fix: use 1048576 for LIMITNOFILE in both ubuntu and mariner#8101
fix: use 1048576 for LIMITNOFILE in both ubuntu and mariner#8101SriHarsha001 merged 1 commit intomainfrom
Conversation
SriHarsha001
changed the title
There was a problem hiding this comment.
Pull request overview
This PR standardizes containerd’s file descriptor limit by explicitly setting LimitNOFILE=1048576 via a systemd drop-in, addressing cases (notably Ubuntu 24.04) where containerd may otherwise inherit an unexpectedly low NOFILE limit.
Changes:
- Add
LimitNOFILE=1048576to the containerd systemd drop-in during VHD build (install-dependencies.sh). - Add the same
LimitNOFILEsetting during provisioning (cse_config.sh) and in the cloud-init CustomData template (nodecustomdata.yml). - Regenerate affected CustomData snapshot testdata to include the updated drop-in content.
Reviewed changes
Copilot reviewed 33 out of 74 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/install-dependencies.sh | Writes/updates containerd systemd drop-in to include LimitNOFILE=1048576 during image build. |
| parts/linux/cloud-init/artifacts/cse_config.sh | Ensures containerd drop-in includes LimitNOFILE=1048576 during provisioning. |
| parts/linux/cloud-init/nodecustomdata.yml | Updates the rendered CustomData to include LimitNOFILE=1048576 in the containerd drop-in. |
| pkg/agent/testdata/MarinerV2+Kata/CustomData | Snapshot update reflecting the new LimitNOFILE line. |
| pkg/agent/testdata/MarinerV2+CustomCloud/CustomData | Snapshot update reflecting the new LimitNOFILE line. |
| pkg/agent/testdata/CustomizedImage/CustomData | Snapshot update reflecting the new LimitNOFILE line. |
| pkg/agent/testdata/AzureLinuxV3+Kata/CustomData | Snapshot update reflecting the new LimitNOFILE line. |
You can also share your feedback on Copilot code review. Take the survey.
SriHarsha001
changed the title
SriHarsha001
requested review from
YaoC,
cameronmeissner and
yewmsft
as code owners
SriHarsha001
requested review from
AbelHu,
Devinwong,
awesomenix,
calvin197,
djsly,
ganeshkumarashok,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright and
zachary-bailey
as code owners
There was a problem hiding this comment.
Pull request overview
This PR ensures containerd runs with a consistently high file descriptor limit across OSes (notably addressing Ubuntu 24.04’s low default when the upstream unit no longer sets LimitNOFILE), while preserving backward compatibility with older CSE/customdata behavior.
Changes:
- Add a systemd drop-in override setting
LimitNOFILE=1048576forcontainerd.serviceduring VHD build and during node provisioning (CSE). - Add the same
LimitNOFILEsetting to the cloud-init customdata template and regenerate relevant snapshot testdata (pkg/agent/testdata/...).
Reviewed changes
Copilot reviewed 33 out of 74 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
vhdbuilder/packer/install-dependencies.sh |
Adds LimitNOFILE=1048576 to the containerd systemd drop-in during image build. |
parts/linux/cloud-init/artifacts/cse_config.sh |
Adds LimitNOFILE=1048576 to the containerd systemd drop-in during provisioning. |
parts/linux/cloud-init/nodecustomdata.yml |
Includes LimitNOFILE=1048576 in the emitted containerd systemd drop-in from customdata. |
pkg/agent/testdata/MarinerV2+Kata/CustomData |
Regenerated snapshot reflecting the customdata change. |
pkg/agent/testdata/MarinerV2+CustomCloud/CustomData |
Regenerated snapshot reflecting the customdata change. |
pkg/agent/testdata/CustomizedImage/CustomData |
Regenerated snapshot reflecting the customdata change. |
pkg/agent/testdata/AzureLinuxV3+Kata/CustomData |
Regenerated snapshot reflecting the customdata change. |
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Updates containerd systemd drop-in configuration to explicitly set a high LimitNOFILE across Ubuntu and Mariner/AzureLinux images, preventing low FD limits (notably on Ubuntu 24.04+) from impacting container runtime stability.
Changes:
- Add
LimitNOFILE=1048576to the containerd systemd drop-in generated by VHD build scripts and CSE. - Update cloud-init templates and multiple
pkg/agent/testdata/*/CustomDatafixtures to reflect the new drop-in content.
Reviewed changes
Copilot reviewed 33 out of 74 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/install-dependencies.sh | Adds LimitNOFILE=1048576 to containerd systemd drop-in during image build. |
| parts/linux/cloud-init/artifacts/cse_config.sh | Adds LimitNOFILE=1048576 to containerd systemd drop-in during CSE execution. |
| parts/linux/cloud-init/nodecustomdata.yml | Updates cloud-init drop-in to include LimitNOFILE=1048576. |
| pkg/agent/testdata/MarinerV2+Kata/CustomData | Updates expected CustomData payload and explicit drop-in snippet for LimitNOFILE. |
| pkg/agent/testdata/MarinerV2+CustomCloud/CustomData | Updates expected CustomData payload and explicit drop-in snippet for LimitNOFILE. |
| pkg/agent/testdata/CustomizedImage/CustomData | Updates expected CustomData payload and explicit drop-in snippet for LimitNOFILE. |
| pkg/agent/testdata/AzureLinuxV3+Kata/CustomData | Updates expected CustomData payload and explicit drop-in snippet for LimitNOFILE. |
You can also share your feedback on Copilot code review. Take the survey.
SriHarsha001
force-pushed
the
sharsha/UbuntuNoFileLimit2
branch
from
6e190a2 to
420942a
Compare
There was a problem hiding this comment.
