add limit capabilities

2024-11-21 12:41:26 +00:00 · 2023-05-01 21:50:13 -07:00 · 2023-05-01 21:50:13 -07:00 · aed5dfe773
commit aed5dfe773
parent fa4b4c1635
6 changed files with 30 additions and 11 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -68,3 +68,7 @@ kojid_buildtools_repo_gpgkey: RPM-GPG-KEY-Rocky-Infra
 # "production" and "staging" are the predetermined names and are sorted
 # as such.
 kojid_shared_builders: false
+
+# Define ulimits to avoid alloc issues
+kojid_ulimits_conf: false
+kojid_ulimits_nofiles: 10240
--- a/files/00-limit.conf
+++ b/files/00-limit.conf
@ -1,2 +0,0 @@
-#<domain> <type> <item> <value>
-*         -      nofile 4096
--- a/tasks/config.yml
+++ b/tasks/config.yml
@ -11,9 +11,9 @@
    reload: true
  when: ansible_architecture == 'armv7l'

- name: Set nofile limit to 4096
-  ansible.builtin.copy:
-    src: 00-limit.conf
+- name: Set nofile limit to 10240
+  ansible.builtin.template:
+    template: 00-limit.conf.j2
    dest: /etc/security/limits.d/00-limit.conf
    owner: root
    group: root
@ -59,8 +59,8 @@

 # systemd override
 - name: Override kojid.service
-  ansible.builtin.copy:
-    src: kojid.service
+  ansible.builtin.template:
+    template: kojid.service.j2
    dest: /etc/systemd/system/kojid.service
    owner: root
    group: root
--- a/templates/00-limit.conf.js
+++ b/templates/00-limit.conf.js
@ -0,0 +1,7 @@
+#<domain> <type> <item> <value>
+{% if kojid_ulimits_conf %}
+kojibuilder soft nofile {{ kojid_ulimits_nofiles }}
+kojibuilder hard nofile {{ kojid_ulimits_nofiles }}
+{% else %}
+*         -      nofile 4096
+{% endif %}
--- a/templates/kojid.service.j2
+++ b/templates/kojid.service.j2
@ -13,5 +13,10 @@ ExecStart=/usr/sbin/kojid \
       --verbose
 ExecReload=/bin/kill -USR1 $MAINPID

+{% if kojid_ulimits_conf %}
+LimitNOFILE={{ kojid_ulimits_nofiles }}
+LimitNOFILESoft={{ kojid_ulimits_nofiles }}
+{% endif %}
+
 [Install]
 WantedBy=multi-user.target
--- a/templates/site-defaults.cfg
+++ b/templates/site-defaults.cfg
@ -1,10 +1,15 @@
-config_opts['plugin_conf']['package_state_enable'] = False
-config_opts['plugin_conf']['ccache_enable'] = False
+# Managed by Ansible
+{% if kojid_disable_bootstrap_chroot %}
+config['use_bootstrap'] = False
+{% endif %}
+
+{% if kojid_ulimits_conf %}
+config_opts['nspawn_args'] += ['--rlimit=RLIMIT_NOFILE={{ kojid_ulimits_nofiles }}']
+{% endif %}
+
 config_opts['dnf_common_opts'] = ['--setopt=install_weak_deps=0']
 config_opts['macros']['%bugurl'] = '{{ kojid_bugzilla }}'
 config_opts['nosync'] = True
 config_opts['nosync_force'] = True
 config_opts['environment']['LANG'] = 'C.UTF-8'
 config_opts['use_bootstrap'] = True
-config_opts['yum_install_command'] += " -x devtoolset*"
-config_opts['dnf_warning'] = False