feat: add integrated nice and ionice options for docker#5448
Merged
Conversation
Contributor
Author
|
Note: I inlined the nice/ionice into a Moving that |
ferringb
commented
Jul 14, 2025
MichaelEischer
requested changes
Oct 4, 2025
Contributor
Author
|
cough there's a lot of WTF's in that PR of mine. I'm just going to assume I was half awake at the time. Everything you flagged is valid/correct- pardon. One thing I do recall- I was wary of CAP_SYS_NICE interaction, specifically if it was dropped, thus the set trickery. Checking the manage page, CAP_SYS_NICE is required to screw with other processes, but isn't required for downgrading the process you're launching- whether ionice or nice. It's only required for increasing the priority. So yeah, lot of WTFs. |
ferringb
added a commit
to ferringb/restic
that referenced
this pull request
Oct 4, 2025
Basically ignore everything that isn't go code. The core relevance for this is anyone working on the dockerfiles- adjusting something like the ENTRYPOINT shouldn't trigger a full rebuild, just that layer, a gap I noticed while sorting restic#5448. Note: if restic ever embeds build time files into the binary, this ignore will have to be updated. Signed-off-by: Brian Harring <ferringb@gmail.com>
ferringb
added a commit
to ferringb/restic
that referenced
this pull request
Oct 4, 2025
Basically ignore everything that isn't go code. The core relevance for this is anyone working on the dockerfiles- adjusting something like the ENTRYPOINT shouldn't trigger a full rebuild, just that layer, a gap I noticed while sorting restic#5448. Note: if restic ever embeds build time files into the binary, this ignore will have to be updated. Signed-off-by: Brian Harring <ferringb@gmail.com>
ferringb
added a commit
to ferringb/restic
that referenced
this pull request
Oct 4, 2025
Basically ignore everything that isn't go code. The core relevance for this is anyone working on the dockerfiles- adjusting something like the ENTRYPOINT shouldn't trigger a full rebuild, just that layer, a gap I noticed while sorting restic#5448. Note: if restic ever embeds build time files into the binary, this ignore will have to be updated. Signed-off-by: Brian Harring <ferringb@gmail.com>
ferringb
added a commit
to ferringb/restic
that referenced
this pull request
Oct 4, 2025
Basically ignore everything that isn't go code. The core relevance for this is anyone working on the dockerfiles- adjusting something like the ENTRYPOINT shouldn't trigger a full rebuild, just that layer, a gap I noticed while sorting restic#5448. Note: if restic ever embeds build time files into the binary, this ignore will have to be updated. Signed-off-by: Brian Harring <ferringb@gmail.com>
MichaelEischer
requested changes
Oct 5, 2025
MichaelEischer
left a comment
Member
There was a problem hiding this comment.
I have a few more nits, see suggestions below.
cough there's a lot of WTF's in that PR of mine. I'm just going to assume I was half awake at the time. Everything you flagged is valid/correct- pardon.
No worries, it's the job of a PR review to find those issues
| COPY --from=builder /go/src/github.com/restic/restic/restic /usr/bin | ||
|
|
||
| ENTRYPOINT ["/usr/bin/restic"] | ||
| # IO class default is "none"- 0, however busybox ionice `-c0 -n<something>` |
Member
There was a problem hiding this comment.
Suggested change
| # IO class default is "none"- 0, however busybox ionice `-c0 -n<something>` | |
| # IO class default is "none"- 0, however busybox rejects `ionice -c0 -n<something>` |
| will assign a random hostname each time. | ||
|
|
||
| The container additionally honors traditional ``nice`` `(man page) <https://man7.org/linux/man-pages/man1/nice.1.html>`__ and ``ionice`` `(man page) <https://man7.org/linux/man-pages/man1/ionice.1.html#OPTIONS>`__ directives via the following environment variables. | ||
| The usage of this is principally to allow restic to be scheduled as a background process reducing latency for the system while running. |
Member
There was a problem hiding this comment.
