Bug 1720656

Summary: Curl command in Elasticsearch readiness probe bloats dentry cache
Product: OpenShift Container Platform Reporter: Rich Megginson <rmeggins>
Component: LoggingAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Anping Li <anli>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.1.0CC: anli, aos-bugs, ggore, jcantril, lmeyer, rmeggins, sponnaga
Target Milestone: ---   
Target Release: 4.1.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: 4.1.4
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: The readiness probe for Elasticsearch uses curl with https. curl uses NSS for crypto. NSS uses too much file system cache. Consequence: The file system cache dentry grows too large too fast. Elasticsearch and the node may become unresponsive. Fix: Set the flag NSS_SDB_USE_CACHE=no in the readiness probe to workaround the NSS behavior. Result: No undue growth in the dentry cache for Elasticsearch is seen.
 Story Points: ---
Clone Of: 1720479 Environment:
Last Closed: 2019-07-04 09:01:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1720479    
Bug Blocks:    

Comment 1 Rich Megginson 2019-06-14 17:37:42 UTC 
https://github.com/openshift/origin-aggregated-logging/pull/1668
Comment 2 Rich Megginson 2019-06-14 20:05:55 UTC 
merged upstream https://github.com/openshift/origin-aggregated-logging/commit/452f0435633b977d91911129eef1ae9c506c9d9d
Comment 5 Anping Li 2019-06-20 10:57:06 UTC 
No downstream image have been build with the fix
Comment 8 Anping Li 2019-06-28 08:02:02 UTC 
NSS_SDB_USE_CACHE=no have been added to v4.1.4
Comment 10 errata-xmlrpc 2019-07-04 09:01:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1635