From 781beb757121c3b3e535af6d2240163e58a33ddd Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Mon, 8 Feb 2021 17:05:10 +0100 Subject: [PATCH] Add ContainerDefaultPidsLimit to set default pid limits in containers.conf Starting With podman 2.X the default pids-limits has been halved from 4096 to 2048 (see the dep-on change Id5d5fb9d20c0295763c78171190b9eda13508617 for more details). Let's add a parameter to override this value so an operator can raise this limit globally. Depends-On: Id5d5fb9d20c0295763c78171190b9eda13508617 Change-Id: I38a72609e6495b979861105f321b5730669a6a2b --- deployment/podman/podman-baremetal-ansible.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/deployment/podman/podman-baremetal-ansible.yaml b/deployment/podman/podman-baremetal-ansible.yaml index 1fa8534d7c..cb3066be31 100644 --- a/deployment/podman/podman-baremetal-ansible.yaml +++ b/deployment/podman/podman-baremetal-ansible.yaml @@ -53,6 +53,11 @@ parameters: username: pa55word '192.0.2.1:8787': registry_username: password + ContainerDefaultPidsLimit: + type: number + default: 4096 + description: Setting to configure the default pids_limit in /etc/container/container.conf. + This is supported starting with podman 2.0.x SystemdDropInDependencies: default: true description: tell the tripleo_container_manage to inject @@ -85,6 +90,7 @@ outputs: # default that is overwritten by the heat -> dict conversion container_registry_logins: {} container_registry_logins_json: {get_param: ContainerImageRegistryCredentials} + container_default_pids_limit: {get_param: ContainerDefaultPidsLimit} - name: Convert logins json to dict set_fact: @@ -108,6 +114,7 @@ outputs: tasks_from: tripleo_podman_install.yml vars: tripleo_container_registry_insecure_registries: "{{ container_registry_insecure_registries }}" + tripleo_container_default_pids_limit: "{{ container_default_pids_limit }}" - name: Run podman login include_role: