feat(hosts): 支持配置主机 PIDs 限制#4
Open
stelin wants to merge 4 commits into
Open
Conversation
- 为主机资源配置新增 pids_limit 字段,并贯通控制面、 agent 契约、运行时与数据存储 - 在创建和更新主机时补充资源参数校验,避免写入非法 的内存、CPU 与 PIDs 配置 - 更新管理后台主机表单与相关测试,确保资源限制配置与 展示行为一致
Author
|
@ZaneL1u 新增导入导出白名单,新增新建主机支持设置pids_limit |
ZaneL1u
reviewed
Jun 2, 2026
Owner
ZaneL1u
left a comment
ZaneL1u
left a comment
There was a problem hiding this comment.
感谢提交,这个功能方向很好,pids_limit 补上后主机资源配置会完整很多。
我这边整体看下来,后端主链路和测试都已经比较扎实了,只留一个很小的建议:运行中的主机会即时 docker update,但停止状态的已有容器目前只更新数据库。Docker 的 update 其实也支持 stopped container,所以这里补一笔后,创建、运行中修改、停止后修改三条路径的语义就更一致了。
这个改动很小,但能避免 DB/UI 和实际容器配置出现漂移。辛苦看下这个 suggestion,应用后我这边就倾向合并。
| } | ||
| } | ||
|
|
||
| func TestPatchResources_RunningHostAppliesDockerUpdateAndPersistsPidsLimit(t *testing.T) { |
Owner
There was a problem hiding this comment.
这个测试已经覆盖了 running 的关键路径,很好。上面的小改动应用后,如果愿意,可以顺手把这个 case 扩成 running/stopped 两个状态的表驱动测试,这样语义会更稳。这个不大,主要是给后续维护留个保护。
good Co-authored-by: Zane <hi@zaneliu.me>
jephsdge
pushed a commit
to jephsdge/cloud-cli-proxy
that referenced
this pull request
Jun 7, 2026
更新 Phase 47 verification 报告: frontmatter: - status: gaps_found → passed - score: 8/12 → 12/12 must-haves verified (post-fix) - re_verification.previous_status / previous_score / gaps_closed 填充 - 每个 gap status: failed/partial → fixed,追加 fix_commit + fix_summary body: - 顶部 Status 行从 gaps_found 改为 passed (post-fix;commit 引用) - Re-verification 从 No 改为 Yes(4 gap closed) 修复链路: - gap ZaneL1u#1 (BLOCKER-1) + gap ZaneL1u#2 (BLOCKER-2) → 60c9896 bypass_reload.go 表族对齐 ip cloudproxy + nftRunner/nftJSONLister 增加 nsenter -t <pid> -n 进入 worker netns - gap ZaneL1u#3 (BLOCKER-3) → 68f830c uat-bypass.sh I2/I9 nft family 改为 ip cloudproxy - gap ZaneL1u#4 (BLOCKER-4) → 21a201c uat-bypass.yml uat job 移除 if:false,改为 fixture 自适应 preflight 最终验证: - go build ./... PASS - go test -short -count=1 ./... PASS(含 internal/network / internal/runtime/tasks / internal/controlplane/http) - bash -n scripts/uat-bypass.sh PASS - python3 yaml.safe_load .github/workflows/uat-bypass.yml PASS
added 2 commits
June 8, 2026 11:40
- 调整 sing-box 容器侧 DNS inbound 与路由配置,补齐 dns-direct 节点,避免 DNS 流量误走直连路径 - 更新网络校验日志字段,记录 DNS 解析结果与解析错误, 提升出口与泄漏问题排查能力 - 补充 sing-box 配置与网络验证测试,覆盖 DNS inbound 非直连约束与新日志相关行为
Author
|
@ZaneL1u |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #3