From aed5dfe7734656cb4080012bb5005650de39cee6 Mon Sep 17 00:00:00 2001 From: Louis Abel Date: Mon, 1 May 2023 21:50:13 -0700 Subject: [PATCH] add limit capabilities --- defaults/main.yml | 4 ++++ files/00-limit.conf | 2 -- tasks/config.yml | 10 +++++----- templates/00-limit.conf.js | 7 +++++++ files/kojid.service => templates/kojid.service.j2 | 5 +++++ templates/site-defaults.cfg | 13 +++++++++---- 6 files changed, 30 insertions(+), 11 deletions(-) delete mode 100644 files/00-limit.conf create mode 100644 templates/00-limit.conf.js rename files/kojid.service => templates/kojid.service.j2 (71%) diff --git a/defaults/main.yml b/defaults/main.yml index d84e8a5..828982d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -68,3 +68,7 @@ kojid_buildtools_repo_gpgkey: RPM-GPG-KEY-Rocky-Infra # "production" and "staging" are the predetermined names and are sorted # as such. kojid_shared_builders: false + +# Define ulimits to avoid alloc issues +kojid_ulimits_conf: false +kojid_ulimits_nofiles: 10240 diff --git a/files/00-limit.conf b/files/00-limit.conf deleted file mode 100644 index c304256..0000000 --- a/files/00-limit.conf +++ /dev/null @@ -1,2 +0,0 @@ -# -* - nofile 4096 diff --git a/tasks/config.yml b/tasks/config.yml index c35d022..e043b0f 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -11,9 +11,9 @@ reload: true when: ansible_architecture == 'armv7l' -- name: Set nofile limit to 4096 - ansible.builtin.copy: - src: 00-limit.conf +- name: Set nofile limit to 10240 + ansible.builtin.template: + template: 00-limit.conf.j2 dest: /etc/security/limits.d/00-limit.conf owner: root group: root @@ -59,8 +59,8 @@ # systemd override - name: Override kojid.service - ansible.builtin.copy: - src: kojid.service + ansible.builtin.template: + template: kojid.service.j2 dest: /etc/systemd/system/kojid.service owner: root group: root diff --git a/templates/00-limit.conf.js b/templates/00-limit.conf.js new file mode 100644 index 0000000..b67c49f --- /dev/null +++ b/templates/00-limit.conf.js @@ -0,0 +1,7 @@ +# +{% if kojid_ulimits_conf %} +kojibuilder soft nofile {{ kojid_ulimits_nofiles }} +kojibuilder hard nofile {{ kojid_ulimits_nofiles }} +{% else %} +* - nofile 4096 +{% endif %} diff --git a/files/kojid.service b/templates/kojid.service.j2 similarity index 71% rename from files/kojid.service rename to templates/kojid.service.j2 index 45e7307..89b9494 100644 --- a/files/kojid.service +++ b/templates/kojid.service.j2 @@ -13,5 +13,10 @@ ExecStart=/usr/sbin/kojid \ --verbose ExecReload=/bin/kill -USR1 $MAINPID +{% if kojid_ulimits_conf %} +LimitNOFILE={{ kojid_ulimits_nofiles }} +LimitNOFILESoft={{ kojid_ulimits_nofiles }} +{% endif %} + [Install] WantedBy=multi-user.target diff --git a/templates/site-defaults.cfg b/templates/site-defaults.cfg index 5a23b03..678cfa6 100644 --- a/templates/site-defaults.cfg +++ b/templates/site-defaults.cfg @@ -1,10 +1,15 @@ -config_opts['plugin_conf']['package_state_enable'] = False -config_opts['plugin_conf']['ccache_enable'] = False +# Managed by Ansible +{% if kojid_disable_bootstrap_chroot %} +config['use_bootstrap'] = False +{% endif %} + +{% if kojid_ulimits_conf %} +config_opts['nspawn_args'] += ['--rlimit=RLIMIT_NOFILE={{ kojid_ulimits_nofiles }}'] +{% endif %} + config_opts['dnf_common_opts'] = ['--setopt=install_weak_deps=0'] config_opts['macros']['%bugurl'] = '{{ kojid_bugzilla }}' config_opts['nosync'] = True config_opts['nosync_force'] = True config_opts['environment']['LANG'] = 'C.UTF-8' config_opts['use_bootstrap'] = True -config_opts['yum_install_command'] += " -x devtoolset*" -config_opts['dnf_warning'] = False