From 70276931a4664d0bedcd6b0caa5a9cac2b73187b Mon Sep 17 00:00:00 2001 From: yatin Date: Wed, 11 Apr 2018 15:53:22 +0530 Subject: [PATCH] Set ulimit for nova-compute and cinder-volume Nova compute and cinder volume uses oslo concurrency processuitls.execute to run privileged commands. Containers inherit file descriptor limit from docker daemon (currently:1048576) which is too high and leads to performance issue. This patch sets nofile limit to 1024 for nova compute and 131072 for cinder volume, which is reasonable as before containers nova compute used host defaults i.e 1024 and cinder volume systemctl override([1]) i.e 131072. Also updated neutron l3, dhcp and ovs agent to use Parameters for ulimit configuration. [1] https://review.rdoproject.org/r/#/c/1360/. Closes-Bug: #1762455 Related-Bug: #1760471 Related-Bug: #1757556 Change-Id: I4d4b36de32f8a8e311efd87ea1c4095c5568dec4 --- docker/services/cinder-volume.yaml | 5 +++++ docker/services/neutron-dhcp.yaml | 6 +++++- docker/services/neutron-l3.yaml | 6 +++++- docker/services/neutron-ovs-agent.yaml | 6 +++++- docker/services/nova-compute.yaml | 5 +++++ ...rams_to_configure_ulimit-2359aa058da58054.yaml | 15 +++++++++++++++ 6 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/add_params_to_configure_ulimit-2359aa058da58054.yaml diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 0b20438a00..de44ade5da 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -10,6 +10,10 @@ parameters: DockerCinderConfigImage: description: The container image to use for the cinder config_volume type: string + DockerCinderVolumeUlimit: + default: ['nofile=131072'] + description: ulimit for Cinder Volume Container + type: comma_delimited_list EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -147,6 +151,7 @@ outputs: step_4: cinder_volume: image: *cinder_volume_image + ulimit: {get_param: DockerCinderVolumeUlimit} ipc: host net: host privileged: true diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index f6e60d6f11..3344056b9d 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -10,6 +10,10 @@ parameters: DockerNeutronConfigImage: description: The container image to use for the neutron config_volume type: string + DockerNeutronDHCPAgentUlimit: + default: ['nofile=1024'] + description: ulimit for Neutron DHCP Agent Container + type: comma_delimited_list EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -126,7 +130,7 @@ outputs: restart: always healthcheck: test: /openstack/healthcheck - ulimit: ['nofile=1024'] + ulimit: {get_param: DockerNeutronDHCPAgentUlimit} volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index 4e8585409a..6f4b8cabbb 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -10,6 +10,10 @@ parameters: DockerNeutronConfigImage: description: The container image to use for the neutron config_volume type: string + DockerNeutronL3AgentUlimit: + default: ['nofile=1024'] + description: ulimit for Neutron L3 Agent Container + type: comma_delimited_list ServiceData: default: {} description: Dictionary packing service data @@ -104,7 +108,7 @@ outputs: restart: always healthcheck: test: /openstack/healthcheck - ulimit: ['nofile=1024'] + ulimit: {get_param: DockerNeutronL3AgentUlimit} volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index a3a75a1425..3dc7d6e4d8 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -10,6 +10,10 @@ parameters: DockerNeutronConfigImage: description: The container image to use for the neutron config_volume type: string + DockerOpenvswitchUlimit: + default: ['nofile=1024'] + description: ulimit for Openvswitch Container + type: comma_delimited_list ServiceData: default: {} description: Dictionary packing service data @@ -148,7 +152,7 @@ outputs: restart: always healthcheck: test: /openstack/healthcheck - ulimit: ['nofile=1024'] + ulimit: {get_param: DockerOpenvswitchUlimit} volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index ae12ed4b96..d729e46b7f 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -10,6 +10,10 @@ parameters: DockerNovaLibvirtConfigImage: description: The container image to use for the nova_libvirt config_volume type: string + DockerNovaComputeUlimit: + default: ['nofile=1024'] + description: ulimit for Nova Compute Container + type: comma_delimited_list ServiceData: default: {} description: Dictionary packing service data @@ -155,6 +159,7 @@ outputs: step_4: nova_compute: image: &nova_compute_image {get_param: DockerNovaComputeImage} + ulimit: {get_param: DockerNovaComputeUlimit} ipc: host net: host privileged: true diff --git a/releasenotes/notes/add_params_to_configure_ulimit-2359aa058da58054.yaml b/releasenotes/notes/add_params_to_configure_ulimit-2359aa058da58054.yaml new file mode 100644 index 0000000000..b09a6586b7 --- /dev/null +++ b/releasenotes/notes/add_params_to_configure_ulimit-2359aa058da58054.yaml @@ -0,0 +1,15 @@ +--- +features: + - | + Add Parameters to Configure Ulimit for Containers. + These parameters can be used to configure ulimit + per container basis as per the requirement of the + deployment. + Following parameters are added for neutron, nova + and cinder:- + - DockerNeutronDHCPAgentUlimit defaults to nofile=1024 + - DockerNeutronL3AgentUlimit defaults to nofile=1024 + - DockerOpenvswitchUlimit defaults to nofile=1024 + - DockerNovaComputeUlimit defaults to nofile=1024 + - DockerCinderVolumeUlimit defaults to nofile=131072 +