Add jvm gc logging to gerrit and traceability perms

We are seeing java gc go crazy at times and aren't quite sure what is causing it. Add jvm gc logging to the gerrit process to help us identify what is happening. Additionally we add SYS_PTRACE to the container capabilities so that you can get heap dumps from the jvm. To get a heap dump you need to do roughyl: docker exec -u root -it gerritcontainerid jhsdb jmap --heap --pid $pid Change-Id: Ib4a5b84fda4eca73c7971c31ee74c3232eb733e4
2020-12-09 11:11:26 -08:00 · 2020-12-09 11:11:26 -08:00 · 1fedac8209
commit 1fedac8209
parent bd497acc58
1 changed files with 6 additions and 2 deletions
--- a/playbooks/roles/gerrit/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/gerrit/templates/docker-compose.yaml.j2
@ -11,13 +11,17 @@ services:
 {% for volume in gerrit_container_volumes %}
      - {{ volume }}
 {% endfor %}
-{% if gerrit_heap_limit is defined %}
    environment:
-      JAVA_OPTIONS: "-Xmx{{ gerrit_heap_limit }}"
+      JAVA_OPTIONS: >-
+        -Xlog:gc*:file=/var/gerrit/logs/jvm_gc.log:time,uptime,tid,level,tags:filecount=10,filesize=20M
+{% if gerrit_heap_limit is defined %}
+        -Xmx{{ gerrit_heap_limit }}
 {% endif %}
    ulimits:
      core: 0
      nofile: {{ gerrit_packed_git_open_files * 2 }}
+    cap_add:
+      - SYS_PTRACE
  # Utility "service" to allow us to run ad-hoc commands
  shell:
    image: {{ gerrit_container_image }}