python-support
/
python-support-infra
1
0
Fork 0
Code Issues 25 Pull Requests Projects 2 Releases Wiki Activity

Ansible-templated resource limits for weaker/stronger hosts #12

New Issue
Open
opened 2023-08-13 20:57:40 +02:00 by so-rose · 0 comments
so-rose commented 2023-08-13 20:57:40 +02:00
Owner

In Docker stacks, using resources: limits: to define reserved/maximum CPU/RAM/IOPS usage of services is very important. If left out, simple DDoS attacks on one service can bring down the entire host and/or be catalysts for memory buffer attacks on other parts of the host system.

However, reasonable limits may vary between different environments. Thus, the limits should be templated based on the capabilities of the hosts. Possibly manually, with a switch. Ansible already has all of this information readily available in the inventory.

In Docker stacks, using `resources: limits:` to define reserved/maximum CPU/RAM/IOPS usage of services is very important. If left out, simple DDoS attacks on one service can bring down the entire host and/or be catalysts for memory buffer attacks on other parts of the host system. However, reasonable limits may vary between different environments. Thus, the limits should be templated based on the capabilities of the hosts. Possibly manually, with a switch. Ansible already has all of this information readily available in the inventory.
so-rose added the
security
deployment-usability
 labels 2023-08-13 20:57:40 +02:00
so-rose added this to the Refactor and Cleanup project 2023-08-13 20:57:41 +02:00
so-rose changed title from Antible-templated resource limits for weaker/stronger hosts to Ansible-templated resource limits for weaker/stronger hosts 2023-08-13 20:58:30 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
v0.1.0
Labels
Clear labels   
availability

Something that can increase the uptime of services in a particular situation.   
bug

Something is not working, or not working right.   
deployment-usability

Related to the usability of the deployment method itself.   
duplicate

This issue or pull request already exists   
enhancement

Proposed enhancement or feature.   
help-wanted

Issue that needs help in order to be understood or tackled.   
question

More information is needed   
security

Related to the security or privacy of the system.   
stack-auth

Related to the auth stack.   
stack-chat

Related to the chat stack.   
stack-cleanup

Related to the cleanup stack.   
stack-git

Related to the git stack.   
stack-mesh

Related to the mesh stack.   
stack-site-support

Related to the site-support stack.   
wontfix

This won't be fixed, either by design, or due to other issues.
No Label
availability
bug
deployment-usability
duplicate
enhancement
help-wanted
question
security
stack-auth
stack-chat
stack-cleanup
stack-git
stack-mesh
stack-site-support
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Refactor and Cleanup
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: python-support/python-support-infra#12
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?