Ulimit open files in containers


(Иван Дегтярёв) #1

Hello how change ulimit open files in ubuntu server container?


(Chris) #2

Hi,

I've got the same question. I have an openldap server that hogs memory when run within a container. Looking round on the net, the docker people set ulimit -n 1024 to resolve the problem.

I try to do the same on my lxc container. From the host I do..

lxc config set ldapserver limits.kernel.nofile 1024

but it seems I'm not doing it right.

error: Bad key: limits.kernel.nofile

Looking at the docs, the key should be correct. I'm obviously missing something basic here.

Any pointer please?
Cheers.


(Stéphane Graber) #3

Sounds like you're using a version of LXD that's older than 2.19 (when this key was first introduced).


(Chris) #4

Yes!
Updated as explained here and now I'm on 2.20

Different error now.

# lxc config set ldapserver limits.kernel.nofile 1024
error: Process limits require libxc >= 2.1

So I did apt-get install libxc1 version (2.1.2-1) on the host. Is this the right package?

# ls -l /usr/lib/x86_64-linux-gnu/libxc.*
lrwxrwxrwx 1 root root     14 Oct 24  2015 /usr/lib/x86_64-linux-gnu/libxc.so.1 -> libxc.so.1.1.2
-rw-r--r-- 1 root root 868536 Oct 24  2015 /usr/lib/x86_64-linux-gnu/libxc.so.1.1.2

But I still get the same error.

# lxc config set ldapserver limits.kernel.nofile 1024
    error: Process limits require libxc >= 2.1

Could be from here?

Thanks again for any help please.


(Stéphane Graber) #5

Did you restart lxd after upgrading to the new liblxc?


(Stéphane Graber) #6

Oh, and no, the error is actually meant to say "liblxc >= 2.1" not "libxc"...
I fixed that typo a few days ago but it's not made it to any stable LXD release yet.


(Chris) #7

[stgraber] stgraber https://discuss.linuxcontainers.org/u/stgraber
Project leader
November 27

Did you restart lxd after upgrading to the new liblxc?

Yes, rebooted the machine too. A couple of times..


(Chris) #8

ok. I see I cant apt-get it.

# apt-get install liblxc1 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
liblxc1 is already the newest version (2.0.8-0ubuntu1~16.04.2).

So, how should I go about installing liblxc2.1?

Thanks


(Chris) #9

ok. I downloaded the tarball and compiled it in a container. That created /usr/local/lib/liblxc.so.1.3.0

Then, on the container with my openldap memory hog, I moved liblxc.so.1.2.0 and the symlink from /usr/lib/x86_64-linux-gnu to a safe place and copied the new liblxc.so.1.3.0 there, and made the symlink.

Restarted lxd and now no error! :slight_smile:
Just wondering how I should manage updates now... :rolling_eyes:

It seems openldap is behaving as expected too.
However after setting lxc config set ldapserver limits.kernel.nofile 1024 I would expect to see that within the container, but I don't.

On the container..
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 3810
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1048576
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

Cheers.

Update:
I have installed from source lxc-2.1.1 on the host server (instead of just copying the lxclib)
The results are great!