
+    if ulimit is not None:
+        # ulimit can be a single value, i.e. ulimit: host
+        if is_str(ulimit):
+            podman_args.extend(['--ulimit', ulimit])
+        # or a dictionary or list:
+        else:
+            ulimit = norm_as_dict(ulimit)
+            ulimit = [ "{}={}".format(ulimit_key, norm_ulimit(inner_value)) for ulimit_key, inner_value in ulimit.items()]
+            for i in ulimit:
+                podman_args.extend(['--ulimit', i])
     # currently podman shipped by fedora does not package this
     # if cnt.get('init'):
     #    args.append('--init')
diff --git a/tests/ulimit/Dockerfile b/tests/ulimit/Dockerfile
new file mode 100644
index 0000000..3b622f2
--- /dev/null
+++ b/tests/ulimit/Dockerfile
@@ -0,0 +1,3 @@
+FROM busybox
+
+COPY ./ulimit.sh /bin/ulimit.sh
diff --git a/tests/ulimit/docker-compose.yaml b/tests/ulimit/docker-compose.yaml
new file mode 100644
index 0000000..ac84231
--- /dev/null
+++ b/tests/ulimit/docker-compose.yaml
@@ -0,0 +1,30 @@
+version: "3"
+services:
+    ulimit1:
+      image: ulimit_test
+      command: ["ulimit.sh" ]
+      ulimit: nofile=1001
+      build: 
+        context: ./
+        dockerfile: Dockerfile
+    ulimit2:
+      image: ulimit_test
+      command: ["ulimit.sh" ]
+      ulimit:
+      - nproc=1002:2002
+      - nofile=1002
+      build:
+        context: ./
+        dockerfile: Dockerfile
+    ulimit3:
+      image: ulimit_test
+      command: [ "ulimit.sh" ]
+      ulimit:
+        nofile: 1003
+        nproc:
+          soft: 1003
+          hard: 2003
+      build:
+        context: ./
+        dockerfile: Dockerfile
+
diff --git a/tests/ulimit/ulimit.sh b/tests/ulimit/ulimit.sh
new file mode 100755
index 0000000..1483d7b
--- /dev/null
+++ b/tests/ulimit/ulimit.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+echo "soft process limit"
+ulimit -S -u
+echo "hard process limit"
+ulimit -H -u
+echo "soft nofile limit"
+ulimit -S -n
+echo "hard nofile limit"
+ulimit -H -n