Up default Podman rlimits to avoid max open files #1437
Conversation
|
@baude PTAL |
|
LGTM @mheon Does this match up to the Docker daemon? |
|
From I don't think we need the max processes thing because |
cmd/podman/main.go
Outdated
| if os.Geteuid() == 0 { | ||
| rlimits := new(syscall.Rlimit) | ||
| rlimits.Cur = 1048576 | ||
| rlimits.Max = 1048576 |
There was a problem hiding this comment.
I don't think so, but I'll ask anyway. Is this a value we should tuck away in a conf file?
There was a problem hiding this comment.
You probably need to check if you are running in rootless mode and then not do this, since this will be blocked in a user namespace.
|
bot, retest this please |
3 similar comments
|
bot, retest this please |
|
bot, retest this please |
|
bot, retest this please |
|
Alright, just going to start trying Homu to see if we can get things cleared |
|
📌 Commit 229c646 has been approved by |
|
⌛ Testing commit 229c646 with merge a082570... |
|
💔 Test failed - status-papr |
|
@rh-atomic-bot retry |
|
⌛ Testing commit 229c646 with merge 022921a... |
|
💔 Test failed - status-papr |
|
@rh-atomic-bot retry |
|
⌛ Testing commit 229c646 with merge 389cb67... |
|
💔 Test failed - status-papr |
|
bot, retest this please |
|
@rh-atomic-bot retry |
|
⌛ Testing commit 229c646 with merge 88e0913... |
|
💔 Test failed - status-papr |
|
FAH28 is failing consistently. I'm not sure what the difference is here. |
|
@mheon Rebase and push again, see if that clears this up. |
Every port we open consumes an open FD. This can easily consume all available FDs for the podman process. Set rlimits to resolve this. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
mheon
force-pushed
the
up_default_ulimit
branch
from
229c646 to
8fd984a
Compare
|
bot, retest this please |
|
@rh-atomic-bot r=rhatdan |
|
📌 Commit 8fd984a has been approved by |
|
⌛ Testing commit 8fd984a with merge fbf7a60... |
|
💔 Test failed - status-papr |
|
It's consistently failing on FAH28, and always on rootless. I'm really not clear as to how this breaks rootless considering it has a Geteuid() gate on it |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
LGTM |
|
📌 Commit 2148ae2 has been approved by |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1437 Approved by: rhatdan
|
@rh-atomic-bot r=rhatdan |
|
💡 This pull request was already approved, no need to approve it again.
|
|
📌 Commit 2148ae2 has been approved by |
|
☀️ Test successful - status-papr |
github-actions
bot
added
the
locked - please file new issue/PR
Every port we open consumes an open FD. This can easily consume all available FDs for the podman process. Set rlimits to resolve this.
Fixes #1357