From b77cce2ab819df59b49d79cb3ae1679d606a8af2 Mon Sep 17 00:00:00 2001
From: yatin <ykarel@redhat.com>
Date: Fri, 6 Apr 2018 11:03:42 +0530
Subject: [PATCH] Set ulimit for neutron agent containers

Neutron agents are using oslo-rootwrap-daemon to run
privileged commands. Containers inherit file descriptor
limit from docker daemon(currently:1048576) which is too
high and leading to performance issues. This patch set
nofile limit for neutron agent containers to 1024 which is
reasonable as before containers they were using host defaults
i.e 1024.

Depends-On: I0cfcf4e3e3e13578ec42e12f459732992fb3a760
Change-Id: Iec722cdfd7642ff3149f50d940d8079b9e1b7147
Related-Bug: #1760471
---
 docker/docker-toool                    | 6 ++++++
 docker/services/neutron-dhcp.yaml      | 1 +
 docker/services/neutron-l3.yaml        | 1 +
 docker/services/neutron-ovs-agent.yaml | 1 +
 4 files changed, 9 insertions(+)

diff --git a/docker/docker-toool b/docker/docker-toool
index a1ffe34c5c..74319058a4 100755
--- a/docker/docker-toool
+++ b/docker/docker-toool
@@ -90,6 +90,7 @@ def docker_arg_map(key, value):
         'pid': "--pid=%s" % value,
         'privileged': "--privileged=%s" % value.lower(),
         'user': "--user=%s" % value,
+        'ulimit': "--ulimit=%s" % value,
         'volumes': "--volume=%s" % value,
         'volumes_from': "--volumes-from=%s" % value,
     }.get(key, None)
@@ -124,6 +125,11 @@ def run_docker_container(opts, container_name):
                             arg = docker_arg_map("environment", env)
                             if arg:
                                 cmd.append(arg)
+                    elif container_data == "ulimit":
+                        for limit in (json_data[step][container][container_data] or []):
+                            arg = docker_arg_map("ulimit", limit)
+                            if arg:
+                                cmd.append(arg)
                     elif container_data == "volumes":
                         for volume in (json_data[step][container][container_data] or []):
                             arg = docker_arg_map("volumes", volume)
diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml
index 7ad53cc095..f6e60d6f11 100644
--- a/docker/services/neutron-dhcp.yaml
+++ b/docker/services/neutron-dhcp.yaml
@@ -126,6 +126,7 @@ outputs:
             restart: always
             healthcheck:
               test: /openstack/healthcheck
+            ulimit: ['nofile=1024']
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml
index f6da185556..4e8585409a 100644
--- a/docker/services/neutron-l3.yaml
+++ b/docker/services/neutron-l3.yaml
@@ -104,6 +104,7 @@ outputs:
             restart: always
             healthcheck:
               test: /openstack/healthcheck
+            ulimit: ['nofile=1024']
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml
index c483b202ef..a3a75a1425 100644
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@@ -148,6 +148,7 @@ outputs:
             restart: always
             healthcheck:
               test: /openstack/healthcheck
+            ulimit: ['nofile=1024']
             volumes:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}