New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd's service unit should set LimitNOFILE to 1048576 like docker does #3201
Comments
I've solved the issue locally by creating a service override for now: $ cat /etc/systemd/system/containerd.service.d/override.conf
[Service]
LimitNOFILE=1048576
$ systemctl daemon-reload
$ cat /proc/$(pgrep containerd | head -1)/limits | grep files
Max open files 1048576 1048576 files |
Does |
crosbymichael
added a commit
to crosbymichael/containerd
that referenced
this issue
Apr 10, 2019
Closes containerd#3201 Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Merged
Looks like nope, it does not. moby/moby@428d733 references https://stackoverflow.com/questions/1212925/on-linux-set-maximum-open-files-to-unlimited-possible/1213069#1213069 which has more info. |
kiwik
pushed a commit
to theopenlab/containerd
that referenced
this issue
Apr 23, 2019
* Add tcp service for grpc listeners Signed-off-by: Michael Crosby <crosbymichael@gmail.com> * Set nofile to 1048576 Closes containerd#3201 Signed-off-by: Michael Crosby <crosbymichael@gmail.com> * Fix API forward events for shims Signed-off-by: Michael Crosby <crosbymichael@gmail.com> * Add support for required plugins. Signed-off-by: Lantao Liu <lantaol@google.com> * Use $TEST_RUNTIME for cri test. Signed-off-by: Lantao Liu <lantaol@google.com> * Improve shim shutdown logic Shims no longer call `os.Exit` but close the context on shutdown so that events and other resources have hit the `defer`s. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> * Add dialer for events service Signed-off-by: Michael Crosby <crosbymichael@gmail.com> * Rename `hrpc` to `tcpServer` Signed-off-by: Michael Crosby <crosbymichael@gmail.com> * Check task list to avoid unnecessary cleanup. Signed-off-by: Lantao Liu <lantaol@google.com> * Correct import path in services/server package Signed-off-by: Jared Cordasco <jcordasc@coglib.com> * Correct PusherFunc helper to match Pusher intf Signed-off-by: Jared Cordasco <jcordasc@coglib.com> * Requeue events in the shim publisher Signed-off-by: Michael Crosby <crosbymichael@gmail.com> * bump mistifyio/go-zfs f784269be439d704d3dfa1906f45dd848fed2beb - mistifyio/go-zfs#72 Switch to google/uuid - removes the github.com/pborman/uuid dependency Signed-off-by: Sebastiaan van Stijn <github@gone.nl> * Update go-winio in vendor.conf Signed-off-by: Kevin Parsons <kevpar@microsoft.com> * Allow dumping stacks via ETW capture state Signed-off-by: Kevin Parsons <kevpar@microsoft.com> * Access to client's GRPC connection object Signed-off-by: Maksym Pavlenko <makpav@amazon.com> * .mailmap: update Akihiro Suda's email address No affiliation change (NTT). The former email address will continue to be available for the time being. For daily communication, I still prefer to use my gmail.com address. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> * Move to sha-specified test image for nanoserver Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> * Fix error on pull hang in CI Kill the underlying containerd after outputting error. Otherwise CI hangs indefinitely and requires the CI infrastructure to kill the build at the timeout expiration. Signed-off-by: Wei Fu <fuweid89@gmail.com> Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> * Write stack dump to `os.TempDir()` as well Signed-off-by: John Howard <jhoward@microsoft.com> * bump gocapability full diff: syndtr/gocapability@db04d3c...d983527 changes included: - syndtr/gocapability#14 capability: Deprecate NewPid and NewFile for NewPid2 and NewFile2 - syndtr/gocapability#16 Fix capHeader.pid type Signed-off-by: Sebastiaan van Stijn <github@gone.nl> * Update x/crypto to 88737f569e3a9c7ab309cdc09a07fe7fc87233c3 full diff: golang/crypto@4979611...88737f5 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> * bump containerd/console 0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f Signed-off-by: Sebastiaan van Stijn <github@gone.nl> * Convert Windows CI to use Microsoft MCR image urls Signed-off-by: Justin Terry (VM) <juterry@microsoft.com> * Don't write dumped stacks to file for ETW capture state Signed-off-by: Kevin Parsons <kevpar@microsoft.com>
NicolasT
added a commit
to scality/metalk8s
that referenced
this issue
Sep 25, 2019
The default 'open files' limit, 1024, is way too low for some of our applications. Since there's no way to bump this limit from within a container, and the artificial limit of 1024 file descriptors stems from an era where FDs were costly, bump the limit to a more reasonable (in 2019) default. Fixes: #1785 See: #1785 See: containerd/containerd#3201 See: containerd/containerd#3202
NicolasT
added a commit
to scality/metalk8s
that referenced
this issue
Sep 25, 2019
The default 'open files' limit, 1024, is way too low for some of our applications. Since there's no way to bump this limit from within a container, and the artificial limit of 1024 file descriptors stems from an era where FDs were costly, bump the limit to a more reasonable (in 2019) default. Manual test: ``` [root@bootstrap ~]# kubectl taint node bootstrap node-role.kubernetes.io/bootstrap- node/bootstrap untainted [root@bootstrap ~]# kubectl taint node bootstrap node-role.kubernetes.io/infra- node/bootstrap untainted [root@bootstrap ~]# kubectl run --restart=Never --image=busybox shell -- sleep 9999 pod/shell created [root@bootstrap ~]# kubectl exec -ti shell -- sh -c 'ulimit -n' 1048576 ``` Fixes: #1785 See: #1785 See: containerd/containerd#3201 See: containerd/containerd#3202
NicolasT
added a commit
to scality/metalk8s
that referenced
this issue
Sep 26, 2019
The default 'open files' limit, 1024, is way too low for some of our applications. Since there's no way to bump this limit from within a container, and the artificial limit of 1024 file descriptors stems from an era where FDs were costly, bump the limit to a more reasonable (in 2019) default. Manual test: ``` [root@bootstrap ~]# kubectl taint node bootstrap node-role.kubernetes.io/bootstrap- node/bootstrap untainted [root@bootstrap ~]# kubectl taint node bootstrap node-role.kubernetes.io/infra- node/bootstrap untainted [root@bootstrap ~]# kubectl run --restart=Never --image=busybox shell -- sleep 9999 pod/shell created [root@bootstrap ~]# kubectl exec -ti shell -- sh -c 'ulimit -n' 1048576 ``` Fixes: #1785 See: #1785 See: containerd/containerd#3201 See: containerd/containerd#3202
curtishall
added a commit
to bluecherrydvr/bluecherry-docker
that referenced
this issue
Nov 22, 2023
For all RHEL releases run this: ``` sed -i 's/^LimitNOFILE=infinity$/LimitNOFILE=1048576/' /usr/lib/systemd/system/docker.service sed -i 's/^LimitNOFILE=infinity$/LimitNOFILE=1048576/' /usr/lib/systemd/system/containerd.service ``` containerd/containerd#3201
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
I've just checked the limit on the max number of opened files for the
containerd
process on recent version of Container Optimized OS and saw that the process has the limit set to 65536.I believe it should be set to 1048576 like docker does right now: moby/moby@428d733
Steps to reproduce the issue:
Describe the results you expected:
Output of
containerd --version
:The text was updated successfully, but these errors were encountered: