RETIRED, TripleO Ansible project repository. Contains playbooks for use with TripleO OpenStack deployments.
637db1c401
By default podman 3.0.x sets the [engine]/events_logger to "file". This causes every exec in podman to create a line of text in /run/libpod/events/events.log like the following: {"ID":"412b6770c0b418e6d49a4801e71a198ddb81bbbefdaf1c9aad4d7948f77910ee","Image":"quay.io/centos/centos:latest","Name":"leak-test-7","Status":"exec","Time":"2021-06-03T08:36:05.237964012Z","Type":"container","Attributes":{"org.label-schema.build-date":"20201204","org.label-schema.license":"GPLv2","org.label-schema.name":"CentOS Base Image","org.label-schema.schema-version":"1.0","org.label-schema.vendor":"CentOS"}} Since by default /run is mounted on tmpfs, this has the side-effect of increasing kernel slab objects over time indefinitely eventually causing an OOM of the box. We initially wanted to switch to the 'none' backend, but the podman folks recommended using the journald backend because events logs are used by podman in case of a rare race when running "podman run --rm". Given that we call run with --rm from in a multithreaded fashion this seems to be the safest approach. The drawback of using journald is that events won't be logged for rootless containers unless the user is part of the 'wheel' group. We believe we're not using those containers in tripleo anyways, so this should be safe. Tested by applying a backport of this patch to Train + podman 3.0.x and got the following: [root@controller-0 containers]# ls -la /run/libpod/events/ total 0 drwx------. 2 root root 40 Jun 3 11:55 . drwxr-x--x. 5 root root 140 Jun 3 11:55 .. [root@controller-0 containers]# more /etc/containers/containers.conf [containers] pids_limit = 4096 [engine] events_logger = "journald" Also tested the override via the corresponding THT change in Ieffe2852111c3ec8347343a042dd78bbf691d79a. Closes-Bug: #1923607 Change-Id: I780103e17f1bb42a0546c30bd6c001c642ad88b3 (cherry picked from commit |
||
---|---|---|
.ansible-lint_rules | ||
_skeleton_role_ | ||
doc | ||
releasenotes | ||
scripts | ||
tests | ||
tripleo_ansible | ||
zuul.d | ||
.ansible-lint | ||
.gitignore | ||
.gitreview | ||
.pre-commit-config.yaml | ||
.stestr.conf | ||
.yamllint | ||
LICENSE | ||
README.rst | ||
ansible-requirements.txt | ||
ansible-test-env.rc | ||
bindep.txt | ||
molecule-requirements.txt | ||
requirements.txt | ||
role-addition.yml | ||
roles | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Team and repository tags
TripleO Ansible
TripleO Ansible project repository. Contains Ansible playbooks, roles, and plugins for use with TripleO.
Documentation for the project can be found at: https://docs.openstack.org/tripleo-ansible/latest/
Release notes for the project can be found at: https://docs.openstack.org/releasenotes/tripleo-ansible/
The project source code repository is located at: https://opendev.org/openstack/tripleo-ansible/
The project home is at: https://launchpad.net/tripleo
The project bug tracker is located at: https://bugs.launchpad.net/tripleo