charm-juju-lxd

Merge ~afreiberger/charm-juju-lxd:fix_blocked_state into charm-juju-lxd:master

  1. Git
  2. lp:~afreiberger/charm-juju-lxd
  3. fix_blocked_state
  4. Merge into master
Proposed by Drew Freiberger
Status: Needs review
Proposed branch: ~afreiberger/charm-juju-lxd:fix_blocked_state
Merge into: charm-juju-lxd:master
Diff against target: 156 lines (+49/-10)
3 files modified
files/50-security-limits.conf (+6/-0)
files/50-sysctl.conf (+8/-0)
reactive/juju_lxd.py (+35/-10)
Reviewer Review Type Date Requested Status
Zachary Zehring (community) Approve
Review via email: mp+383155@code.launchpad.net
To post a comment you must log in.
~afreiberger/charm-juju-lxd:fix_blocked_state updated
f6bb5ed... by Drew Freiberger

Added sysctl and limits.conf settings & git proxy

Git repos weren't cloning when using juju-http-proxy in the model
configs, so I've added in somethign that will set the global git proxy
for root before trying to clone openstack-on-lxd.

I've also added in sysctl and security limits configs recommended for
running as many lxd containers and services as we will be for juju on
lxd (especially for openstack-on-lxd).

Revision history for this message
Zachary Zehring (zzehring) :
Reply
~afreiberger/charm-juju-lxd:fix_blocked_state updated
9ee569e... by Drew Freiberger

Added pam_limits.so to common-session* files

The /etc/security/limits.d/ files were not being read by all sessions
(sudo/systemd) which was continuing to cause resource starvation with HA
openstack-on-lxd clouds. Added lines to append the session limits to
common-session and common-session-noninteractive files.

Static variable cleanup, moved to top of reactive hooks file.

Revision history for this message
Zachary Zehring (zzehring) wrote :

LGTM +1.

review: Approve
Reply
~afreiberger/charm-juju-lxd:fix_blocked_state updated
d0762e3... by Drew Freiberger

Update verbiage and exception handling for lxd-group missing

Unmerged commits

d0762e3... by Drew Freiberger

Update verbiage and exception handling for lxd-group missing

9ee569e... by Drew Freiberger

Added pam_limits.so to common-session* files

The /etc/security/limits.d/ files were not being read by all sessions
(sudo/systemd) which was continuing to cause resource starvation with HA
openstack-on-lxd clouds. Added lines to append the session limits to
common-session and common-session-noninteractive files.

Static variable cleanup, moved to top of reactive hooks file.

f6bb5ed... by Drew Freiberger

Added sysctl and limits.conf settings & git proxy

Git repos weren't cloning when using juju-http-proxy in the model
configs, so I've added in somethign that will set the global git proxy
for root before trying to clone openstack-on-lxd.

I've also added in sysctl and security limits configs recommended for
running as many lxd containers and services as we will be for juju on
lxd (especially for openstack-on-lxd).

