9a8b1d149c
Provide the ability to limit resource intensive or potentially wide scale operations which could be a symptom of a highly distructive and unplanned operation in progress. The idea behind this change is to help guard the overall deployment to prevent an overall resource exhaustion situation, or prevent an attacker with valid credentials from putting an entire deployment into a potentially disasterous cleaning situation since ironic only other wise limits concurrency based upon running tasks by conductor. Story: 2010007 Task: 45140 Change-Id: I642452cd480e7674ff720b65ca32bce59a4a834a
24 lines
1.2 KiB
YAML
24 lines
1.2 KiB
YAML
---
|
|
features:
|
|
- |
|
|
Adds a concurrency limiter for number of nodes in states related to
|
|
*Cleaning* and *Provisioning* operations across the ironic deployment.
|
|
These settings default to a maximum number of concurrent deployments to
|
|
``250`` and a maximum number of concurrent deletes and cleaning operations
|
|
to ``50``. These settings can be tuned using
|
|
``[conductor]max_concurrent_deploy`` and
|
|
``[conductor]max_concurrent_clean``, respectively.
|
|
The defaults should generally be good for most operators in most cases.
|
|
Large scale operators should evaluate the defaults and tune appropriately
|
|
as this feature cannot be disabled, as it is a security mechanism.
|
|
upgrade:
|
|
- |
|
|
Large scale operators should be aware that a new feature, referred to as
|
|
"Concurrent Action Limit" was introduced as a security mechanism to
|
|
provide a means to limit attackers, or faulty scripts, from potentially
|
|
causing irreperable harm to an environment. This feature cannot be
|
|
disabled, and operators are encouraged to tune the new settings
|
|
``[conductor]max_concurrent_deploy`` and
|
|
``[conductor]max_concurrent_clean`` to match the needs of their
|
|
environment.
|