We know of an issue with nss versions older than 3.52 which can cause
unlimited negative dentry growth. In particular, calling curl with an
HTTPS URL can cause negative dentries to be added to the cache and
these won't be cleaned up until the system as a whole experiences
memory pressure, which can in turn cause application delays while
kswapd is running.
In order to try to prevent problems from this, we are setting a global
environment variable to tell curl to bypass the problematic behaviour.
(A separate change will make the equivalent modification in the
elasticsearch helm charts.)
However, in order to protect against poorly-behaved application
software that we don't control, we also use a kernel sysctl to globally
limit the amount of memory consumed by negative dentries to 2% of all
memory.
Change-Id: I7d7726c9e4aed934aad6cc99f081404a51b1059a
Closes-Bug: 1896531
Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
9a5dfa1b1b