Ulimit open files in containers

sirbusby · November 14, 2017, 12:15pm

Hello how change ulimit open files in ubuntu server container?

buttle · November 24, 2017, 11:14am

Hi,

I’ve got the same question. I have an openldap server that hogs memory when run within a container. Looking round on the net, the docker people set ulimit -n 1024 to resolve the problem.

I try to do the same on my lxc container. From the host I do…

lxc config set ldapserver limits.kernel.nofile 1024

but it seems I’m not doing it right.

error: Bad key: limits.kernel.nofile

Looking at the docs, the key should be correct. I’m obviously missing something basic here.

Any pointer please?
Cheers.

stgraber · November 24, 2017, 9:27pm

Sounds like you’re using a version of LXD that’s older than 2.19 (when this key was first introduced).

buttle · November 26, 2017, 7:59pm

Yes!
Updated as explained here and now I’m on 2.20

Different error now.

# lxc config set ldapserver limits.kernel.nofile 1024
error: Process limits require libxc >= 2.1

So I did apt-get install libxc1 version (2.1.2-1) on the host. Is this the right package?

# ls -l /usr/lib/x86_64-linux-gnu/libxc.*
lrwxrwxrwx 1 root root     14 Oct 24  2015 /usr/lib/x86_64-linux-gnu/libxc.so.1 -> libxc.so.1.1.2
-rw-r--r-- 1 root root 868536 Oct 24  2015 /usr/lib/x86_64-linux-gnu/libxc.so.1.1.2

But I still get the same error.

# lxc config set ldapserver limits.kernel.nofile 1024
    error: Process limits require libxc >= 2.1

Could be from here?

Thanks again for any help please.

stgraber · November 27, 2017, 5:20am

Did you restart lxd after upgrading to the new liblxc?

stgraber · November 27, 2017, 5:21am

Oh, and no, the error is actually meant to say “liblxc >= 2.1” not “libxc”…
I fixed that typo a few days ago but it’s not made it to any stable LXD release yet.

buttle · November 27, 2017, 6:32am

[stgraber] stgraber https://discuss.linuxcontainers.org/u/stgraber
Project leader
November 27

Did you restart lxd after upgrading to the new liblxc?

Yes, rebooted the machine too. A couple of times…

buttle · November 27, 2017, 8:01am

ok. I see I cant apt-get it.

# apt-get install liblxc1 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
liblxc1 is already the newest version (2.0.8-0ubuntu1~16.04.2).

So, how should I go about installing liblxc2.1?

Thanks

buttle · November 27, 2017, 8:42am

ok. I downloaded the tarball and compiled it in a container. That created /usr/local/lib/liblxc.so.1.3.0

Then, on the container with my openldap memory hog, I moved liblxc.so.1.2.0 and the symlink from /usr/lib/x86_64-linux-gnu to a safe place and copied the new liblxc.so.1.3.0 there, and made the symlink.

Restarted lxd and now no error!
Just wondering how I should manage updates now…

It seems openldap is behaving as expected too.
However after setting lxc config set ldapserver limits.kernel.nofile 1024 I would expect to see that within the container, but I don’t.

On the container…
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 3810
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1048576
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

Cheers.

Update:
I have installed from source lxc-2.1.1 on the host server (instead of just copying the lxclib)
The results are great!