diff --git a/handlers/main.yml b/handlers/main.yml index cb78eea..a720f3f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -16,15 +16,19 @@ command: udevadm trigger --subsystem-match=infiniband changed_when: true -- name: Reload sysctl - command: sysctl --system - changed_when: true +- name: Reexec systemd + systemd_service: + daemon_reexec: true - name: Restart systemd-modules-load service: name: systemd-modules-load state: restarted +- name: Reload sysctl + command: sysctl --system + changed_when: true + - name: Restart containerd service service: name: containerd diff --git a/tasks/main.yml b/tasks/main.yml index f9b6a90..f97f671 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -944,6 +944,14 @@ - name: Tune system for HPC when: hpc_tuning block: + - name: Remove azsec-monitor package if exists to prevent CPU utilization by azsec-monitor + package: + name: azsec-monitor + state: absent + use: "{{ (__hpc_server_is_ostree | d(false)) | + ternary('ansible.posix.rhel_rpm_ostree', omit) }}" + failed_when: false + - name: Remove user memory limits to ensure applications aren't restricted template: src: 90-hpc-limits.conf @@ -952,14 +960,43 @@ group: root mode: "0644" - - name: Add sysctl tuning configuration for HPC - template: - src: 90-hpc-sysctl.conf - dest: /etc/sysctl.d/ + - name: Ensure systemd system.conf.d directory exists + file: + path: /etc/systemd/system.conf.d + state: directory + owner: root + group: root + mode: '0755' + + - name: Set DefaultLimitMEMLOCK=infinity in systemd system.conf.d drop-in + copy: + dest: /etc/systemd/system.conf.d/99-memlock.conf + content: | + [Manager] + DefaultLimitMEMLOCK=infinity owner: root group: root mode: '0644' - notify: Reload sysctl + notify: Reexec systemd + + - name: Ensure systemd user.conf.d directory exists + file: + path: /etc/systemd/user.conf.d + state: directory + owner: root + group: root + mode: '0755' + + - name: Set DefaultLimitMEMLOCK=infinity in systemd user.conf.d drop-in + copy: + dest: /etc/systemd/user.conf.d/99-memlock.conf + content: | + [Manager] + DefaultLimitMEMLOCK=infinity + owner: root + group: root + mode: '0644' + notify: Reexec systemd - name: Load sunrpc kernel module lineinfile: @@ -981,6 +1018,15 @@ command: modprobe sunrpc changed_when: true + - name: Add sysctl tuning configuration for HPC + template: + src: 90-hpc-sysctl.conf + dest: /etc/sysctl.d/90-hpc-sysctl.conf + owner: root + group: root + mode: '0644' + notify: Reload sysctl + - name: Copy NFS readahead udev rules for Azure infrastructure template: src: 90-nfs-readahead.rules diff --git a/templates/90-hpc-limits.conf b/templates/90-hpc-limits.conf index d94e199..11050cf 100644 --- a/templates/90-hpc-limits.conf +++ b/templates/90-hpc-limits.conf @@ -2,7 +2,7 @@ {{ "system_role:hpc" | comment(prefix="", postfix="") }} * hard memlock unlimited * soft memlock unlimited -* hard nofile 65535 -* soft nofile 65535 +* hard nofile 1048576 +* soft nofile 1048576 * hard stack unlimited * soft stack unlimited diff --git a/tests/tests_skip_toolkit.yml b/tests/tests_skip_toolkit.yml index 4e9c746..8f603ed 100644 --- a/tests/tests_skip_toolkit.yml +++ b/tests/tests_skip_toolkit.yml @@ -129,10 +129,10 @@ '* soft memlock unlimited' in __hpc_limits_conf.stdout - >- - '* hard nofile 65535' + '* hard nofile 1048576' in __hpc_limits_conf.stdout - >- - '* soft nofile 65535' + '* soft nofile 1048576' in __hpc_limits_conf.stdout - >- '* hard stack unlimited'