I had a conversation with Dan Streetman regarding this. The working theory currently is that this was working before b/c the rlimits for memlock were so low inside a container that the effort to perform the mlockall( MCL_CURRENT | MCL_FUTURE ) fails, which then proceeds to have fallback behavior and work just fine.
With the systemd patch from above, the rlimit was increased to 64MB. This increase actually allows the initial mlockall attempt to succeed, but then because enough memory is not available the future spawning of threads fails.
Unfortunately, with the current openvswitch-switch package there's no option to pass the --no-mlockall flag as the --no-mlockall flag must be specified before the start/stop/restart command for the ovs-ctl script.
I suspect this will hit users that have already deployed openvswitch inside a container and have now upgraded the bionic version of systemd to 237-3ubuntu10.43. For those users, you can set the --no-mlockall flag in the ovs-vswitchd.service file in order to allow it to start.
I had a conversation with Dan Streetman regarding this. The working theory currently is that this was working before b/c the rlimits for memlock were so low inside a container that the effort to perform the mlockall( MCL_CURRENT | MCL_FUTURE ) fails, which then proceeds to have fallback behavior and work just fine.
With the systemd patch from above, the rlimit was increased to 64MB. This increase actually allows the initial mlockall attempt to succeed, but then because enough memory is not available the future spawning of threads fails.
Unfortunately, with the current openvswitch-switch package there's no option to pass the --no-mlockall flag as the --no-mlockall flag must be specified before the start/stop/restart command for the ovs-ctl script.
I suspect this will hit users that have already deployed openvswitch inside a container and have now upgraded the bionic version of systemd to 237-3ubuntu10.43. For those users, you can set the --no-mlockall flag in the ovs-vswitchd. service file in order to allow it to start.