From 554eab2a873da2776eb196b37d9df89fcf166909 Mon Sep 17 00:00:00 2001 From: iamabhishek-dubey Date: Fri, 18 Dec 2020 18:43:31 +0530 Subject: [PATCH 1/4] Added resource limit worker for IIS webserver Signed-off-by: iamabhishek-dubey --- iis/driver.go | 5 +++++ iis/iis.go | 45 +++++++++++++++++++++++++++++++++++++++++++++ iis/iis_test.go | 4 ++++ 3 files changed, 54 insertions(+) diff --git a/iis/driver.go b/iis/driver.go index 4bffe37..f5cb922 100644 --- a/iis/driver.go +++ b/iis/driver.go @@ -87,6 +87,10 @@ var ( "username": hclspec.NewAttr("username", "string", false), "password": hclspec.NewAttr("password", "string", false), })), + "resource_limit": hclspec.NewBlock("resource_limit", false, hclspec.NewObject(map[string]*hclspec.Spec{ + "cpu_limit": hclspec.NewAttr("cpu_limit", "number", true), + "memory_limit": hclspec.NewAttr("memory_limit", "number", true), + })), "bindings": hclspec.NewBlockList("bindings", hclspec.NewObject(map[string]*hclspec.Spec{ "hostname": hclspec.NewAttr("hostname", "string", false), "ipaddress": hclspec.NewAttr("ipaddress", "string", false), @@ -123,6 +127,7 @@ type TaskConfig struct { AppPoolConfigPath string `codec:"apppool_config_path"` SiteConfigPath string `codec:"site_config_path"` AppPoolIdentity iisAppPoolIdentity `codec:"apppool_identity"` + AppPoolResources iisResourceLimit `codec:"resource_limit"` Bindings []iisBinding `codec:"bindings"` } diff --git a/iis/iis.go b/iis/iis.go index dd3a240..ea8ae9f 100644 --- a/iis/iis.go +++ b/iis/iis.go @@ -114,6 +114,12 @@ type iisAppPoolIdentity struct { Username string `codec:"username"` } +// IIS ResourceLimit used for Application pool worker process +type iisResourceLimit struct { + CPULimit int `codec:"cpu_limit"` + MemoryLimit int `codec:"memory_limit"` +} + // IIS Binding struct to match type iisBinding struct { CertHash string `codec:"cert_hash"` @@ -259,6 +265,42 @@ func applyAppPoolIdentity(appPoolName string, appPoolIdentity iisAppPoolIdentity return nil } +// Applies the Application Pool resource limit +func applyAppPoolResourceLimit(appPoolName string, appPoolResource iisResourceLimit) error { + properties := []string{"set", "config", "-section:system.applicationHost/applicationPools"} + + if appPoolResource.CPULimit != 0 { + + cpuLimitSize := appPoolResource.CPULimit * 1000 + + properties = append(properties, fmt.Sprintf("/[name='%s'].cpu.limit:%s", appPoolName, strconv.Itoa(cpuLimitSize))) + properties = append(properties, fmt.Sprintf("/commit:apphost")) + + if _, err := executeAppCmd(properties...); err != nil { + return fmt.Errorf("Failed to set Application Pool Resources: %v", err) + } + } + properties = []string{"set", "config", "-section:system.applicationHost/applicationPools"} + + properties = append(properties, fmt.Sprintf("/[name='%s'].cpu.action:%s", appPoolName, "KillW3wp")) + properties = append(properties, fmt.Sprintf("/commit:apphost")) + if _, err := executeAppCmd(properties...); err != nil { + return fmt.Errorf("Failed to set Application Pool Resources: %v", err) + } + + properties = []string{"set", "config", "-section:system.applicationHost/applicationPools"} + + if appPoolResource.MemoryLimit != 0 { + memoryLimitSize := appPoolResource.MemoryLimit * 1000 + properties = append(properties, fmt.Sprintf("/[name='%s'].recycling.periodicRestart.privateMemory:%s", appPoolName, strconv.Itoa(memoryLimitSize))) + properties = append(properties, fmt.Sprintf("/commit:apphost")) + if _, err := executeAppCmd(properties...); err != nil { + return fmt.Errorf("Failed to set Application Pool Resources: %v", err) + } + } + return nil +} + // Creates an Application Pool with the given name and applies an IIS exported Application Pool xml if a path is provided func createAppPool(appPoolName string, configPath string) error { if exists, err := doesAppPoolExist(appPoolName); err != nil || exists { @@ -593,6 +635,9 @@ func createWebsite(websiteName string, config *TaskConfig) error { if err := applyAppPoolIdentity(websiteName, config.AppPoolIdentity); err != nil { return err } + if err := applyAppPoolResourceLimit(websiteName, config.AppPoolResources); err != nil { + return err + } if err := createSite(websiteName, config.Path, config.SiteConfigPath); err != nil { return err } diff --git a/iis/iis_test.go b/iis/iis_test.go index 1f10567..d875a37 100644 --- a/iis/iis_test.go +++ b/iis/iis_test.go @@ -290,6 +290,10 @@ func TestWebsite(t *testing.T) { {Type: "http", Port: 8080}, {Type: "https", Port: 8081, CertHash: hash}, }, + AppPoolResources: iisResourceLimit{ + CPULimit: 50, + MemoryLimit: 500, + }, AppPoolConfigPath: "C:\\vagrant\\vagrant\\testapppool.xml", SiteConfigPath: "C:\\vagrant\\vagrant\\testsite.xml", } From 58f37b93d6d0c51263c1e679eaeebef0701b4add Mon Sep 17 00:00:00 2001 From: iamabhishek-dubey Date: Mon, 17 May 2021 20:02:08 +0530 Subject: [PATCH 2/4] Added consul scripts as well Signed-off-by: iamabhishek-dubey --- examples/iis-test.nomad | 24 ++++++++++++++++++++---- scripts/win_provision.ps1 | 9 +++++++++ vagrant/consul.json | 7 +++++++ vagrant/win_client.hcl | 4 ++++ 4 files changed, 40 insertions(+), 4 deletions(-) create mode 100644 vagrant/consul.json diff --git a/examples/iis-test.nomad b/examples/iis-test.nomad index c87ef26..e965d64 100644 --- a/examples/iis-test.nomad +++ b/examples/iis-test.nomad @@ -13,13 +13,19 @@ job "iis-test" { task "iis-test" { driver = "win_iis" + artifact { + source = "https://github.com/iamabhishek-dubey/nomad-driver-iis/releases/download/v0.4/test-hello-world.zip" + options { + archive = true + } + } config { - path = "C:\\inetpub\\wwwroot" + path = "${NOMAD_TASKS_DIR}\\netcoreapp2.1" + apppool_identity { - identity="SpecificUser" - username="vagrant" - password="vagrant" + identity = "NetworkService" } + bindings { type = "http" resource_port = "httplabel" @@ -32,6 +38,16 @@ job "iis-test" { port "httplabel" {} } } + service { + name = "iis-test" + tags = ["iis-test", "windows-iis-test"] + port = "httplabel" + check { + type = "tcp" + interval = "10s" + timeout = "2s" + } + } } } } diff --git a/scripts/win_provision.ps1 b/scripts/win_provision.ps1 index c51cde3..5547faa 100644 --- a/scripts/win_provision.ps1 +++ b/scripts/win_provision.ps1 @@ -5,8 +5,17 @@ Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://cho choco install git.install --version=2.25.1 -y --no-progress choco install golang --version=1.14 -y --no-progress choco install nomad --version=0.11.0 -y --no-progress +choco install consul --version=1.8.5 -y --no-progress Stop-Service nomad +Stop-Service consul + +Get-CimInstance win32_service -filter "name='consul'" | Invoke-CimMethod -Name Change -Arguments @{StartName="LocalSystem"} | Out-Null +$consulDir = "C:\\ProgramData\\consul" +New-Item -ItemType Directory -Path "$consulDir\\data" -Force +Copy-Item "C:\\vagrant\\vagrant\\consul.json" -Destination "$consulDir\\conf\\consul.json" -Force +Start-Service consul + Get-CimInstance win32_service -filter "name='nomad'" | Invoke-CimMethod -Name Change -Arguments @{StartName="LocalSystem"} | Out-Null $nomadDir = "C:\\ProgramData\\nomad" New-Item -ItemType Directory -Path "$nomadDir\\plugin" -Force diff --git a/vagrant/consul.json b/vagrant/consul.json new file mode 100644 index 0000000..e6a2b53 --- /dev/null +++ b/vagrant/consul.json @@ -0,0 +1,7 @@ +{ + "client_addr": "0.0.0.0", + "datacenter": "dc1", + "bind_addr": "172.17.8.101", + "data_dir": "C:\\ProgramData\\consul\\data", + "ui": true +} diff --git a/vagrant/win_client.hcl b/vagrant/win_client.hcl index d3d008c..1a8141a 100644 --- a/vagrant/win_client.hcl +++ b/vagrant/win_client.hcl @@ -5,6 +5,10 @@ log_level = "INFO" data_dir = "C:\\ProgramData\\nomad\\data" plugin_dir = "C:\\ProgramData\\nomad\\plugin" +consul { + address = "localhost:8500" +} + # Enable server mode server { enabled = true From db48b44e6d3a30e759f6b8b1ca775b04d9de71eb Mon Sep 17 00:00:00 2001 From: iamabhishek-dubey Date: Mon, 17 May 2021 20:37:12 +0530 Subject: [PATCH 3/4] Modified example Signed-off-by: iamabhishek-dubey --- examples/iis-test.nomad | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/examples/iis-test.nomad b/examples/iis-test.nomad index e965d64..40d149b 100644 --- a/examples/iis-test.nomad +++ b/examples/iis-test.nomad @@ -15,12 +15,9 @@ job "iis-test" { artifact { source = "https://github.com/iamabhishek-dubey/nomad-driver-iis/releases/download/v0.4/test-hello-world.zip" - options { - archive = true - } } config { - path = "${NOMAD_TASKS_DIR}\\netcoreapp2.1" + path = "${NOMAD_TASK_DIR}\\netcoreapp2.1" apppool_identity { identity = "NetworkService" From f38353ba2bdee96d6a7b9b7e1b2325270a9be169 Mon Sep 17 00:00:00 2001 From: iamabhishek-dubey Date: Mon, 17 May 2021 22:34:26 +0530 Subject: [PATCH 4/4] Changed script Signed-off-by: iamabhishek-dubey --- scripts/win_provision.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/win_provision.ps1 b/scripts/win_provision.ps1 index 5547faa..650c5ab 100644 --- a/scripts/win_provision.ps1 +++ b/scripts/win_provision.ps1 @@ -13,7 +13,7 @@ Stop-Service consul Get-CimInstance win32_service -filter "name='consul'" | Invoke-CimMethod -Name Change -Arguments @{StartName="LocalSystem"} | Out-Null $consulDir = "C:\\ProgramData\\consul" New-Item -ItemType Directory -Path "$consulDir\\data" -Force -Copy-Item "C:\\vagrant\\vagrant\\consul.json" -Destination "$consulDir\\conf\\consul.json" -Force +Copy-Item "C:\\vagrant\\vagrant\\consul.json" -Destination "$consulDir\\config\\consul.json" -Force Start-Service consul Get-CimInstance win32_service -filter "name='nomad'" | Invoke-CimMethod -Name Change -Arguments @{StartName="LocalSystem"} | Out-Null