Page MenuHomePhabricator

ops/puppet: generalize systemd resource control for users
Open, MediumPublic


We are trying to generalize this

Things to take into account:

  • using user-.slice applies the same resource control limitatios to all users, including root, and including admins using sudo. This has side consequences, for example running puppet agent -t -v could be very slow if limits are low.
  • we need explicit user slice config if we don't want to get applied the default, for example: user-0.slice (for root) and user-NNNN.slice (NNNN == unix ID of a given opseng)
  • @elukey had the idea of adding an unlimited slice config for every opseng in case user-.slice is used. We could auto-generate those files, but we require to know unix IDs in puppet, which I'm not sure we can.

Related patches:

Event Timeline

aborrero triaged this task as Medium priority.Feb 6 2019, 11:02 AM
aborrero updated the task description. (Show Details)

So user ids are set in the admin module's data.yaml:

elukey@stat1006:~$ id elukey

    ensure: present
    gid: 500
    name: elukey
    realname: Luca Toscano
    uid: 13926

So in theory we might be able to do it but it will be definitely a pain do to so in puppet..