From 84c988dcfd1db20e2eca478e9bf89899b2029c5c Mon Sep 17 00:00:00 2001 From: Adam King Date: Sun, 12 Feb 2023 15:28:10 -0500 Subject: [PATCH] cephadm: set pids-limit unlimited for all ceph daemons We actually had this setup before, but ran into issues. Some teuthology test had failed in the fs suite, so it was modified to only affect iscsi and rgw daemons (https://github.com/ceph/ceph/pull/45798) and then the changes were reverted entirely (so no pids-limit modifying code at all) in quincy and pacific because the LRC ran into issues with the change related to the podman version (https://github.com/ceph/ceph/pull/45932). This new patch now addresses the podman versions, specifically that the patch that makes -1 work for a pids-limit seems to have landed in podman 3.4.1 based on https://github.com/containers/podman/pull/12040. We'll need to make sure that this doesn't break anything in the fs suites again as I don't remember the details of the first issue, or why having it only set the pids-limit for iscsi and rgw fixes it. Assuming that isn't a problem we should hopefully be able to unify at least how reef and quincy handle this now that the podman version issue is being addressed in this patch. See the linked tracker issue for a discussion on why we're going at this again and why I'm trying to do this for all ceph daemon types. Fixes: https://tracker.ceph.com/issues/58685 Signed-off-by: Adam King --- src/cephadm/cephadm.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/cephadm/cephadm.py b/src/cephadm/cephadm.py index ad3aa054d75..1d45bc37294 100755 --- a/src/cephadm/cephadm.py +++ b/src/cephadm/cephadm.py @@ -82,6 +82,7 @@ DATA_DIR_MODE = 0o700 CONTAINER_INIT = True MIN_PODMAN_VERSION = (2, 0, 2) CGROUPS_SPLIT_PODMAN_VERSION = (2, 1, 0) +PIDS_LIMIT_UNLIMITED_PODMAN_VERSION = (3, 4, 1) CUSTOM_PS1 = r'[ceph: \u@\h \W]\$ ' DEFAULT_TIMEOUT = None # in seconds DEFAULT_RETRY = 15 @@ -375,6 +376,7 @@ class UnauthorizedRegistryError(Error): class Ceph(object): daemons = ('mon', 'mgr', 'osd', 'mds', 'rgw', 'rbd-mirror', 'crash', 'cephfs-mirror', 'ceph-exporter') + gateways = ('iscsi', 'nfs') ################################## @@ -3117,7 +3119,10 @@ def set_pids_limit_unlimited(ctx: CephadmContext, container_args: List[str]) -> # Useful for daemons like iscsi where the default pids-limit limits the number of luns # per iscsi target or rgw where increasing the rgw_thread_pool_size to a value near # the default pids-limit may cause the container to crash. - if isinstance(ctx.container_engine, Podman): + if ( + isinstance(ctx.container_engine, Podman) + and ctx.container_engine.version >= PIDS_LIMIT_UNLIMITED_PODMAN_VERSION + ): container_args.append('--pids-limit=-1') else: container_args.append('--pids-limit=0') @@ -3138,13 +3143,14 @@ def get_container(ctx: CephadmContext, envs.append('TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES=134217728') if container_args is None: container_args = [] + if daemon_type in Ceph.daemons or daemon_type in Ceph.gateways: + set_pids_limit_unlimited(ctx, container_args) if daemon_type in ['mon', 'osd']: # mon and osd need privileged in order for libudev to query devices privileged = True if daemon_type == 'rgw': entrypoint = '/usr/bin/radosgw' name = 'client.rgw.%s' % daemon_id - set_pids_limit_unlimited(ctx, container_args) elif daemon_type == 'rbd-mirror': entrypoint = '/usr/bin/rbd-mirror' name = 'client.rbd-mirror.%s' % daemon_id @@ -3180,14 +3186,11 @@ def get_container(ctx: CephadmContext, envs.extend(Keepalived.get_container_envs()) container_args.extend(['--cap-add=NET_ADMIN', '--cap-add=NET_RAW']) elif daemon_type == CephIscsi.daemon_type: - # Applies only on rbd-target-api as get_tcmu_runner_container() - # removes all tcmu-runner arguments entrypoint = CephIscsi.entrypoint name = '%s.%s' % (daemon_type, daemon_id) # So the container can modprobe iscsi_target_mod and have write perms # to configfs we need to make this a privileged container. privileged = True - set_pids_limit_unlimited(ctx, container_args) elif daemon_type == CustomContainer.daemon_type: cc = CustomContainer.init(ctx, fsid, daemon_id) entrypoint = cc.entrypoint -- 2.39.5