Support default pid limits in containers.conf

Starting With podman 2.X the default pids-limits has been halved from 4096 to 2048: $ rpm -q podman && podman run --rm -it --net=host --name 'pids' edecd409281d sh -c 'cat /sys/fs/cgroup/pids/pids.max' podman-2.2.1-3.module+el8.3.1+9392+c5f6d096.x86_64 2048 With podman-1.6.4 the global default pid-limits was hardcoded to 4096 and we had no way to tweak it. With podman 2.X it is possible to override this in /etc/containers/containers.conf with the pids_limit setting inside [containers] in the /etc/containers/containers.conf ini-file: $ cat /etc/containers/containers.conf [containers] pids_limit=6666 $ podman run --rm -it --net=host --name 'pids' edecd409281d sh -c 'cat /sys/fs/cgroup/pids/pids.max' 6666 By adding this we keep the older 4096 default so we do not regress and at the same time we allow an operator to override this globally. Related-Bug: #1915122 Change-Id: Id5d5fb9d20c0295763c78171190b9eda13508617
2021-02-08 17:04:39 +01:00 · 2021-02-08 17:04:39 +01:00 · 6b827c199b
parent fdd711a7be
commit 6b827c199b
2 changed files with 13 additions and 0 deletions
--- a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml
@ -76,3 +76,4 @@ tripleo_podman_default_network_config:
 #   - prefix: registry.fedoraproject.org
 #     blocked: true
 tripleo_podman_registries: []
+tripleo_container_default_pids_limit: 4096
--- a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml
+++ b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml
@ -61,3 +61,15 @@
        group: root
        setype: etc_t
        mode: '0644'
+
+    - name: Write containers.conf
+      ini_file:
+        path: /etc/containers/containers.conf
+        owner: root
+        group: root
+        setype: etc_t
+        mode: '0644'
+        create: true
+        section: containers
+        option: pids_limit
+        value: "{{ tripleo_container_default_pids_limit }}"