Run rootwrap with lower fd ulimit by default

On Python 2.x, a subprocess.Popen() with close_fds=True will fork and then close filedescriptors range(3..os.sysconf("SC_OPEN_MAX")), which thanks to Kernel PTI (Kaiser patches) is significantly slower in 2018 when the range is very large. With a soft limit of 1048576, benchmark.py reports an overhead of ~ 400ms without this patch and 2ms with the patch applied. This patch adds a configuration option and sets a more sensible default of 1024 file descriptor limit by default. Closes-Bug: 1796267 Change-Id: Idd98c183eca3e2df8648fc0f37d27fe9cc6d0563
author: Dirk Mueller <dirk@dmllr.de> 2018-10-04 14:37:25 +0200
committer: Dirk Mueller <dirk@dmllr.de> 2018-10-09 12:12:46 +0200
commit: c0a86998203315858721a7b2c8ab75fbf5cd51d9 (patch)
tree: e695fa226644d9b936a4140bdd9173c3e6bd94f5 /etc
parent: 2ebda956b4318c86d27b3659ccce01abb73e0902 (diff)
download: oslo-rootwrap-c0a86998203315858721a7b2c8ab75fbf5cd51d9.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/rootwrap.conf.sample b/etc/rootwrap.conf.sample
index b8f528f..d968d2c 100644
--- a/etc/rootwrap.conf.sample
+++ b/etc/rootwrap.conf.sample
@@ -28,3 +28,6 @@ syslog_log_level=ERROR
 
 # Rootwrap daemon exits after this seconds of inactivity
 daemon_timeout=600
+
+# Rootwrap daemon limits itself to that many file descriptors
+rlimit_nofile=1024
author	Dirk Mueller <dirk@dmllr.de>	2018-10-04 14:37:25 +0200
committer	Dirk Mueller <dirk@dmllr.de>	2018-10-09 12:12:46 +0200
commit	c0a86998203315858721a7b2c8ab75fbf5cd51d9 (patch)
tree	e695fa226644d9b936a4140bdd9173c3e6bd94f5 /etc
parent	2ebda956b4318c86d27b3659ccce01abb73e0902 (diff)
download	oslo-rootwrap-c0a86998203315858721a7b2c8ab75fbf5cd51d9.tar.gz