Bug 1028603 - [PERF] Nodes should configure default resource limits based on uid range
[PERF] Nodes should configure default resource limits based on uid range
Product: OpenShift Online
Classification: Red Hat
Component: Containers (Show other bugs)
Unspecified Unspecified
medium Severity low
: ---
: ---
Assigned To: Miciah Dashiel Butler Masters
libra bugs
: Reopened
Depends On:
Blocks: 1277547
  Show dependency treegraph
Reported: 2013-11-08 15:42 EST by Andy Grimm
Modified: 2016-11-07 22:48 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-02-02 16:43:13 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andy Grimm 2013-11-08 15:42:48 EST
Currently, we write one file per gear in /etc/security/limits.d, when in practice most gears will be left at the default settings.  It's possible to specify a pam_limits rule by uid range.  According to the limits.conf manpage, the "domain" field may contain "an uid range specified as <min_uid>:<max_uid>."

For example, if GEAR_MIN_UID=1000 and GEAR_MAX_UID=6999 in node.conf, the nproc entry might look like:

1000:6999  soft    nproc     250

The performance benefit of opening one file instead of several hundred may not be large, but this also makes it easier for an administrator to see which gears intentionally have non-default values set.
Comment 1 Jhon Honce 2014-01-30 19:03:42 EST
The Throttler rewrites these individual files depending on gear usage.  Maintaining and rewriting one file would be prohibitive.
Comment 2 Andy Grimm 2014-01-30 20:06:42 EST
The nproc limit is not rewritten by the throttler last I checked.  Perhaps that has changed, but even so, the throttler can write files for "throttled" gears and remove them to unthrottle, and this would be manageable and a huge improvement.
Comment 3 Rory Thrasher 2016-02-02 17:08:22 EST
After discussion with Andy Grimm, this is being closed as WONTFIX due to low priority.

Note You need to log in before you can comment on or make changes to this bug.