[Bug 1839445] Re: systemd's service unit should set LimitNOFILE to 1048576

Andreas Hasenack andreas at canonical.com
Mon Aug 12 14:31:10 UTC 2019 

There seems to be a non-infinite open files limit in containerd in eoan
(checked in a vm, not lxd, just to be sure):

root at eoan-containerd:~# cat /proc/$(pidof containerd)/limits |grep "Max open files"
Max open files            1048576              1048576              files     

root at eoan-containerd:~# systemctl cat containerd.service 
# /lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
RestartSec=2
Restart=always

Delegate=yes
KillMode=process
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity

OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

root at eoan-containerd:~# sysctl fs.nr_open
fs.nr_open = 1048576

root at eoan-containerd:~# grep nr_open -r /etc/
root at eoan-containerd:~# 

root at eoan-containerd:~# grep NOFILE -r /lib/systemd/ 2>/dev/null | grep -v ^Binary
/lib/systemd/system/containerd.service:LimitNOFILE=infinity
/lib/systemd/system/systemd-logind.service:LimitNOFILE=524288
/lib/systemd/system/systemd-journald.service:LimitNOFILE=524288
/lib/systemd/system/rsyslog.service:LimitNOFILE=16384

root at eoan-containerd:~# grep NOFILE -r /etc/ 2>/dev/null | grep -v ^Binary
/etc/systemd/user.conf:#DefaultLimitNOFILE=
/etc/systemd/system.conf:#DefaultLimitNOFILE=1024:524288


eoan is using systemd 240:
root at eoan-containerd:~# apt-cache policy systemd
systemd:
  Installed: 240-6ubuntu9
  Candidate: 240-6ubuntu9
  Version table:
 *** 240-6ubuntu9 500
        500 http://br.archive.ubuntu.com/ubuntu eoan/main amd64 Packages

No relevant entry about limits in systemd's d/changelog.


Ubuntu will get the upstream change when a new release is made, so the questions are:
a) should we change this now?
b) do we even have to, given we already seem to be running witn a non-infinite limit (unclear how we got there, though, maybe a system-wide setting?)

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1839445

Title:
  systemd's service unit should set LimitNOFILE to 1048576

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/containerd/+bug/1839445/+subscriptions

More information about the Ubuntu-server-bugs mailing list