Suggested change
| The usage of this is principally to allow restic to be scheduled as a background process reducing latency for the system while running. | |
| This allows restic to be scheduled as a background process to reduce latency for the system while running. |
Comment on lines
+293
to
+296
| * NICE: If set, this adjusts the CPU prioritization via ``nice -n``. This defaults to no adjustment- standard CPU priority. | ||
| * IONICE_CLASS: If set, this adjusts the IO prioritization of the restic process via ``ionice -c`` for the available classes. | ||
| Note: if you attempt to set `real-time`, you *will* have to add the ``SYS_NICE`` capability (`see here <https://man7.org/linux/man-pages/man7/capabilities.7.html#DESCRIPTION>`__) to allow assuming this IO class. | ||
| * IONICE_PRIORITY: this defaults to 4 (no prioritization or penalties); this is the prioritization within the given `IONICE_CLASS`. |
Member
There was a problem hiding this comment.
Suggested change
| * NICE: If set, this adjusts the CPU prioritization via ``nice -n``. This defaults to no adjustment- standard CPU priority. | |
| * IONICE_CLASS: If set, this adjusts the IO prioritization of the restic process via ``ionice -c`` for the available classes. | |
| Note: if you attempt to set `real-time`, you *will* have to add the ``SYS_NICE`` capability (`see here <https://man7.org/linux/man-pages/man7/capabilities.7.html#DESCRIPTION>`__) to allow assuming this IO class. | |
| * IONICE_PRIORITY: this defaults to 4 (no prioritization or penalties); this is the prioritization within the given `IONICE_CLASS`. | |
| * ``NICE``: If set, this adjusts the CPU prioritization via ``nice -n``. This defaults to no adjustment- standard CPU priority. | |
| * ``IONICE_CLASS``: If set, this adjusts the IO prioritization of the restic process via ``ionice -c`` for the available classes. | |
| Note: if you attempt to set `real-time`, you *will* have to add the ``SYS_NICE`` capability (`see capabilities manpage <https://man7.org/linux/man-pages/man7/capabilities.7.html#DESCRIPTION>`__) to allow assuming this IO class. | |
| * ``IONICE_PRIORITY``: this defaults to 4 (no prioritization or penalties); this is the prioritization within the given ``IONICE_CLASS``. |
Contributor
Author
There was a problem hiding this comment.
For my knowledge- why are you using `` here for literals (NICE for example), but in changelog entries usiong `NICE` ? I thought `` was for commands. Is there something particular to this render pathway?
| Note: if you attempt to set `real-time`, you *will* have to add the ``SYS_NICE`` capability (`see here <https://man7.org/linux/man-pages/man7/capabilities.7.html#DESCRIPTION>`__) to allow assuming this IO class. | ||
| * IONICE_PRIORITY: this defaults to 4 (no prioritization or penalties); this is the prioritization within the given `IONICE_CLASS`. | ||
|
|
||
| The following example runs restic such that other CPU and IO requests have higher priority. This effectively perturbs the system as minimally as possible while getting the ``restic`` operation finished. |
Member
There was a problem hiding this comment.
Suggested change
| The following example runs restic such that other CPU and IO requests have higher priority. This effectively perturbs the system as minimally as possible while getting the ``restic`` operation finished. | |
| The following example runs restic such that other CPU and IO requests have higher priority. This effectively perturbs the system as minimally as possible while ``restic`` runs. |
| @@ -0,0 +1,11 @@ | |||
| Enhancement: Allow nice and ionice configuration for restic containers | |||
|
|
|||
| ghcr.io/restic/restic containers now support the following environment variables: | |||
Member
There was a problem hiding this comment.
Suggested change
| ghcr.io/restic/restic containers now support the following environment variables: | |
| The official restic docker now supports the following environment variables: |
Comment on lines
+5
to
+7
| NICE: set the desired nice scheduling. See `man nice`. | ||
| IONICE_CLASS: set the desired I/O scheduling class. See `man ionice`. Note that real time support requires the invoker to manually add the `SYS_ADMIN` capability. | ||
| IONICE_PRIORITY: set the prioritization for ionice in the given `IONICE_CLASS`. This does nothing without `IONICE_CLASS`, but defaults to `4` (no priority, no penalties). |
Member
There was a problem hiding this comment.
