From ae5acc7f3cff96288138cadddc63ce4519b93e2b Mon Sep 17 00:00:00 2001
From: Will Szumski <will@stackhpc.com>
Date: Fri, 18 Oct 2019 17:48:49 +0100
Subject: [PATCH] Limit open file descriptors for Neutron agent containers

See https://bugs.launchpad.net/oslo.rootwrap/+bug/1760471, in particular
comment #1 for an explanation of why inheriting the defaults of the
docker daemon can cause poor performance:

The performance difference likely comes from close_fds=True of subprocess.
Popen. On Python 2, Popen calls close(fd) on all file descriptors from 3 to
SC_OPEN_MAX. On my Fedora 27 "host", SC_OPEN_MAX is 1,024. But in docker,
SC_OPEN_MAX is... 1,048,576: 1,000x larger. On Python 3, Popen is smarter. On
Linux, it lists the content of /proc/self/fd/ to only close open file
descriptors. It doesn't depend on SC_OPEN_MAX value.

Change-Id: Iefef6039644192420abbd3bf614329cbc0d9a62a
Closes-Bug: #1848737
Related-Bug: #1760471
Related-Bug: #1757556
Related-Bug: #1824020
---
 ansible/roles/neutron/defaults/main.yml | 28 ++++++++++++++++++-------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index 84649624af..d64f033ce7 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -218,17 +218,29 @@ ironic_neutron_agent_image: "{{ docker_registry ~ '/' if docker_registry else ''
 ironic_neutron_agent_tag: "{{ neutron_tag }}"
 ironic_neutron_agent_image_full: "{{ ironic_neutron_agent_image }}:{{ ironic_neutron_agent_tag }}"
 
-neutron_dhcp_agent_dimensions: "{{ default_container_dimensions }}"
-neutron_l3_agent_dimensions: "{{ default_container_dimensions }}"
-neutron_sriov_agent_dimensions: "{{ default_container_dimensions }}"
-neutron_linuxbridge_agent_dimensions: "{{ default_container_dimensions }}"
-neutron_metadata_agent_dimensions: "{{ default_container_dimensions }}"
-neutron_openvswitch_agent_dimensions: "{{ default_container_dimensions }}"
+# TODO(wszumski): This is a workaround for: https://bugs.launchpad.net/oslo.rootwrap/+bug/1760471
+# and should be removed once we use python 3 for all distibutions.
+neutron_agent_dimensions_python2:
+  # Values taken from TripleO: https://review.opendev.org/#/c/651137/
+  ulimits:
+    nofile:
+      soft: 16384
+      hard: 16384
+
+neutron_agent_dimensions: >-
+  {{ default_container_dimensions | combine(neutron_agent_dimensions_python2 if distro_python_version | version_compare('3.0', '<') else {}) }}
+
+neutron_dhcp_agent_dimensions: "{{ neutron_agent_dimensions }}"
+neutron_l3_agent_dimensions: "{{ neutron_agent_dimensions }}"
+neutron_sriov_agent_dimensions: "{{ neutron_agent_dimensions }}"
+neutron_linuxbridge_agent_dimensions: "{{ neutron_agent_dimensions }}"
+neutron_metadata_agent_dimensions: "{{ neutron_agent_dimensions }}"
+neutron_openvswitch_agent_dimensions: "{{ neutron_agent_dimensions }}"
 neutron_server_dimensions: "{{ default_container_dimensions }}"
 neutron_bgp_dragent_dimensions: "{{ default_container_dimensions }}"
 neutron_infoblox_ipam_agent_dimensions: "{{ default_container_dimensions }}"
-neutron_openvswitch_agent_xenapi_dimensions: "{{ default_container_dimensions }}"
-neutron_metering_agent_dimensions: "{{ default_container_dimensions }}"
+neutron_openvswitch_agent_xenapi_dimensions: "{{ neutron_agent_dimensions }}"
+neutron_metering_agent_dimensions: "{{ neutron_agent_dimensions }}"
 ironic_neutron_agent_dimensions: "{{ default_container_dimensions }}"