podman pids.max default value is 2048, docker's one is 4096 which are

sufficient for the default value (512) of rgw thread pool size.
But if its value is increased near to the pids-limit value,
it does not leave place for the other processes to spawn and run within
the container and the container crashes.

pids-limit set to unlimited regardless of the container engine.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1987041

Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 9b5d97adb9)
pull/6806/head
Teoman ONAY 2021-08-03 16:06:53 +02:00 committed by Dimitri Savineau
parent bcf9a2c25e
commit 47149a5483
15 changed files with 15 additions and 0 deletions

View File

@ -17,6 +17,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-crash-%i \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--net=host \ --net=host \
-v /var/lib/ceph:/var/lib/ceph:z \ -v /var/lib/ceph:/var/lib/ceph:z \
-v /etc/localtime:/etc/localtime:ro \ -v /etc/localtime:/etc/localtime:ro \

View File

@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=grafana-server \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
-v /etc/grafana:/etc/grafana:Z \ -v /etc/grafana:/etc/grafana:Z \
-v /var/lib/grafana:/var/lib/grafana:Z \ -v /var/lib/grafana:/var/lib/grafana:Z \
--net=host \ --net=host \

View File

@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--memory={{ ceph_rbd_target_api_docker_memory_limit }} \ --memory={{ ceph_rbd_target_api_docker_memory_limit }} \
--cpus={{ ceph_rbd_target_api_docker_cpu_limit }} \ --cpus={{ ceph_rbd_target_api_docker_cpu_limit }} \
-v /etc/localtime:/etc/localtime:ro \ -v /etc/localtime:/etc/localtime:ro \

View File

@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--memory={{ ceph_rbd_target_gw_docker_memory_limit }} \ --memory={{ ceph_rbd_target_gw_docker_memory_limit }} \
--cpus={{ ceph_rbd_target_gw_docker_cpu_limit }} \ --cpus={{ ceph_rbd_target_gw_docker_cpu_limit }} \
-v /etc/localtime:/etc/localtime:ro \ -v /etc/localtime:/etc/localtime:ro \

View File

@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--memory={{ ceph_tcmu_runner_docker_memory_limit }} \ --memory={{ ceph_tcmu_runner_docker_memory_limit }} \
--cpus={{ ceph_tcmu_runner_docker_cpu_limit }} \ --cpus={{ ceph_tcmu_runner_docker_cpu_limit }} \
-v /etc/localtime:/etc/localtime:ro \ -v /etc/localtime:/etc/localtime:ro \

View File

@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--memory={{ ceph_mds_docker_memory_limit }} \ --memory={{ ceph_mds_docker_memory_limit }} \
--cpus={{ cpu_limit }} \ --cpus={{ cpu_limit }} \
-v /var/lib/ceph:/var/lib/ceph:z \ -v /var/lib/ceph:/var/lib/ceph:z \

View File

@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--memory={{ ceph_mgr_docker_memory_limit }} \ --memory={{ ceph_mgr_docker_memory_limit }} \
--cpus={{ ceph_mgr_docker_cpu_limit }} \ --cpus={{ ceph_mgr_docker_cpu_limit }} \
-v /var/lib/ceph:/var/lib/ceph:z,rshared \ -v /var/lib/ceph:/var/lib/ceph:z,rshared \

View File

@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-mon-%i \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--memory={{ ceph_mon_docker_memory_limit }} \ --memory={{ ceph_mon_docker_memory_limit }} \
--cpus={{ ceph_mon_docker_cpu_limit }} \ --cpus={{ ceph_mon_docker_cpu_limit }} \
-v /var/lib/ceph:/var/lib/ceph:z,rshared \ -v /var/lib/ceph:/var/lib/ceph:z,rshared \

View File

@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
-v /var/lib/ceph:/var/lib/ceph:z \ -v /var/lib/ceph:/var/lib/ceph:z \
-v /etc/ceph:/etc/ceph:z \ -v /etc/ceph:/etc/ceph:z \
-v /var/lib/nfs/ganesha:/var/lib/nfs/ganesha:z \ -v /var/lib/nfs/ganesha:/var/lib/nfs/ganesha:z \

View File

@ -20,6 +20,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=node-exporter \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--privileged \ --privileged \
-v /proc:/host/proc:ro -v /sys:/host/sys:ro \ -v /proc:/host/proc:ro -v /sys:/host/sys:ro \
--net=host \ --net=host \

View File

@ -27,6 +27,7 @@ numactl \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--rm \ --rm \
--net=host \ --net=host \
--privileged=true \ --privileged=true \

View File

@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=alertmanager \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
-v "{{ alertmanager_conf_dir }}:/etc/alertmanager:Z" \ -v "{{ alertmanager_conf_dir }}:/etc/alertmanager:Z" \
-v "{{ alertmanager_data_dir }}:/alertmanager:Z" \ -v "{{ alertmanager_data_dir }}:/alertmanager:Z" \
--net=host \ --net=host \

View File

@ -20,6 +20,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=prometheus \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
-v "{{ prometheus_conf_dir }}:/etc/prometheus:Z" \ -v "{{ prometheus_conf_dir }}:/etc/prometheus:Z" \
-v "{{ prometheus_data_dir }}:/prometheus:Z" \ -v "{{ prometheus_data_dir }}:/prometheus:Z" \
--net=host \ --net=host \

View File

@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--memory={{ ceph_rbd_mirror_docker_memory_limit }} \ --memory={{ ceph_rbd_mirror_docker_memory_limit }} \
--cpus={{ ceph_rbd_mirror_docker_cpu_limit }} \ --cpus={{ ceph_rbd_mirror_docker_cpu_limit }} \
-v /var/lib/ceph:/var/lib/ceph:z \ -v /var/lib/ceph:/var/lib/ceph:z \

View File

@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
{% if container_binary == 'podman' %} {% if container_binary == 'podman' %}
-d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \ -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
{% endif %} {% endif %}
--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
--memory={{ ceph_rgw_docker_memory_limit }} \ --memory={{ ceph_rgw_docker_memory_limit }} \
--cpus={{ cpu_limit }} \ --cpus={{ cpu_limit }} \
{% if ceph_rgw_docker_cpuset_cpus is defined -%} {% if ceph_rgw_docker_cpuset_cpus is defined -%}