From 6b827c199b52a11b7237223ba1941695e980f491 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Mon, 8 Feb 2021 17:04:39 +0100 Subject: [PATCH] Support default pid limits in containers.conf Starting With podman 2.X the default pids-limits has been halved from 4096 to 2048: $ rpm -q podman && podman run --rm -it --net=host --name 'pids' edecd409281d sh -c 'cat /sys/fs/cgroup/pids/pids.max' podman-2.2.1-3.module+el8.3.1+9392+c5f6d096.x86_64 2048 With podman-1.6.4 the global default pid-limits was hardcoded to 4096 and we had no way to tweak it. With podman 2.X it is possible to override this in /etc/containers/containers.conf with the pids_limit setting inside [containers] in the /etc/containers/containers.conf ini-file: $ cat /etc/containers/containers.conf [containers] pids_limit=6666 $ podman run --rm -it --net=host --name 'pids' edecd409281d sh -c 'cat /sys/fs/cgroup/pids/pids.max' 6666 By adding this we keep the older 4096 default so we do not regress and at the same time we allow an operator to override this globally. Related-Bug: #1915122 Change-Id: Id5d5fb9d20c0295763c78171190b9eda13508617 --- .../roles/tripleo_podman/defaults/main.yml | 1 + .../tripleo_podman/tasks/tripleo_podman_install.yml | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml index 1a9061fa5..07453db36 100644 --- a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml @@ -76,3 +76,4 @@ tripleo_podman_default_network_config: # - prefix: registry.fedoraproject.org # blocked: true tripleo_podman_registries: [] +tripleo_container_default_pids_limit: 4096 diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml index 02bd444d8..9bd30296c 100644 --- a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml +++ b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml @@ -61,3 +61,15 @@ group: root setype: etc_t mode: '0644' + + - name: Write containers.conf + ini_file: + path: /etc/containers/containers.conf + owner: root + group: root + setype: etc_t + mode: '0644' + create: true + section: containers + option: pids_limit + value: "{{ tripleo_container_default_pids_limit }}"