Planet doesn't correctly set unlimitted pids for planet container

Question

Planet doesn't correctly set unlimitted pids for planet container

knisbet opened this issue 4 years ago · 0 comments

Description

What happened:
During startup, planet/runc code create systemd scope for the planet runc container. We configure runc according to the docs to set unlimited pids, however, it was discovered in an env this doesn't correctly get passed along to systemd on the host, and we get something like this:

systemctl show -- "-planet-7339febf-fddd-47e1-a3a0-ae3822c17a3e.scope" | grep -i task
TasksCurrent=10628
TasksAccounting=yes
TasksMax=4915

Tee annoying thing about this, is somewhere along the way when the scope is created it does get set as unlimited, however, when systemd reloads, it will re-apply it's TasksMax to the cgroup and limit the cgroup.

What you expected to happen:

Systemd config to reflect unlimitted tasks max.

How to reproduce it (as minimally and precisely as possible):

systemctl daemon-reload

Environment

Gravity version [e.g. 7.0.11]:
OS [e.g. Redhat 7.4]:
Platform [e.g. Vmware, AWS]:

Browser environment

Browser Version (for UI-related issues):
Install tools:
Others:

Relevant Debug Logs If Applicable
looks like it was fixed in upstream: https://github.com/opencontainers/runc/blob/master/libcontainer/cgroups/systemd/v1.go#L87-L90

whereas the version we have does:
https://github.com/gravitational/planet/blob/master/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/apply_systemd.go#L234-L238