feat: add cpu_shares 512 to remaining containers in containers.json

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/e858912d-e6a4-4838-8765-54416017a1f2

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>

compose.yaml

@@ -4,6 +4,7 @@ services:
     image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
     init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init
     restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart
+    cpu_shares: 2048 # This gives the mastercontainer twice the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers. See https://docs.docker.com/reference/compose-file/services/#cpu_shares
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work

multiple-instances.md

@@ -144,6 +144,7 @@ apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvi
    --name nextcloud-aio-mastercontainer \
    --restart always \
    --publish 8080:8080 \
+   --cpu-shares 2048 \
    --env APACHE_PORT=11000 \
    --env APACHE_IP_BINDING=0.0.0.0 \
    --env TALK_PORT=3478 \

php/containers-schema.json

@@ -141,6 +141,9 @@
 					"shm_size": {
 						"type": "integer"
 					},
+					"cpu_shares": {
+						"type": "integer"
+					},
 					"secrets": {
 						"type": "array",
 						"items": {

php/containers.json

@@ -81,7 +81,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 1024
     },
     {
       "container_name": "nextcloud-aio-database",
@@ -138,7 +139,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 1024
     },
     {
       "container_name": "nextcloud-aio-nextcloud",
@@ -280,7 +282,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 1024
     },
     {
       "container_name": "nextcloud-aio-notify-push",
@@ -321,7 +324,8 @@
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 1024
     },
     {
       "container_name": "nextcloud-aio-redis",
@@ -363,7 +367,8 @@
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 1024
     },
     {
       "container_name": "nextcloud-aio-collabora",
@@ -413,7 +418,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 512
     },
     {
       "container_name": "nextcloud-aio-talk",
@@ -484,7 +490,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 512
     },
     {
       "container_name": "nextcloud-aio-talk-recording",
@@ -538,7 +545,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 512
     },
     {
       "container_name": "nextcloud-aio-borgbackup",
@@ -609,7 +617,8 @@
       "tmpfs": [
         "/tmp",
         "/nextcloud_aio_volumes"
-      ]
+      ],
+      "cpu_shares": 1024
     },
     {
       "container_name": "nextcloud-aio-watchtower",
@@ -632,7 +641,8 @@
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 1024
     },
     {
       "container_name": "nextcloud-aio-domaincheck",
@@ -665,7 +675,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 512
     },
     {
       "container_name": "nextcloud-aio-clamav",
@@ -712,7 +723,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 512
     },
     {
       "container_name": "nextcloud-aio-onlyoffice",
@@ -756,7 +768,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 512
     },
     {
       "container_name": "nextcloud-aio-imaginary",
@@ -798,7 +811,8 @@
       ],
       "secrets": [
         "IMAGINARY_SECRET"
-      ]
+      ],
+      "cpu_shares": 512
     },
     {
       "container_name": "nextcloud-aio-fulltextsearch",
@@ -850,7 +864,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 512
     },
     {
       "container_name": "nextcloud-aio-docker-socket-proxy",
@@ -877,7 +892,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 1024
     },
     {
       "container_name": "nextcloud-aio-harp",
@@ -918,7 +934,8 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 1024
     },
     {
       "container_name": "nextcloud-aio-whiteboard",
@@ -964,7 +981,8 @@
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
-      ]
+      ],
+      "cpu_shares": 512
     }
   ]
 }

php/src/Container/Container.php

@@ -28,6 +28,7 @@ readonly class Container {
         /** @var string[] */
         public array                         $capAdd,
         public int                           $shmSize,
+        public int                           $cpuShares,
         public bool                          $apparmorUnconfined,
         /** @var string[] */
         public array                         $backupVolumes,

php/src/ContainerDefinitionFetcher.php

@@ -303,6 +303,11 @@ readonly class ContainerDefinitionFetcher {
                 $shmSize = $entry['shm_size'];
             }
 
+            $cpuShares = 512;
+            if (isset($entry['cpu_shares'])) {
+                $cpuShares = $entry['cpu_shares'];
+            }
+
             $apparmorUnconfined = false;
             if (isset($entry['apparmor_unconfined'])) {
                 $apparmorUnconfined = $entry['apparmor_unconfined'];
@@ -361,6 +366,7 @@ readonly class ContainerDefinitionFetcher {
                 $enableNvidiaGpu,
                 $capAdd,
                 $shmSize,
+                $cpuShares,
                 $apparmorUnconfined,
                 $backupVolumes,
                 $nextcloudExecCommands,

php/src/Docker/DockerActionManager.php

@@ -374,6 +374,11 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['ShmSize'] = $shmSize;
         }
 
+        $cpuShares = $container->cpuShares;
+        if ($cpuShares > 0) {
+            $requestBody['HostConfig']['CpuShares'] = $cpuShares;
+        }
+
         $tmpfs = [];
         foreach ($container->tmpfs as $tmp) {
             $mode = "";

readme.md

@@ -202,6 +202,7 @@ sudo docker run \
   --publish 80:80 \
   --publish 8080:8080 \
   --publish 8443:8443 \
+  --cpu-shares 2048 \
   --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
   ghcr.io/nextcloud-releases/all-in-one:latest
@@ -218,6 +219,7 @@ sudo docker run \
   - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates, used for for the AIO-interface running inside the mastercontainer). Not required if you run AIO behind a reverse proxy.
   - `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`).  
   - `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy.  
+  - `--cpu-shares 2048` — gives the mastercontainer twice the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers.  
   - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it.  
   - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` — mounts the Docker socket (read-only) so the mastercontainer can manage other containers. On Windows/macOS or when using rootless Docker, this path may need adjustment; see the platform-specific docs. If you change the socket path, also set `WATCHTOWER_DOCKER_SOCKET_PATH` accordingly. If you prefer not to expose the socket, see the manual-install documentation: [Manual install without docker socket access](https://github.com/nextcloud/all-in-one/tree/main/manual-install)  
   - `ghcr.io/nextcloud-releases/all-in-one:latest` — the mastercontainer image.
@@ -703,6 +705,7 @@ docker run ^
 --publish 80:80 ^
 --publish 8080:8080 ^
 --publish 8443:8443 ^
+--cpu-shares 2048 ^
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
 --volume //var/run/docker.sock:/var/run/docker.sock:ro ^
 ghcr.io/nextcloud-releases/all-in-one:latest

reverse-proxy.md

@@ -1105,6 +1105,7 @@ sudo docker run \
 --name nextcloud-aio-mastercontainer \
 --restart always \
 --publish 8080:8080 \
+--cpu-shares 2048 \
 --env APACHE_PORT=11000 \
 --env APACHE_IP_BINDING=0.0.0.0 \
 --env APACHE_ADDITIONAL_NETWORK="" \
@@ -1124,6 +1125,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
 - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
 - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
 - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
+- `--cpu-shares 2048` This gives the mastercontainer twice the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers.
 - `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
 - `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
 - `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
@@ -1154,6 +1156,7 @@ docker run ^
 --name nextcloud-aio-mastercontainer ^
 --restart always ^
 --publish 8080:8080 ^
+--cpu-shares 2048 ^
 --env APACHE_PORT=11000 ^
 --env APACHE_IP_BINDING=0.0.0.0 ^
 --env APACHE_ADDITIONAL_NETWORK="" ^