From 73435d91392e0833056101a906deafe56a5cf7b4 Mon Sep 17 00:00:00 2001 From: Hugo Gonzalez Labrador Date: Mon, 8 Apr 2024 11:44:28 +0200 Subject: [PATCH 1/5] docker: fix ulimits for eos container --- tests/docker/docker-compose.yml | 2 +- tests/docker/eos-storage/Dockerfile | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/docker/docker-compose.yml b/tests/docker/docker-compose.yml index bb54bc3ba7..334955260b 100644 --- a/tests/docker/docker-compose.yml +++ b/tests/docker/docker-compose.yml @@ -20,7 +20,7 @@ services: - seccomp:unconfined ulimits: nproc: 57875 - nofile: 1024 + nofile: 1024000 core: -1 privileged: true sysctls: diff --git a/tests/docker/eos-storage/Dockerfile b/tests/docker/eos-storage/Dockerfile index 8afb99af03..c3d2998727 100644 --- a/tests/docker/eos-storage/Dockerfile +++ b/tests/docker/eos-storage/Dockerfile @@ -3,8 +3,11 @@ FROM gitlab-registry.cern.ch/dss/eos/eos-ci:5.1.25 COPY scripts/eos-run.sh /mnt/scripts/eos-run.sh COPY sssd/sssd.conf /etc/sssd/sssd.conf -RUN ulimit -n 1024000 && yum install -y sssd sssd-client +# RUN ulimit -n 1024000 && yum install -y sssd sssd-client +# needs to be run from docker like this: +# docker run myeoscontainer --ulimit nofiles:1024000:1024000 +# or in the ulimits directive for docker compose RUN chmod 0600 /etc/sssd/sssd.conf && chown root:root /etc/sssd/sssd.conf -ENTRYPOINT /mnt/scripts/eos-run.sh \ No newline at end of file +ENTRYPOINT /mnt/scripts/eos-run.sh From 7af864c90194127b214b0472f89f0d57e9d7adb8 Mon Sep 17 00:00:00 2001 From: Hugo Gonzalez Labrador Date: Mon, 8 Apr 2024 11:45:53 +0200 Subject: [PATCH 2/5] add changelog --- changelog/unreleased/fix-eos-container-build.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/unreleased/fix-eos-container-build.md diff --git a/changelog/unreleased/fix-eos-container-build.md b/changelog/unreleased/fix-eos-container-build.md new file mode 100644 index 0000000000..3cb804f28d --- /dev/null +++ b/changelog/unreleased/fix-eos-container-build.md @@ -0,0 +1,3 @@ +Bugfix: Fix ulimits for EOS container deployment + +https://github.com/cs3org/reva/pull/4620 From 21de3975cb72f859cd27571362d5bc316b9bafc2 Mon Sep 17 00:00:00 2001 From: Hugo Gonzalez Labrador Date: Mon, 8 Apr 2024 14:43:29 +0200 Subject: [PATCH 3/5] restore command --- tests/docker/eos-storage/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/docker/eos-storage/Dockerfile b/tests/docker/eos-storage/Dockerfile index c3d2998727..56503b7066 100644 --- a/tests/docker/eos-storage/Dockerfile +++ b/tests/docker/eos-storage/Dockerfile @@ -8,6 +8,8 @@ COPY sssd/sssd.conf /etc/sssd/sssd.conf # docker run myeoscontainer --ulimit nofiles:1024000:1024000 # or in the ulimits directive for docker compose +RUN yum install -y sssd sssd-client + RUN chmod 0600 /etc/sssd/sssd.conf && chown root:root /etc/sssd/sssd.conf ENTRYPOINT /mnt/scripts/eos-run.sh From ffc01ad66171a4523ef003973d5f873fac559b28 Mon Sep 17 00:00:00 2001 From: Hugo Gonzalez Labrador Date: Mon, 8 Apr 2024 14:45:36 +0200 Subject: [PATCH 4/5] use upstream ceph repo --- docker/Dockerfile.revad-ceph | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/Dockerfile.revad-ceph b/docker/Dockerfile.revad-ceph index 8d6fc2e244..817ce6e069 100644 --- a/docker/Dockerfile.revad-ceph +++ b/docker/Dockerfile.revad-ceph @@ -20,7 +20,6 @@ FROM quay.io/ceph/ceph:v18 # replace repo url with one that allows downloading the repo metadata # if http://download.ceph.com/rpm-reef/el8/x86_64/repodata/repomd.xml works again this can be dropped -RUN sed -i 's/download.ceph.com/de.ceph.com/' /etc/yum.repos.d/ceph.repo RUN mkdir -p /etc/selinux/config RUN dnf update --exclude=ceph-iscsi,chrony -y && dnf install -y \ From 25c0d8db1e7aa154f166cb08ace15495023f447c Mon Sep 17 00:00:00 2001 From: Hugo Gonzalez Labrador Date: Mon, 8 Apr 2024 16:13:28 +0200 Subject: [PATCH 5/5] improve docs --- docker/Dockerfile.revad-ceph | 2 -- tests/docker/eos-storage/Dockerfile | 11 +++++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docker/Dockerfile.revad-ceph b/docker/Dockerfile.revad-ceph index 817ce6e069..a190c20199 100644 --- a/docker/Dockerfile.revad-ceph +++ b/docker/Dockerfile.revad-ceph @@ -18,8 +18,6 @@ FROM quay.io/ceph/ceph:v18 -# replace repo url with one that allows downloading the repo metadata -# if http://download.ceph.com/rpm-reef/el8/x86_64/repodata/repomd.xml works again this can be dropped RUN mkdir -p /etc/selinux/config RUN dnf update --exclude=ceph-iscsi,chrony -y && dnf install -y \ diff --git a/tests/docker/eos-storage/Dockerfile b/tests/docker/eos-storage/Dockerfile index 56503b7066..587331fa0d 100644 --- a/tests/docker/eos-storage/Dockerfile +++ b/tests/docker/eos-storage/Dockerfile @@ -1,12 +1,15 @@ +# Changing ulimits inside the container may not be allowed. +# This container is usually called from docker compose, +# where the ulimits are set in the docker compose file. +# If the container needs to be run manually, the following flag +# needs to be passed, else the container will run out of fd. +# docker run myeoscontainer --ulimit nofiles:1024000:1024000 + FROM gitlab-registry.cern.ch/dss/eos/eos-ci:5.1.25 COPY scripts/eos-run.sh /mnt/scripts/eos-run.sh COPY sssd/sssd.conf /etc/sssd/sssd.conf -# RUN ulimit -n 1024000 && yum install -y sssd sssd-client -# needs to be run from docker like this: -# docker run myeoscontainer --ulimit nofiles:1024000:1024000 -# or in the ulimits directive for docker compose RUN yum install -y sssd sssd-client