Don't set ulimits (nproc)

There is a not-insignificant performance overhead for all containers (if containerd is a child of Docker, which is the current setup) if rlimits are set on the main Docker daemon process (because the limits propogate to all children). We recommend using cgroups to do container-local accounting. This applies the change added in 8db6109 to other init scripts. Note that nfile cannot be set to unlimited, and the limit is hardcoded to 1048576 (2^20) , see: http://stackoverflow.com/a/1213069/1811501 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
moby · Jul 13, 2016 · 428d733 · 428d733
1 parent 92b1577
commit 428d733
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 5 deletions.
diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd
@@ -13,7 +13,10 @@ start_pre() {
 	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
 
 	ulimit -n 1048576
-	ulimit -u 1048576
+
+	# Having non-zero limits causes performance problems due to accounting overhead
+	# in the kernel. We recommend using cgroups to do container-local accounting.
+	ulimit -u unlimited
 
 	return 0
 }
diff --git a/contrib/init/systemd/docker.service b/contrib/init/systemd/docker.service
@@ -11,9 +11,9 @@ Type=notify
 # for containers run by docker
 ExecStart=/usr/bin/dockerd -H fd://
 ExecReload=/bin/kill -s HUP $MAINPID
+LimitNOFILE=1048576
 # Having non-zero Limit*s causes performance problems due to accounting overhead
 # in the kernel. We recommend using cgroups to do container-local accounting.
-LimitNOFILE=infinity
 LimitNPROC=infinity
 LimitCORE=infinity
 # Uncomment TasksMax if your systemd version supports it.

diff --git a/contrib/init/sysvinit-debian/docker b/contrib/init/sysvinit-debian/docker
@@ -94,10 +94,13 @@ case "$1" in
 		chgrp docker "$DOCKER_LOGFILE"
 
 		ulimit -n 1048576
+
+		# Having non-zero limits causes performance problems due to accounting overhead
+		# in the kernel. We recommend using cgroups to do container-local accounting.
 		if [ "$BASH" ]; then
-			ulimit -u 1048576
+			ulimit -u unlimited
 		else
-			ulimit -p 1048576
+			ulimit -p unlimited
 		fi
 
 		log_begin_msg "Starting $DOCKER_DESC: $BASE"

diff --git a/contrib/init/upstart/docker.conf b/contrib/init/upstart/docker.conf
@@ -2,8 +2,12 @@ description "Docker daemon"
 
 start on (filesystem and net-device-up IFACE!=lo)
 stop on runlevel [!2345]
+
 limit nofile 524288 1048576
-limit nproc 524288 1048576
+
+# Having non-zero limits causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+limit nproc unlimited unlimited
 
 respawn