Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

image: populate /etc/project on gimlet #146

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

image: populate /etc/project on gimlet #146

wants to merge 1 commit into from

Conversation

citrus-it
Copy link
Contributor

@citrus-it citrus-it commented Mar 25, 2024
edited
Loading

We'd like to put control plane services into their own project so that they don't share resource limits with system services, parts of the OS, such as crond. We have experienced faults in sled agent and other control plane components that exhaust the project's contract limit, for example. It also gives us a place to hang limits in the future.

This is a pre-requisite to oxidecomputer/omicron#5324 which will put sled-agent into the new project as a first step.

@citrus-it citrus-it mentioned this pull request Mar 25, 2024
Open
@citrus-it citrus-it requested review from jgallagher and jclulow March 26, 2024 10:49
@citrus-it citrus-it requested a review from rmustacc April 4, 2024 17:17
rmustacc
rmustacc reviewed Apr 17, 2024
View reviewed changes
image/templates/files/project
noproject:2::::
default:3::::
group.staff:10::::
omicron:100:The Oxide Control Plane:::
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few questions:

  • How did we pick the starting ID of 100?
  • Do we want to keep the default additions to /etc/project?
  • Should we be putting this in the template file at build time or is there something we should be doing to make sure that this is created at system start up time as part of some SMF service that's delivered by Omicron? I'm not against the cross-consolidation dep here, just trying to think out loud about this. I guess in theory it makes sense to do this. I guess the project file itself is committed so it's not so bad.
  • How do you see us using projects longer term? I realize each zone has its own project database (I think!) and that'll end up being unique. We have many different services in the global zone that are part of the control plane writ large and not just sled agent. Is this really specific to sled agent or would we put maghemite and related in the same project?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should pick globally unique IDs, and probably start at a higher number like 200000.

I think it's expedient to wholesale pre-populate the file like this today, but in the limit we should be assembling this at zone install time (that is, the brand should be doing it) by combining a partial database from each zone image archive (of which there could be zero, one, or many) with the database from the baseline files in the ramdisk. There are some details to work out about that (e.g., how to deal with conflicts, etc), and it likely needs to cover several of the databases (e.g., not just project, but at least passwd, shadow, and group, as well) which is why I haven't gotten to that yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rmustacc rmustacc rmustacc left review comments

@jgallagher jgallagher Awaiting requested review from jgallagher

@jclulow jclulow Awaiting requested review from jclulow

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@citrus-it @jclulow @rmustacc