第一個問題
limits.conf的限制在/proc/pid/limits中未生效
# cat /proc/3606/limits
Limit Soft Limit Hard Limit Units
Max processes 31202 31202 processes
Max open files 1024 4096 files 在Centos7 & ubuntu 系統中,使用Systemd替代了之前的SysV。/etc/security/limits.conf檔案的配置作用域縮小了。
/etc/security/limits.conf的配置,隻适用于通過PAM認證登入使用者的資源限制,它對systemd的service的資源限制不生效。是以登入使用者的限制,通過/etc/security/limits.conf與/etc/security/limits.d下的檔案設定即可。
對于systemd service的資源設定,則需修改全局配置,
全局配置檔案放在/etc/systemd/system.conf和/etc/systemd/user.conf,
同時也會加載兩個對應目錄中的所有.conf檔案/etc/systemd/system.conf.d/.conf和/etc/systemd/user.conf.d/.conf
system.conf是系統執行個體使用的,user.conf是使用者執行個體使用的。
vim /etc/systemd/system.conf
DefaultLimitNOFILE=100000
DefaultLimitNPROC=65535 修改并重新開機即可
# cat /proc/3613/limits
Limit Soft Limit Hard Limit Units
Max processes 65535 65535 processes
Max open files 100000 100000 files 第二個問題
在服務裡面設定LimitNOFILE=infinity為什麼不是無窮大?
在服務裡面設定LimitNOFILE=infinity 後,通過檢視pid的limit發現openfile是65536 ,而不是無窮大
檢視服務配置
[root@iZwz98aynkjcxvtra0f375Z ~]# cat /etc/systemd/system/multi-user.target.wants/docker.service |grep -vi "^#"|grep -vi "^$"
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd://
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target 檢視配置效果
# cat /proc/11019/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 31202 31202 processes
Max open files 65536 65536 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 31202 31202 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us 這個是systemd的bug,低于240的版本需要手動設定才可以生效
LimitNOFILE=102400
https://github.com/systemd/systemd/issues/6559第三個問題
為什麼openfile不能設定為unlimited
[root@iZwz98aynkjcxvtra0f375Z ~]# ulimit -n
65535
[root@iZwz98aynkjcxvtra0f375Z ~]# ulimit -n unlimited
-bash: ulimit: open files: cannot modify limit: Operation not permitted 原因是 centos7裡 openfile不能大于nr_open
[root@iZwz98aynkjcxvtra0f375Z ~]# cat /proc/sys/fs/nr_open
1048576
[root@iZwz98aynkjcxvtra0f375Z ~]# ulimit -n 1048577
-bash: ulimit: open files: cannot modify limit: Operation not permitted
[root@iZwz98aynkjcxvtra0f375Z ~]# ulimit -n 1048576
[root@iZwz98aynkjcxvtra0f375Z ~]# ulimit -n
1048576 關于file-max nr_open file_nr的解釋 可參考
https://www.kernel.org/doc/Documentation/sysctl/fs.txt第四個問題
使用supervisor管理程序(測試環境ubuntu 1604)啟動程序後,maxfile是1024
需要修改配置檔案
#cat /etc/supervisor/supervisord.conf
[supervisord]
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
下面這兩行
minfds=655350 ; min. avail startup file descriptors; default 1024
minprocs=65535 ; min. avail process descriptors;default 200
# cat /proc/2423/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 65535 65535 processes
Max open files 655350 655350 files ------------修改成功
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 61946 61946 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
外部文檔
https://www.cnblogs.com/zengkefu/p/5635153.html https://blog.csdn.net/google0802/article/details/52304776 http://blog.cloud.360.cn/post/tuning-your-system-for-high-concurrency.html https://blog.csdn.net/qq_38165374/article/details/104881340![ACS基本配置-權限等級管理[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)