From a8ac041c44a55bba0eae9d29a5f8ecd5d6a6021a Mon Sep 17 00:00:00 2001
From: Dawn Chen <dawnchen@google.com>
Date: Mon, 23 May 2016 17:02:11 -0700
Subject: [PATCH] Config the root_maxkeys and root_maxbytes if the existing
 values are smaller than the default ones.

---
 cmd/kubelet/app/server.go | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go
index f18457a8182..9bcbebc5ecd 100644
--- a/cmd/kubelet/app/server.go
+++ b/cmd/kubelet/app/server.go
@@ -672,17 +672,37 @@ func RunKubelet(kcfg *KubeletConfig) error {
 	// TODO(dawnchen): remove this once we deprecated old debian containervm images.
 	// This is a workaround for issue: https://github.com/opencontainers/runc/issues/726
 	// The current chosen number is consistent with most of other os dist.
-	const maxkey_path = "/proc/sys/kernel/keys/root_maxkeys"
-	glog.Infof("Setting keys quota in %s to %d", maxkey_path, 1000000)
-	err = ioutil.WriteFile(maxkey_path, []byte(fmt.Sprintf("%d", uint32(1000000))), 0644)
+	const maxkeysPath = "/proc/sys/kernel/keys/root_maxkeys"
+	const minKeys uint64 = 1000000
+	key, err := ioutil.ReadFile(maxkeysPath)
 	if err != nil {
-		return fmt.Errorf("failed to update %s: %v", maxkey_path, err)
+		glog.Errorf("Cannot read keys quota in %s", maxkeysPath)
+	} else {
+		fields := strings.Fields(string(key))
+		nkey, _ := strconv.ParseUint(fields[0], 10, 64)
+		if nkey < minKeys {
+			glog.Infof("Setting keys quota in %s to %d", maxkeysPath, minKeys)
+			err = ioutil.WriteFile(maxkeysPath, []byte(fmt.Sprintf("%d", uint64(minKeys))), 0644)
+			if err != nil {
+				glog.Warningf("Failed to update %s: %v", maxkeysPath, err)
+			}
+		}
 	}
-	const maxbyte_path = "/proc/sys/kernel/keys/root_maxbytes"
-	glog.Infof("Setting keys bytes in %s to %d", maxbyte_path, 25000000)
-	err = ioutil.WriteFile(maxbyte_path, []byte(fmt.Sprintf("%d", uint32(25000000))), 0644)
+	const maxbytesPath = "/proc/sys/kernel/keys/root_maxbytes"
+	const minBytes uint64 = 25000000
+	bytes, err := ioutil.ReadFile(maxbytesPath)
 	if err != nil {
-		return fmt.Errorf("failed to update %s: %v", maxbyte_path, err)
+		glog.Errorf("Cannot read keys bytes in %s", maxbytesPath)
+	} else {
+		fields := strings.Fields(string(bytes))
+		nbyte, _ := strconv.ParseUint(fields[0], 10, 64)
+		if nbyte < minBytes {
+			glog.Infof("Setting keys bytes in %s to %d", maxbytesPath, minBytes)
+			err = ioutil.WriteFile(maxbytesPath, []byte(fmt.Sprintf("%d", uint64(minBytes))), 0644)
+			if err != nil {
+				glog.Warningf("Failed to update %s: %v", maxbytesPath, err)
+			}
+		}
 	}
 
 	// process pods and exit.