kolla-ansible

Number of SSH connections can be restricted by nproc

Bug #1866190 reported by Doug Szumski on 2020-03-05

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	kolla-ansible	New	Undecided	Doug Szumski

Bug Description

What happened?

1. User uses a base OS image with some settings in /etc/security/limits.conf to build container images
2. Settings make their way into nova-ssh container
3. One of the settings is nproc, the number of processes a user can open
4. The number of SSH connections is restricted by this nproc setting
5. Live migration and other functions can stop working when the limit is reached

What I expected:

Kolla Ansible owns the nproc setting in the Nova SSH container so that it is not dependent on the base image.

How to reproduce:

1. Set nproc to a low value in /etc/security/limits.conf in the Nova SSH container.
2. Spin up lots of VMs on the same host.
3. Watch process count for Nova user increase until limit exceeded.
4. Attempt live migrate. nova_ssh will stop working with:
do_exec_no_pty: fork: Resource temporarily unavailable.

Doug Szumski (dszumski) on 2020-03-05

Changed in kolla-ansible:
assignee:	nobody → Doug Szumski (dszumski)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.