Add ContainerDefaultPidsLimit to set default pid limits in containers.conf

Starting With podman 2.X the default pids-limits has been halved from 4096 to 2048 (see the dep-on change Id5d5fb9d20c0295763c78171190b9eda13508617 for more details). Let's add a parameter to override this value so an operator can raise this limit globally. Depends-On: Id5d5fb9d20c0295763c78171190b9eda13508617 Change-Id: I38a72609e6495b979861105f321b5730669a6a2b
2021-02-08 17:05:10 +01:00 · 2021-02-08 17:05:10 +01:00 · 781beb7571
parent ee76c8f71e
commit 781beb7571
1 changed files with 7 additions and 0 deletions
--- a/deployment/podman/podman-baremetal-ansible.yaml
+++ b/deployment/podman/podman-baremetal-ansible.yaml
@ -53,6 +53,11 @@ parameters:
          username: pa55word
        '192.0.2.1:8787':
          registry_username: password
+  ContainerDefaultPidsLimit:
+    type: number
+    default: 4096
+    description: Setting to configure the default pids_limit in /etc/container/container.conf.
+                 This is supported starting with podman 2.0.x
  SystemdDropInDependencies:
    default: true
    description: tell the tripleo_container_manage to inject
@ -85,6 +90,7 @@ outputs:
              # default that is overwritten by the heat -> dict conversion
              container_registry_logins: {}
              container_registry_logins_json: {get_param: ContainerImageRegistryCredentials}
+              container_default_pids_limit: {get_param: ContainerDefaultPidsLimit}

          - name: Convert logins json to dict
            set_fact:
@ -108,6 +114,7 @@ outputs:
              tasks_from: tripleo_podman_install.yml
            vars:
              tripleo_container_registry_insecure_registries: "{{ container_registry_insecure_registries }}"
+              tripleo_container_default_pids_limit: "{{ container_default_pids_limit }}"

          - name: Run podman login
            include_role: