tripleo

Queens: mysql/galera container inherits a small nproc limit from base container image

Bug #1900864 reported by Damien Ciabrini
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
In Progress
Low
Damien Ciabrini

Bug Description

In Queens, the mysql container image is built from a CentOS 7 base container image. This comes with a default nproc limit for regular users of 4096 procs:

    # cat /etc/security/limits.d/20-nproc.conf
    # Default limit for number of user's processes to prevent
    # accidental fork bombs.
    # See rhbz #432903 for reasoning.
    * soft nproc 4096
    root soft nproc unlimited

When starting mysql or galera containers, the mysqld server runs as user mysql, which thus inherits this limit.

While other limits like number of file descriptors can be configured via hiera, currently one cannot override this default nproc limit, which under certain circumstances can become an issue.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-tripleo (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/759083

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/queens)

Reviewed: https://review.opendev.org/759083
Committed: https://opendev.org/openstack/puppet-tripleo/commit/c485b379377677832c44deb2e922a59f756010a7
Submitter: Zuul
Branch: stable/queens

commit c485b379377677832c44deb2e922a59f756010a7
Author: Damien Ciabrini <email address hidden>
Date: Wed Oct 21 17:36:29 2020 +0200

    [queens only] mysql: make nproc limit configurable

    Docker image for mysql inherits a nproc limit from the
    CentOS 7 base image, which results in the mysqld process being
    limited to 4096 processes, which can be a problem.

    Expose a new parameter mysql_nproc_limit in puppet, to
    allow overriding that limit in hiera if needed.

    Change-Id: I99a771c93bb44f62124b2b44cdddc883ce01fd17
    Co-Authored-By: Michele Baldessari <email address hidden>
    Closes-Bug: #1900864

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-tripleo queens-eol

This issue was fixed in the openstack/puppet-tripleo queens-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.