Linux security limits are not configured
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Committed
|
High
|
Oleksiy Molchanov | ||
6.0.x |
Won't Fix
|
High
|
Alexey Stupnikov | ||
6.1.x |
Won't Fix
|
High
|
Alexey Stupnikov | ||
7.0.x |
Won't Fix
|
High
|
Alexey Stupnikov | ||
8.0.x |
Won't Fix
|
High
|
Alexey Stupnikov | ||
Mitaka |
Fix Committed
|
High
|
Oleksiy Molchanov | ||
Newton |
Won't Fix
|
High
|
Oleksiy Molchanov |
Bug Description
Environment:
- MOS 9.0
- Ubuntu
Security limits are not configured:
root@node-5:~# cat /etc/security/
# /etc/security/
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
# - NOTE: group and wildcard limits are not applied to root.
# To apply a limit to the root user, <domain> must be
# the literal username root.
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open files
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
# - chroot - change root to directory (Debian-specific)
#
#<domain> <type> <item> <value>
#
#* soft core 0
#root hard core 100000
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#ftp - chroot /ftp
#@student - maxlogins 4
# End of file
but https:/
~# hiera roles
["ceph-osd", "compute"]
root@node-5:~# whoami
root
root@node-5:~# ulimit -n
1024
Related bug: https:/
Changed in fuel: | |
assignee: | nobody → Fuel for Openstack (fuel) |
milestone: | none → 9.2 |
importance: | Undecided → High |
description: | updated |
summary: |
- Linux security limits are not applied + Linux security limits are not configured |
tags: | added: customer-found |
Changed in fuel: | |
status: | New → Confirmed |
Changed in fuel: | |
assignee: | Fuel for Openstack (fuel) → Fuel Sustaining (fuel-sustaining-team) |
milestone: | 9.2 → 11.0 |
Changed in fuel: | |
assignee: | Fuel Sustaining (fuel-sustaining-team) → Oleksiy Molchanov (omolchanov) |
Changed in fuel: | |
assignee: | Oleksiy Molchanov (omolchanov) → Fuel Sustaining (fuel-sustaining-team) |
Changed in fuel: | |
assignee: | Fuel Sustaining (fuel-sustaining-team) → Oleksiy Molchanov (omolchanov) |
Changed in fuel: | |
status: | Confirmed → In Progress |
tags: | added: on-verification |
Denis, I checked in 8.0, and on computes content of limits.conf is the same empty default as you posted. /bugs.launchpad .net/fuel/ +bug/1526992)
So is it needed on compute nodes? Init.d and init services do not care about limits.conf. So if we need rise limits, we need to do it for particular service (https:/