1057654 – Extend important limits to their hard limit

Bug 1057654 - Extend important limits to their hard limit

Summary: Extend important limits to their hard limit

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-setup
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	3.4.0
Assignee:	Alon Bar-Lev
QA Contact:	Pavel Novotny
Docs Contact:
URL:
Whiteboard:	integration
Depends On:
Blocks:	GSS_RHEV_33_BETA 1059585 rhev3.4beta 1142926
TreeView+	depends on / blocked

Reported:	2014-01-24 14:56 UTC by Tomas Dosek
Modified:	2014-09-18 12:24 UTC (History)
CC List:	15 users (show)
Fixed In Version:	ovirt-3.4.0-beta2
Doc Type:	Bug Fix
Doc Text:	Previously, resource limits were not set to their hard limits for Red Hat Enterprise Virtualization Manager. This would result in denial of service if multiple users performed numerous login and logout actions in a short space of time. With this update, resource limits have been set to their hard limits, preventing over-consumption of resources under such circumstances.
Clone Of:
Clones:	1059585 (view as bug list)
Environment:
Last Closed:	2014-06-09 15:01:41 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	699313	None	None	None	Never
Red Hat Product Errata	RHSA-2014:0506	normal	SHIPPED_LIVE	Moderate: Red Hat Enterprise Virtualization Manager 3.4.0 update	2014-06-09 18:55:38 UTC
oVirt gerrit	23667	None	None	None	Never
oVirt gerrit	23743	None	None	None	Never
oVirt gerrit	23755	None	None	None	Never

Description Tomas Dosek 2014-01-24 14:56:05 UTC

Description of problem:
Extend importand limits to their hard limit

Current limits can cause denial of service for all engine users

Version-Release number of selected component (if applicable):
is32.2

How reproducible:
100 %

Steps to Reproduce:
1. Install rhev-m environment
2. Try to log-in-out from multiple clients at the same time repeatedly


Actual results:
500 Internal server error, users can't login to portals

Expected results:
Should not cause DoS

Comment 2 Alon Bar-Lev 2014-01-24 15:02:52 UTC

Per our discussion, it is not urgent as there is a simple workaround...

Create /etc/security/limits.d/50-ovirt.conf
---
ovirt soft nproc 29169
---

Comment 10 Pavel Novotny 2014-02-17 15:39:56 UTC

Verified in ovirt-engine-3.4.0-0.7.beta2.el6.noarch.

Verified by automation (using Selenium).
I spun up 4 Firefox browsers in parallel and each one performed login & logout on User Portal 20 times in a row.
All login/logout actions eneded up well, no problems were encountered.

Comment 11 errata-xmlrpc 2014-06-09 15:01:41 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-0506.html

Note You need to log in before you can comment on or make changes to this bug.