Bug 1057654

Summary: Extend important limits to their hard limit
Product: Red Hat Enterprise Virtualization Manager Reporter: Tomas Dosek <tdosek>
Component: ovirt-engine-setupAssignee: Alon Bar-Lev <alonbl>
Status: CLOSED ERRATA QA Contact: Pavel Novotny <pnovotny>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 3.3.0CC: acathrow, bazulay, didi, eedri, gklein, iheim, lbopf, michal.skrivanek, pablo.iranzo, Rhev-m-bugs, sbonazzo, scohen, sherold, tdosek, yeylon
Target Milestone: ---Keywords: ZStream
Target Release: 3.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: integration
Fixed In Version: ovirt-3.4.0-beta2 Doc Type: Bug Fix
Doc Text:
Previously, resource limits were not set to their hard limits for Red Hat Enterprise Virtualization Manager. This would result in denial of service if multiple users performed numerous login and logout actions in a short space of time. With this update, resource limits have been set to their hard limits, preventing over-consumption of resources under such circumstances.
 Story Points: ---
Clone Of:
: 1059585 (view as bug list) Environment:
Last Closed: 2014-06-09 15:01:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1020228, 1059585, 1078909, 1142926    

Description Tomas Dosek 2014-01-24 14:56:05 UTC 
Description of problem:
Extend importand limits to their hard limit

Current limits can cause denial of service for all engine users

Version-Release number of selected component (if applicable):
is32.2

How reproducible:
100 %

Steps to Reproduce:
1. Install rhev-m environment
2. Try to log-in-out from multiple clients at the same time repeatedly


Actual results:
500 Internal server error, users can't login to portals

Expected results:
Should not cause DoS
Comment 2 Alon Bar-Lev 2014-01-24 15:02:52 UTC 
Per our discussion, it is not urgent as there is a simple workaround...

Create /etc/security/limits.d/50-ovirt.conf
---
ovirt soft nproc 29169
---
Comment 10 Pavel Novotny 2014-02-17 15:39:56 UTC 
Verified in ovirt-engine-3.4.0-0.7.beta2.el6.noarch.

Verified by automation (using Selenium).
I spun up 4 Firefox browsers in parallel and each one performed login & logout on User Portal 20 times in a row.
All login/logout actions eneded up well, no problems were encountered.
Comment 11 errata-xmlrpc 2014-06-09 15:01:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-0506.html