podman pids.max default value is 2048, docker's one is 4096 which are

sufficient for the default value (512) of rgw thread pool size.
But if its value is increased near to the pids-limit value,
it does not leave place for the other processes to spawn and run within
the container and the container crashes.

pids-limit set to unlimited regardless of the container engine.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1987041

Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 9b5d97a)

roles/ceph-crash/templates/ceph-crash.service.j2

@@ -17,6 +17,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-crash-%i \
 {% if container_binary == 'podman' %}
 -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+--pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
 --net=host \
 -v /var/lib/ceph:/var/lib/ceph:z \
 -v /etc/localtime:/etc/localtime:ro \

roles/ceph-grafana/templates/grafana-server.service.j2

@@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=grafana-server \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   -v /etc/grafana:/etc/grafana:Z \
   -v /var/lib/grafana:/var/lib/grafana:Z \
   --net=host \

roles/ceph-iscsi-gw/templates/rbd-target-api.service.j2

@@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   --memory={{ ceph_rbd_target_api_docker_memory_limit }} \
   --cpus={{ ceph_rbd_target_api_docker_cpu_limit }} \
   -v /etc/localtime:/etc/localtime:ro \

roles/ceph-iscsi-gw/templates/rbd-target-gw.service.j2

@@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   --memory={{ ceph_rbd_target_gw_docker_memory_limit }} \
   --cpus={{ ceph_rbd_target_gw_docker_cpu_limit }} \
   -v /etc/localtime:/etc/localtime:ro \

roles/ceph-iscsi-gw/templates/tcmu-runner.service.j2

@@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   --memory={{ ceph_tcmu_runner_docker_memory_limit }} \
   --cpus={{ ceph_tcmu_runner_docker_cpu_limit }} \
   -v /etc/localtime:/etc/localtime:ro \

roles/ceph-mds/templates/ceph-mds.service.j2

@@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   --memory={{ ceph_mds_docker_memory_limit }} \
   --cpus={{ cpu_limit }} \
   -v /var/lib/ceph:/var/lib/ceph:z \

roles/ceph-mgr/templates/ceph-mgr.service.j2

@@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   --memory={{ ceph_mgr_docker_memory_limit }} \
   --cpus={{ ceph_mgr_docker_cpu_limit }} \
   -v /var/lib/ceph:/var/lib/ceph:z,rshared \

roles/ceph-mon/templates/ceph-mon.service.j2

@@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name ceph-mon-%i \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   --memory={{ ceph_mon_docker_memory_limit }} \
   --cpus={{ ceph_mon_docker_cpu_limit }} \
   -v /var/lib/ceph:/var/lib/ceph:z,rshared \

roles/ceph-nfs/templates/ceph-nfs.service.j2

@@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   -v /var/lib/ceph:/var/lib/ceph:z \
   -v /etc/ceph:/etc/ceph:z \
   -v /var/lib/nfs/ganesha:/var/lib/nfs/ganesha:z \

roles/ceph-node-exporter/templates/node_exporter.service.j2

@@ -20,6 +20,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=node-exporter \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   --privileged \
   -v /proc:/host/proc:ro -v /sys:/host/sys:ro \
   --net=host \

roles/ceph-osd/templates/ceph-osd.service.j2

@@ -27,6 +27,7 @@ numactl \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   --rm \
   --net=host \
   --privileged=true \

roles/ceph-prometheus/templates/alertmanager.service.j2

@@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=alertmanager \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   -v "{{ alertmanager_conf_dir }}:/etc/alertmanager:Z" \
   -v "{{ alertmanager_data_dir }}:/alertmanager:Z" \
   --net=host \

roles/ceph-prometheus/templates/prometheus.service.j2

@@ -20,6 +20,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --name=prometheus \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   -v "{{ prometheus_conf_dir }}:/etc/prometheus:Z" \
   -v "{{ prometheus_data_dir }}:/prometheus:Z" \
   --net=host \

roles/ceph-rbd-mirror/templates/ceph-rbd-mirror.service.j2

@@ -21,6 +21,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   --memory={{ ceph_rbd_mirror_docker_memory_limit }} \
   --cpus={{ ceph_rbd_mirror_docker_cpu_limit }} \
   -v /var/lib/ceph:/var/lib/ceph:z \

roles/ceph-rgw/templates/ceph-radosgw.service.j2

@@ -22,6 +22,7 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
 {% if container_binary == 'podman' %}
   -d --log-driver journald --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid \
 {% endif %}
+  --pids-limit={{ 0 if container_binary == 'podman' else -1 }} \
   --memory={{ ceph_rgw_docker_memory_limit }} \
   --cpus={{ cpu_limit }} \
   {% if ceph_rgw_docker_cpuset_cpus is defined -%}