d195e34... by Drew Freiberger

Updated reactive framework to re-try missing group

There was an issue with the juju_lxd_configure function that was running
finally step even when groups were missing, setting the
juju-lxd.configured flag and skipping update-status checks for group
being present. This patch fixes this race condition.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/files/50-security-limits.conf b/files/50-security-limits.conf
2new file mode 100644
3index 0000000..bee1301
4--- /dev/null
5+++ b/files/50-security-limits.conf
6@@ -0,0 +1,6 @@
7+* soft nofile 1048576
8+* hard nofile 1048576
9+root soft nofile 1048576
10+root hard nofile 1048576
11+* soft memlock unlimited
12+* hard memlock unlimited
13diff --git a/files/50-sysctl.conf b/files/50-sysctl.conf
14new file mode 100644
15index 0000000..db33cfe
16--- /dev/null
17+++ b/files/50-sysctl.conf
18@@ -0,0 +1,8 @@
19+fs.inotify.max_queued_events=1048576
20+fs.inotify.max_user_instances = 1048576
21+fs.inotify.max_user_watches = 1048576
22+vm.max_map_count=262144
23+kernel.dmesg_restrict=1
24+net.ipv4.neigh.default.gc_thresh3=8192
25+net.ipv6.neigh.default.gc_thresh3=8192
26+kernel.keys.maxkeys=2000
27diff --git a/reactive/juju_lxd.py b/reactive/juju_lxd.py
28index 1c05993..e980f21 100644
29--- a/reactive/juju_lxd.py
30+++ b/reactive/juju_lxd.py
31@@ -1,4 +1,4 @@
32-#!/usr/bin/python
33+#!/usr/bin/python3
34
35 # This file is part of juju_lxd charm which ensures that snap and the required
36 # Ubuntu packages for our charmlab are installed.
37@@ -16,24 +16,45 @@
38 # You should have received a copy of the GNU General Public License along with
39 # this program. If not, see <http://www.gnu.org/licenses/>.
40
41-from charms.reactive import when, when_not, set_state, remove_state
42+from charms.reactive import when, when_any, when_not, set_state, remove_state
43 from charms.reactive.helpers import data_changed
44 from charmhelpers.core import hookenv
45 from charmhelpers.core.host import group_exists
46+from shutil import copyfile
47 import subprocess
48 import os
49 import grp
50
51
52+LIMITS_FILE = '/etc/security/limits.d/50-juju-lxd.conf'
53+SYSCTL_FILE = '/etc/sysctl.d/50-juju-lxd.conf'
54+PAM_SESSION_LIMITS = 'session required pam_limits.so'
55+PAM_SESSION_FILE = '/etc/pam.d/common-session'
56+PAM_SESSION_NI_FILE = '/etc/pam.d/common-session-noninteractive'
57+
58+
59 @when_not('juju-lxd.installed')
60 @when('apt.installed.zfsutils-linux', 'apt.installed.git')
61 def install_charm_juju_lxd():
62 git_repo()
63+ setup_sysctl()
64+ setup_limits()
65 lxd_init()
66 status_set("active", "Ready")
67 set_state('juju-lxd.installed')
68
69
70+def setup_sysctl():
71+ copyfile('files/50-sysctl.conf', SYSCTL_FILE)
72+ subprocess.call(['sysctl', '-p'])
73+
74+
75+def setup_limits():
76+ copyfile('files/50-limits.conf', LIMITS_FILE)
77+ subprocess.call('echo {} >> {}'.format(PAM_SESSION_LIMITS, PAM_SESSION_FILE), shell=True)
78+ subprocess.call('echo {} >> {}'.format(PAM_SESSION_LIMITS, PAM_SESSION_NI_FILE), shell=True)
79+
80+
81 def status_set(state, message):
82 '''Set the unit's workload status.'''
83 (current_state, current_message) = hookenv.status_get()
84@@ -46,7 +67,7 @@ def status_set(state, message):
85 hookenv.log('{}: {}'.format(state, message), lvl)
86
87
88-@when('juju-lxd.installed')
89+@when_any('juju-lxd.installed', 'juju-lxd.missing-group')
90 @when_not('juju-lxd.configured')
91 def juju_lxd_configure():
92 config = hookenv.config()
93@@ -58,13 +79,16 @@ def juju_lxd_configure():
94 sync_groups(src_groups, 'lxd')
95 except KeyError:
96 status_set('blocked',
97- 'lxd-group "{0}" does not exist'.format(src_groups))
98- finally:
99+ 'one or more lxd-source groups "{0}" do not exist'.format(config.get('lxd-group')))
100+ set_state('juju-lxd.missing-group')
101+ else:
102 data_changed('juju-lxd.config', config)
103 set_state('juju-lxd.configured')
104+ remove_state('juju-lxd.missing-group')
105 status_set('active', 'Ready')
106 else:
107 status_set('blocked', 'LXD group "{0}" does not exist'.format(dst_group))
108+ set_state('juju-lxd.missing-group')
109
110
111 @when('juju-lxd.configured')
112@@ -91,7 +115,6 @@ def lxd_init():
113 else:
114 subprocess.call(['lxd', 'init', '--auto', '--storage-backend', 'dir'])
115
116-
117 subprocess.call(['lxc', 'network', 'delete', 'lxdbr0'])
118 subprocess.call(['lxc', 'network', 'create', 'lxdbr0',
119 'ipv4.address=10.0.8.1/24', 'ipv6.address=none',
120@@ -103,7 +126,7 @@ def lxd_init():
121
122 try:
123 subprocess.call(['lxc', 'profile', 'create', 'juju-default'])
124- except:
125+ except subprocess.CalledProcessError:
126 pass
127
128 if use_zfs:
129@@ -114,17 +137,20 @@ def lxd_init():
130 try:
131 subprocess.check_output(['lxc', 'profile', 'edit', 'juju-default'],
132 stdin=profileyaml)
133- except:
134+ except subprocess.CalledProcessError:
135 pass
136
137
138 def git_repo():
139+ if os.environ['JUJU_CHARM_HTTP_PROXY']:
140+ subprocess.call(['git', 'config', '--global', os.environ['JUJU_CHARM_HTTP_PROXY']])
141+
142 subprocess.call(['git', 'clone',
143 'https://github.com/openstack-charmers/openstack-on-lxd'])
144 try:
145 os.symlink("{}/openstack-on-lxd".format(hookenv.charm_dir()),
146 '/home/ubuntu/openstack-on-lxd')
147- except:
148+ except OSError:
149 pass
150
151
152@@ -140,4 +166,3 @@ def sync_groups(src_groups, dst):
153 users = ','.join(list(set(members)))
154 status_set("maintenance", "configuring users in lxd group")
155 subprocess.call(['gpasswd', '-M', users, dst])
156-

Subscribers

People subscribed via source and target branches

to all changes: