[ansible] Set global ulimits in daemon.json for AWS compatibility

zhquan · zhquan · commit 2bbeecc9d084 · 2026-04-22T13:06:36.000+02:00
Increase nofile to 65536 and memlock to -1 globally to prevent
service exhaustion in restrictive environments like AWS EC2.

Signed-off-by: Quan Zhou &lt;quan@bitergia.com&gt;
diff --git a/ansible/roles/common/files/daemon.json b/ansible/roles/common/files/daemon.json
@@ -0,0 +1,14 @@
+{
+    "default-ulimits": {
+        "nofile": {
+            "Name": "nofile",
+            "Hard": 65536,
+            "Soft": 65536
+        },
+        "memlock": {
+            "Name": "memlock",
+            "Hard": -1,
+            "Soft": -1
+        }
+    }
+}
diff --git a/ansible/roles/common/tasks/docker.yml b/ansible/roles/common/tasks/docker.yml
@@ -42,3 +42,24 @@
     name: "{{ ansible_user_id }}"
     groups: docker
     append: true
+
+- name: Ensure Docker configuration directory exists
+  file:
+    path: /etc/docker
+    state: directory
+    mode: '0755'
+
+- name: Apply default ulimits configuration
+  copy:
+    src: "{{ role_path }}/files/daemon.json"
+    dest: /etc/docker/daemon.json
+    mode: '0644'
+  register: docker_config
+
+- name: Restart Docker to apply changes
+  become: yes
+  systemd_service:
+    name: docker
+    state: restarted
+    daemon_reload: yes
+  when: docker_config.changed