Suggested change
| NICE: set the desired nice scheduling. See `man nice`. | |
| IONICE_CLASS: set the desired I/O scheduling class. See `man ionice`. Note that real time support requires the invoker to manually add the `SYS_ADMIN` capability. | |
| IONICE_PRIORITY: set the prioritization for ionice in the given `IONICE_CLASS`. This does nothing without `IONICE_CLASS`, but defaults to `4` (no priority, no penalties). | |
| - `NICE`: set the desired nice scheduling. See `man nice`. | |
| - `IONICE_CLASS`: set the desired I/O scheduling class. See `man ionice`. Note that real time support requires the invoker to manually add the `SYS_ADMIN` capability. | |
| - `IONICE_PRIORITY`: set the prioritization for ionice in the given `IONICE_CLASS`. This does nothing without `IONICE_CLASS`, but defaults to `4` (no priority, no penalties). |
Contributor
Author
|
All english fixes- which I suggest you reverify, I'm native, but I just don't see that shit- should be resolved. As to the arg passing, as I mentioned, I was using main build: release |
The intended usage here is to basically kick restic as a background "do it, but don't bother my normal load" process. This allows passing the following environment variables in to influence scheduling: - NICE: usual CPU nice. Defaults to 0. This requires CAP_SYS_NICE to set a negative nice (IE, prioritize). - IONICE_CLASS: usual ionice class. Note that setting realtime requires CAP_SYS_ADMIN. Also note the actual ionice default is "none". - IONICE_PRIORITY: set the priority within the given class. Ignored if no class is specified due to class default of "no scheduler". Signed-off-by: Brian Harring <ferringb@gmail.com>
a9349fc to
a677ab2
Compare
MichaelEischer
approved these changes
Nov 16, 2025
MichaelEischer
left a comment
Member
There was a problem hiding this comment.
LGTM. I've fixed a few more typos, rebased the PR and adjusted the recently added .dockerignore file.
Please take a look.
Contributor
Author
|
LGTM. |
kikoqiu
pushed a commit
to kikoqiu/restic
that referenced
this pull request
Nov 26, 2025
The intended usage here is to basically kick restic as a background "do it, but don't bother my normal load" process. This allows passing the following environment variables in to influence scheduling: - NICE: usual CPU nice. Defaults to 0. This requires CAP_SYS_NICE to set a negative nice (IE, prioritize). - IONICE_CLASS: usual ionice class. Note that setting realtime requires CAP_SYS_ADMIN. Also note the actual ionice default is "none". - IONICE_PRIORITY: set the priority within the given class. Ignored if no class is specified due to class default of "no scheduler". --------- Signed-off-by: Brian Harring <ferringb@gmail.com> Co-authored-by: Michael Eischer <michael.eischer@fau.de>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The intended usage here is to basically kick restic as a background "do it, but don't bother my normal load" process.
This allows passing the following environment variables in to influence scheduling:
What does this PR change? What problem does it solve?
This simplifies setting CPU and IO priority, doing it directly via the container. The expectation is any user of this- as I wished- want to kick restic into the background.
This is possible already with the given containers, however this requires entrypoint override, or manipulating docker CLI args (or k8s args) to achieve it. It's doable, but if the common case is just "do it in the background", providing environment variables to do it is the lowest friction for user.
This integrates 3 environment variables, described above. Further detail:
nicecommand, but defaulted to 0- no change.ioniceclass. Realtime is not supported without the user adding the SYS_NICE capability. I consider that an exceptional case rather than the expected common case of "just background restic". Note also that if the value is unset, we must not touch the class. The default class for processes is "none", but busybox ionice refusesionice -c0 -nNsince a priority for no class makes no sense.ionice. It defaults to 4- which should be the default priority for any given class.Was the change previously discussed in an issue or on the forum?
The
nicesuggestion has appeared in multiple tickets where the end users CPU scheduler was making non-optimal choices; I don't think I've seen theionicesuggestion however.To my knowledge, there is no explicit asking for integrating controllable
niceorionicehowever.Checklist
changelog/unreleased/that describes the changes for our users (see template).