Bug 1028603

Summary: [PERF] Nodes should configure default resource limits based on uid range
Product: OpenShift Online Reporter: Andy Grimm <agrimm>
Component: ContainersAssignee: Miciah Dashiel Butler Masters <mmasters>
Status: CLOSED WONTFIX QA Contact: libra bugs <libra-bugs>
Severity: low Docs Contact:
Priority: medium    
Version: 2.xCC: jgoulding, nicholas_schuetz, rthrashe
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-02 21:43:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1277547    

Description Andy Grimm 2013-11-08 20:42:48 UTC
Currently, we write one file per gear in /etc/security/limits.d, when in practice most gears will be left at the default settings.  It's possible to specify a pam_limits rule by uid range.  According to the limits.conf manpage, the "domain" field may contain "an uid range specified as <min_uid>:<max_uid>."

For example, if GEAR_MIN_UID=1000 and GEAR_MAX_UID=6999 in node.conf, the nproc entry might look like:

1000:6999  soft    nproc     250

The performance benefit of opening one file instead of several hundred may not be large, but this also makes it easier for an administrator to see which gears intentionally have non-default values set.

Comment 1 Jhon Honce 2014-01-31 00:03:42 UTC
The Throttler rewrites these individual files depending on gear usage.  Maintaining and rewriting one file would be prohibitive.

Comment 2 Andy Grimm 2014-01-31 01:06:42 UTC
The nproc limit is not rewritten by the throttler last I checked.  Perhaps that has changed, but even so, the throttler can write files for "throttled" gears and remove them to unthrottle, and this would be manageable and a huge improvement.

Comment 3 Rory Thrasher 2016-02-02 22:08:22 UTC
After discussion with Andy Grimm, this is being closed as WONTFIX due to low priority.