From c8930105bc9fc3c1a8a90886c23535cc6c41e130 Mon Sep 17 00:00:00 2001 From: Brennan Kinney <5098581+polarathene@users.noreply.github.com> Date: Tue, 25 Jul 2023 13:17:24 +1200 Subject: [PATCH] fix: Normalize `RLIMIT_NOFILE` to sensible defaults During review, it was decided to remove `LimitNOFILE` from `docker.service` to rely on the systemd v240 implicit default of `1024:524288`. On supported platforms with systemd prior to v240, packagers will patch the service with an explicit `LimitNOFILE=1024:524288`. - `1024` soft limit is an implicit default, avoiding unexpected breakage. Software that needs a higher limit should request to raise the soft limit for its process. - `524288` hard limit is an implicit default since systemd v240 and is adequate for most processes (_half of the historical limit from `fs.nr_open` of `1048576`_), while 4096 is the implicit default from the kernel (often too low). Individual containers can be started with `--ulimit` when a larger hard limit is required. - The hard limit may not exceed `fs.nr_open` (_which a value of `infinity` will resolve to_). On most systems with systemd v240 or newer, this will resolve to an excessive size of 2^30 (over 1 billion). - When set to `infinity` (usually as the soft limit) software may experience significantly increased resource usage, resulting in a performance regression or runtime failures that are difficult to troubleshoot. - OpenRC current config approach lacks support for different soft/hard limits being set as it adjusts additional limits and `ulimit` does not support mixed usage of `-H` + `-S`. A soft limit of `524288` is not ideal, but 2^19 is much less overhead than 2^30, whilst a hard limit of 4096 would be problematic for Docker. Signed-off-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> --- contrib/init/openrc/docker.confd | 2 +- contrib/init/openrc/docker.initd | 2 +- contrib/init/systemd/docker.service | 1 - contrib/init/sysvinit-debian/docker | 3 ++- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/init/openrc/docker.confd b/contrib/init/openrc/docker.confd index cc599e6da4..53bab813a9 100644 --- a/contrib/init/openrc/docker.confd +++ b/contrib/init/openrc/docker.confd @@ -17,7 +17,7 @@ #DOCKER_PIDFILE="/run/docker.pid" # Settings for process limits (ulimit) -#DOCKER_ULIMIT="-c unlimited -n 1048576 -u unlimited" +#DOCKER_ULIMIT="-c unlimited -n 524288 -u unlimited" # seconds to wait for sending SIGTERM and SIGKILL signals when stopping docker #DOCKER_RETRY="TERM/60/KILL/10" diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd index 57defb8f57..61d8906f36 100644 --- a/contrib/init/openrc/docker.initd +++ b/contrib/init/openrc/docker.initd @@ -13,7 +13,7 @@ start_stop_daemon_args="--background \ extra_started_commands="reload" -rc_ulimit="${DOCKER_ULIMIT:--c unlimited -n 1048576 -u unlimited}" +rc_ulimit="${DOCKER_ULIMIT:--c unlimited -n 524288 -u unlimited}" retry="${DOCKER_RETRY:-TERM/60/KILL/10}" diff --git a/contrib/init/systemd/docker.service b/contrib/init/systemd/docker.service index 8275401b1a..d8c7867057 100644 --- a/contrib/init/systemd/docker.service +++ b/contrib/init/systemd/docker.service @@ -28,7 +28,6 @@ StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity diff --git a/contrib/init/sysvinit-debian/docker b/contrib/init/sysvinit-debian/docker index 24aa2ca99e..ee7883454a 100755 --- a/contrib/init/sysvinit-debian/docker +++ b/contrib/init/sysvinit-debian/docker @@ -58,7 +58,8 @@ case "$1" in touch "$DOCKER_LOGFILE" chgrp docker "$DOCKER_LOGFILE" - ulimit -n 1048576 + # Only set the hard limit (soft limit should remain as the system default of 1024): + ulimit -Hn 524288 # Having non-zero limits causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting.