From b32d8883c5b772771e7002880568df47d6e63b8f Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Thu, 5 Nov 2020 09:34:41 -0800 Subject: [PATCH] Fixing centos-7 ulimits --- base/centos-7/install.sh | 3 ++ tests/test_single_splunk_image.py | 58 +++++++++++++++++++++++++------ 2 files changed, 51 insertions(+), 10 deletions(-) diff --git a/base/centos-7/install.sh b/base/centos-7/install.sh index 7309a0ed..3d2beb63 100755 --- a/base/centos-7/install.sh +++ b/base/centos-7/install.sh @@ -41,6 +41,9 @@ echo " ## Allows people in group sudo to run all commands %sudo ALL=(ALL) ALL" >> /etc/sudoers +# Remove nproc limits +rm -rf /etc/security/limits.d/20-nproc.conf + # Clean yum clean all rm -rf /install.sh /anaconda-post.log /var/log/anaconda/* diff --git a/tests/test_single_splunk_image.py b/tests/test_single_splunk_image.py index 200c8482..702176f6 100644 --- a/tests/test_single_splunk_image.py +++ b/tests/test_single_splunk_image.py @@ -81,12 +81,31 @@ def test_splunk_scloud(self): time.sleep(5) # If the container is still running, we should be able to exec inside # Check that the version returns successfully for multiple users - exec_command = self.client.exec_create(cid, "scloud version", user="splunk") - std_out = self.client.exec_start(exec_command) - assert "scloud version " in std_out - exec_command = self.client.exec_create(cid, "scloud version", user="ansible") + for user in ["splunk", "ansible"]: + exec_command = self.client.exec_create(cid, "scloud version", user=user) + std_out = self.client.exec_start(exec_command) + assert "scloud version " in std_out + except Exception as e: + self.logger.error(e) + raise e + finally: + if cid: + self.client.remove_container(cid, v=True, force=True) + + def test_splunk_ulimit(self): + cid = None + try: + # Run container + cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, command="no-provision") + cid = cid.get("Id") + self.client.start(cid) + # Wait a bit + time.sleep(5) + # If the container is still running, we should be able to exec inside + # Check that nproc limits are unlimited + exec_command = self.client.exec_create(cid, "sudo -u splunk bash -c 'ulimit -u'") std_out = self.client.exec_start(exec_command) - assert "scloud version " in std_out + assert "unlimited" in std_out except Exception as e: self.logger.error(e) raise e @@ -2635,12 +2654,31 @@ def test_uf_scloud(self): time.sleep(5) # If the container is still running, we should be able to exec inside # Check that the version returns successfully for multiple users - exec_command = self.client.exec_create(cid, "scloud version", user="splunk") - std_out = self.client.exec_start(exec_command) - assert "scloud version " in std_out - exec_command = self.client.exec_create(cid, "scloud version", user="ansible") + for user in ["splunk", "ansible"]: + exec_command = self.client.exec_create(cid, "scloud version", user=user) + std_out = self.client.exec_start(exec_command) + assert "scloud version " in std_out + except Exception as e: + self.logger.error(e) + raise e + finally: + if cid: + self.client.remove_container(cid, v=True, force=True) + + def test_uf_ulimit(self): + cid = None + try: + # Run container + cid = self.client.create_container(self.UF_IMAGE_NAME, tty=True, command="no-provision") + cid = cid.get("Id") + self.client.start(cid) + # Wait a bit + time.sleep(5) + # If the container is still running, we should be able to exec inside + # Check that nproc limits are unlimited + exec_command = self.client.exec_create(cid, "sudo -u splunk bash -c 'ulimit -u'") std_out = self.client.exec_start(exec_command) - assert "scloud version " in std_out + assert "unlimited" in std_out except Exception as e: self.logger.error(e) raise e