c8930105bc
During review, it was decided to remove `LimitNOFILE` from `docker.service` to rely on the systemd v240 implicit default of `1024:524288`. On supported platforms with systemd prior to v240, packagers will patch the service with an explicit `LimitNOFILE=1024:524288`. - `1024` soft limit is an implicit default, avoiding unexpected breakage. Software that needs a higher limit should request to raise the soft limit for its process. - `524288` hard limit is an implicit default since systemd v240 and is adequate for most processes (_half of the historical limit from `fs.nr_open` of `1048576`_), while 4096 is the implicit default from the kernel (often too low). Individual containers can be started with `--ulimit` when a larger hard limit is required. - The hard limit may not exceed `fs.nr_open` (_which a value of `infinity` will resolve to_). On most systems with systemd v240 or newer, this will resolve to an excessive size of 2^30 (over 1 billion). - When set to `infinity` (usually as the soft limit) software may experience significantly increased resource usage, resulting in a performance regression or runtime failures that are difficult to troubleshoot. - OpenRC current config approach lacks support for different soft/hard limits being set as it adjusts additional limits and `ulimit` does not support mixed usage of `-H` + `-S`. A soft limit of `524288` is not ideal, but 2^19 is much less overhead than 2^30, whilst a hard limit of 4096 would be problematic for Docker. Signed-off-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
29 lines
923 B
Text
29 lines
923 B
Text
# /etc/conf.d/docker: config file for /etc/init.d/docker
|
|
|
|
# where the docker daemon output gets piped
|
|
# this contains both stdout and stderr. If you need to separate them,
|
|
# see the settings below
|
|
#DOCKER_LOGFILE="/var/log/docker.log"
|
|
|
|
# where the docker daemon stdout gets piped
|
|
# if this is not set, DOCKER_LOGFILE is used
|
|
#DOCKER_OUTFILE="/var/log/docker-out.log"
|
|
|
|
# where the docker daemon stderr gets piped
|
|
# if this is not set, DOCKER_LOGFILE is used
|
|
#DOCKER_ERRFILE="/var/log/docker-err.log"
|
|
|
|
# where docker's pid get stored
|
|
#DOCKER_PIDFILE="/run/docker.pid"
|
|
|
|
# Settings for process limits (ulimit)
|
|
#DOCKER_ULIMIT="-c unlimited -n 524288 -u unlimited"
|
|
|
|
# seconds to wait for sending SIGTERM and SIGKILL signals when stopping docker
|
|
#DOCKER_RETRY="TERM/60/KILL/10"
|
|
|
|
# where the docker daemon itself is run from
|
|
#DOCKERD_BINARY="/usr/bin/dockerd"
|
|
|
|
# any other random options you want to pass to docker
|
|
DOCKER_OPTS=""
|