Page MenuHomePhabricator

ops/puppet: generalize systemd resource control for users
Open, MediumPublic

Description

We are trying to generalize this https://wikitech.wikimedia.org/wiki/Systemd_resource_control

Things to take into account:

  • using user-.slice applies the same resource control limitatios to all users, including root, and including admins using sudo. This has side consequences, for example running puppet agent -t -v could be very slow if limits are low.
  • we need explicit user slice config if we don't want to get applied the default, for example: user-0.slice (for root) and user-NNNN.slice (NNNN == unix ID of a given opseng)
  • @elukey had the idea of adding an unlimited slice config for every opseng in case user-.slice is used. We could auto-generate those files, but we require to know unix IDs in puppet, which I'm not sure we can.

Related patches:

Event Timeline

aborrero created this task.Feb 6 2019, 10:58 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 6 2019, 10:58 AM
aborrero updated the task description. (Show Details)Feb 6 2019, 10:59 AM
aborrero triaged this task as Medium priority.Feb 6 2019, 11:02 AM
aborrero updated the task description. (Show Details)

So user ids are set in the admin module's data.yaml:

elukey@stat1006:~$ id elukey
uid=13926(elukey)

  elukey:
    ensure: present
    gid: 500
    name: elukey
    realname: Luca Toscano
    uid: 13926

So in theory we might be able to do it but it will be definitely a pain do to so in puppet..