Pull request overview
This PR sets an explicit LimitNOFILE=1048576 for the containerd systemd service via a drop-in, to avoid low inherited file-descriptor soft limits (notably on Ubuntu 24.04 where upstream removed LimitNOFILE from the base unit).
Changes:
- Add
LimitNOFILE=1048576to thecontainerd.service.d/exec_start.confdrop-in in both VHD build and CSE provisioning flows. - Update cloud-init generated custom data to include the same
LimitNOFILEoverride. - Regenerate golden/customdata test fixtures to reflect the new
LimitNOFILEline.
Reviewed changes
Copilot reviewed 33 out of 74 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/install-dependencies.sh | Adds LimitNOFILE=1048576 to the containerd systemd drop-in during image build. |
| parts/linux/cloud-init/artifacts/cse_config.sh | Adds the same LimitNOFILE=1048576 drop-in during node provisioning (CSE). |
| parts/linux/cloud-init/nodecustomdata.yml | Updates cloud-init content to include LimitNOFILE=1048576 for containerd. |
| pkg/agent/testdata/MarinerV2+Kata/CustomData | Updates golden CustomData to include the new LimitNOFILE override. |
| pkg/agent/testdata/MarinerV2+CustomCloud/CustomData | Updates golden CustomData to include the new LimitNOFILE override. |
| pkg/agent/testdata/CustomizedImage/CustomData | Updates golden CustomData to include the new LimitNOFILE override. |
| pkg/agent/testdata/AzureLinuxV3+Kata/CustomData | Updates golden CustomData to include the new LimitNOFILE override. |
You can also share your feedback on Copilot code review. Take the survey.
SriHarsha001
force-pushed
the
sharsha/UbuntuNoFileLimit2
branch
from
eb8f3e8 to
d51e46c
Compare
There was a problem hiding this comment.
Pull request overview
Aligns containerd’s systemd LimitNOFILE across Ubuntu and Mariner/AzureLinux to prevent Ubuntu 24.04 + containerd 2.x from inheriting a low soft FD limit (e.g., 1024), which can cause “too many open files” failures under load.
Changes:
- Add
LimitNOFILE=1048576to the containerd systemd drop-in (exec_start.conf) during VHD build and during CSE/provisioning. - Ensure generated cloud-init CustomData includes the same containerd drop-in content.
- Regenerate snapshot testdata CustomData outputs to reflect the updated drop-in.
Reviewed changes
Copilot reviewed 33 out of 74 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/install-dependencies.sh | Writes containerd systemd drop-in with LimitNOFILE=1048576 during VHD build. |
| parts/linux/cloud-init/artifacts/cse_config.sh | Writes the same containerd systemd drop-in during provisioning (CSE). |
| parts/linux/cloud-init/nodecustomdata.yml | Updates cloud-init CustomData template to include LimitNOFILE=1048576 in the drop-in. |
| pkg/agent/testdata/MarinerV2+Kata/CustomData | Updates generated CustomData snapshot to include the new drop-in line. |
| pkg/agent/testdata/MarinerV2+CustomCloud/CustomData | Updates generated CustomData snapshot to include the new drop-in line. |
| pkg/agent/testdata/CustomizedImage/CustomData | Updates generated CustomData snapshot to include the new drop-in line. |
| pkg/agent/testdata/AzureLinuxV3+Kata/CustomData | Updates generated CustomData snapshot to include the new drop-in line. |
You can also share your feedback on Copilot code review. Take the survey.
| # (for example 1024:524288), so containerd inherits a very low soft file descriptor limit (1024) unless we override it here. | ||
| # On Mariner/AzureLinux this is redundant with the base containerd.service unit but harmless. | ||
| # Not removing LimitNOFILE from parts/linux/cloud-init/artifacts/containerd.service, | ||
| # to avoid compatibility issues between new VHDs and old CSE scripts. | ||
| tee "${CONTAINERD_SERVICE_DIR}/exec_start.conf" > /dev/null <<EOF |
There was a problem hiding this comment.
do we know why we are configuring containerd both during vhd creation and during boostrapping ?
@awesomenix your other PR was also not enalbing containerd in the install section correct ?
|
Hi guys, Thanks for the fix! Do you have any idea when this will be released with v0.20260318.0? Asking because this is a severe issue for people who already upgraded to K8s |
What this PR does / why we need it:
Which issue(s) this PR fixes:
Explicit configuration for LimitNOFILE in the reference containerd.service systemd service file has been removed in upstream - https://github.com/containerd/containerd/blob/main/docs/containerd-2.0.md#limitnofile-configuration-has-been-removed.
Remove LimitNOFILE from containerd.service to rely on the systemd v240 implicit default of 1024:524288.
containerd/containerd#8924 . 1024 soft limit is an implicit default. On Ubuntu 24.04, it dropped to the default 1024.
Container runtimes handle many containers and network connections, which consume file descriptors (logs, socket, watchers etc). If the limit is too low, application may see errors like :
too many open filesorfailed to create shim taskOn Ubuntu 22.04, Kernel 5.15.0-1102-azure, containerd://1.7.30-2 -
On Mariner/AzLinux3.0, Kernel 6.6.121.1-1.azl3, containerd://2.0.0 -
On Existing Ubuntu 24.04.4, Kernel 6.8.0-1046-azure, containerd://2.1.6-1
LimitNoFile has been removed -
After this PR - On Ubuntu 24.04, kernel 6.8.0-1046-azure, containerd://2.1.6-1
After this PR - On AzureLinux 3.0, kernel 6.6.126.1-1.azl3, containerd://2.0.0
After this PR - On Ubuntu 22.04, kernel 5.15.0-1102-azure, containerd://1.7.30-2
Fixes #