Browse Source

Support default pid limits in containers.conf

Starting With podman 2.X the default pids-limits has been halved from
4096 to 2048:
$ rpm -q podman && podman run --rm -it --net=host --name 'pids' edecd409281d sh -c 'cat /sys/fs/cgroup/pids/pids.max'
podman-2.2.1-3.module+el8.3.1+9392+c5f6d096.x86_64
2048

With podman-1.6.4 the global default pid-limits was hardcoded to 4096
and we had no way to tweak it.

With podman 2.X it is possible to override this in
/etc/containers/containers.conf with the pids_limit setting inside
[containers] in the /etc/containers/containers.conf ini-file:
$ cat /etc/containers/containers.conf
[containers]
pids_limit=6666

$ podman run --rm -it --net=host --name 'pids' edecd409281d sh -c 'cat /sys/fs/cgroup/pids/pids.max'
6666

By adding this we keep the older 4096 default so we do not regress and
at the same time we allow an operator to override this globally.

Related-Bug: #1915122

Change-Id: Id5d5fb9d20c0295763c78171190b9eda13508617
changes/12/774512/4
Michele Baldessari 3 months ago
parent
commit
6b827c199b
2 changed files with 13 additions and 0 deletions
  1. +1
    -0
      tripleo_ansible/roles/tripleo_podman/defaults/main.yml
  2. +12
    -0
      tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml

+ 1
- 0
tripleo_ansible/roles/tripleo_podman/defaults/main.yml View File

@ -76,3 +76,4 @@ tripleo_podman_default_network_config:
# - prefix: registry.fedoraproject.org
# blocked: true
tripleo_podman_registries: []
tripleo_container_default_pids_limit: 4096

+ 12
- 0
tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml View File

@ -61,3 +61,15 @@
group: root
setype: etc_t
mode: '0644'
- name: Write containers.conf
ini_file:
path: /etc/containers/containers.conf
owner: root
group: root
setype: etc_t
mode: '0644'
create: true
section: containers
option: pids_limit
value: "{{ tripleo_container_default_pids_limit }}"

Loading…
Cancel
Save