podman pids.max default value is 2048, docker's one is 4096 which are

sufficient for the default value (512) of rgw thread pool size. But if its value is increased near to the pids-limit value, it does not leave place for the other processes to spawn and run within the container and the container crashes. pids-limit set to unlimited regardless of the container engine. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1987041 Signed-off-by: Teoman ONAY <tonay@redhat.com> (cherry picked from commit 9b5d97adb9)
2021-08-03 16:06:53 +02:00 · 2021-08-03 16:06:53 +02:00 · f8facde33a
parent 2377da8f9b
commit f8facde33a
15 changed files with 15 additions and 0 deletions
--- a/roles/ceph-crash/templates/ceph-crash.service.j2
+++ b/roles/ceph-crash/templates/ceph-crash.service.j2
@ -17,6 +17,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-crash-%i \
 {% if container_binary == 'podman' %}
 -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
 --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
 --net=host \
 -v /var/lib/ceph:/var/lib/ceph:z \
 -v /etc/localtime:/etc/localtime:ro \
--- a/roles/ceph-grafana/templates/grafana-server.service.j2
+++ b/roles/ceph-grafana/templates/grafana-server.service.j2
@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=grafana-server \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  -v /etc/grafana:/etc/grafana:Z \
  -v /var/lib/grafana:/var/lib/grafana:Z \
  --net=host \
--- a/roles/ceph-iscsi-gw/templates/rbd-target-api.service.j2
+++ b/roles/ceph-iscsi-gw/templates/rbd-target-api.service.j2
@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  --memory={{ ceph_rbd_target_api_docker_memory_limit }} \
  --cpus={{ ceph_rbd_target_api_docker_cpu_limit }} \
  -v /etc/localtime:/etc/localtime:ro \
--- a/roles/ceph-iscsi-gw/templates/rbd-target-gw.service.j2
+++ b/roles/ceph-iscsi-gw/templates/rbd-target-gw.service.j2
@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  --memory={{ ceph_rbd_target_gw_docker_memory_limit }} \
  --cpus={{ ceph_rbd_target_gw_docker_cpu_limit }} \
  -v /etc/localtime:/etc/localtime:ro \
--- a/roles/ceph-iscsi-gw/templates/tcmu-runner.service.j2
+++ b/roles/ceph-iscsi-gw/templates/tcmu-runner.service.j2
@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  --memory={{ ceph_tcmu_runner_docker_memory_limit }} \
  --cpus={{ ceph_tcmu_runner_docker_cpu_limit }} \
  -v /etc/localtime:/etc/localtime:ro \
--- a/roles/ceph-mds/templates/ceph-mds.service.j2
+++ b/roles/ceph-mds/templates/ceph-mds.service.j2
@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  --memory={{ ceph_mds_docker_memory_limit }} \
  --cpus={{ cpu_limit }} \
  -v /var/lib/ceph:/var/lib/ceph:z \
--- a/roles/ceph-mgr/templates/ceph-mgr.service.j2
+++ b/roles/ceph-mgr/templates/ceph-mgr.service.j2
@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  --memory={{ ceph_mgr_docker_memory_limit }} \
  --cpus={{ ceph_mgr_docker_cpu_limit }} \
  -v /var/lib/ceph:/var/lib/ceph:z,rshared \
--- a/roles/ceph-mon/templates/ceph-mon.service.j2
+++ b/roles/ceph-mon/templates/ceph-mon.service.j2
@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-mon-%i \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  --memory={{ ceph_mon_docker_memory_limit }} \
  --cpus={{ ceph_mon_docker_cpu_limit }} \
  -v /var/lib/ceph:/var/lib/ceph:z,rshared \
--- a/roles/ceph-nfs/templates/ceph-nfs.service.j2
+++ b/roles/ceph-nfs/templates/ceph-nfs.service.j2
@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  -v /var/lib/ceph:/var/lib/ceph:z \
  -v /etc/ceph:/etc/ceph:z \
  -v /var/lib/nfs/ganesha:/var/lib/nfs/ganesha:z \
--- a/roles/ceph-node-exporter/templates/node_exporter.service.j2
+++ b/roles/ceph-node-exporter/templates/node_exporter.service.j2
@ -20,6 +20,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=node-exporter \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  --privileged \
  -v /proc:/host/proc:ro -v /sys:/host/sys:ro \
  --net=host \
--- a/roles/ceph-osd/templates/ceph-osd.service.j2
+++ b/roles/ceph-osd/templates/ceph-osd.service.j2
@ -27,6 +27,7 @@ numactl \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  --rm \
  --net=host \
  --privileged=true \
--- a/roles/ceph-prometheus/templates/alertmanager.service.j2
+++ b/roles/ceph-prometheus/templates/alertmanager.service.j2
@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=alertmanager \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  -v "{{ alertmanager_conf_dir }}:/etc/alertmanager:Z" \
  -v "{{ alertmanager_data_dir }}:/alertmanager:Z" \
  --net=host \
--- a/roles/ceph-prometheus/templates/prometheus.service.j2
+++ b/roles/ceph-prometheus/templates/prometheus.service.j2
@ -20,6 +20,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=prometheus \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  -v "{{ prometheus_conf_dir }}:/etc/prometheus:Z" \
  -v "{{ prometheus_data_dir }}:/prometheus:Z" \
  --net=host \
--- a/roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2
+++ b/roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2
@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  --memory={{ ceph_rbd_mirror_docker_memory_limit }} \
  --cpus={{ ceph_rbd_mirror_docker_cpu_limit }} \
  -v /var/lib/ceph:/var/lib/ceph:z \
--- a/roles/ceph-rgw/templates/ceph-radosgw.service.j2
+++ b/roles/ceph-rgw/templates/ceph-radosgw.service.j2
@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% if container_binary == 'podman' %}
  -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
  --memory={{ ceph_rgw_docker_memory_limit }} \
  --cpus={{ cpu_limit }} \
  {% if ceph_rgw_docker_cpuset_cpus is defined -%}