[SOLVED] Increase "nofile" in lxc containers

M

mije

New Member
Jan 21, 2018
2
0
1
41
Hi,

Running the latest version of proxmox (5.1-42), but struggling to increase the number of open files on my containers, they default with way way too low values:

(From inside the container)
ulimit -Hn && ulimit -Sn
4096
1024

The containers are running as unpriviled, already increased the limit on the proxmox host itself:
/etc/sysctl.conf ->
fs.file-max = 50000
/etc/security/limits.conf ->
* hard nofile 50000
* soft nofile 40000

Setting it higher in the container isn't working.

Read:
https://forum.proxmox.com/threads/real-ulimit-value-for-lxc-containers.29798/

wbumiller talks about a new config option:
"Resource limits are available with lxc-pve >= 2.0.8-2, the `lxc.limit.*` configuration keys are allowed in /etc/pve/lxc/*.conf with pve-container >= 2.0-7."

If i add:
limits.kernel.nofile=30000 to /etc/pve/lxc/101.conf

It still doesn't apply any higher limits on the container, really hitting a stumbling block / not finding any solutions by searching around.

Found some references to set LimitNOFILE on the systemd service file, but those services doesn't seem to have a systemd service in the latest version.

Does anyone know how to do it on the latest proxmox version?
 
The line should be:
Code: 
lxc.prlimit.nofile: 30000
Note, however, that while this changes the upper limit for the container as a whole, its boot & login process will still do the usual setup. This means that the sysctl.conf and /etc/security/limits.conf changes must also happen within the container.
You can check whether the above limit was applied by checking the container's init process' limits. Either via `prlimit -p 1` from within the container, or on the host via `prlimit -p $(lxc-info -Hp -n VMID)`
 
  • Like
Reactions: jazzl0ver, flotho, mije and 1 other person
wbumiller said:
The line should be:
Code: 
lxc.prlimit.nofile: 30000
Note, however, that while this changes the upper limit for the container as a whole, its boot & login process will still do the usual setup. This means that the sysctl.conf and /etc/security/limits.conf changes must also happen within the container.
You can check whether the above limit was applied by checking the container's init process' limits. Either via `prlimit -p 1` from within the container, or on the host via `prlimit -p $(lxc-info -Hp -n VMID)`
Click to expand...


Hi Wolfgang,

I have ~15 Container running and several problems with open file limits. I searched a lot for a proper solution. This thread was one of my findings.

I am not really sure, if I have the right understanding now, but I try to summarize (and hope for your feedback/review) regarding the following steps:

1) On pve host/node adjust/edit: /etc/security/limits.conf e.g.
Code: 
*       soft    nofile  1048576 unset
*       hard    nofile  1048576 unset
root    soft    nofile  1048576 unset
root    hard    nofile  1048576 unset
*       soft    memlock 1048576 unset
*       hard    memlock 1048576 unset

2) On pve host/node adjust/edit: /etc/sysctl.conf e.g.
Code: 
fs.inotify.max_queued_events = 1048576
fs.inotify.max_user_instances = 1048576
fs.inotify.max_user_watches = 1048576
vm.max_map_count = 262144

3) Edit container configuration <container_id>.conf file and add the lxc.prlimit.nofile e.g.:
Code: 
lxc.prlimit.nofile: 30000
If I want to have this limit set to all containers, I could also insert this line/configuration to /etc/lxc/default.conf instead of every lxc conf file?<-- am I right with this "assumption"?

4) Inside the container(s) the changes from step 1 and 2 have also to be reflected. Which means, that the files /etc/security/limits.conf and /etc/sysctl.conf also needs to be editet within the container itself. <-- any best practice settings here?

It would be great, if you can give a short feedback, whether my understanding is correct or not.

Thank you in advance
Simon
 
Step 1 should not be necessary.
Step 4 only needs to include step 1. The sysctl values from step 2 aren't currently namespaced.

SimonB said:
If I want to have this limit set to all containers, I could also insert this line/configuration to /etc/lxc/default.conf instead of every lxc conf file?<-- am I right with this "assumption"?
Click to expand...
This file is used for containers without configurations, so this won't work.
Containers all by default include `/usr/share/lxc/config/common.conf.d/*.conf`, so you'd want to place a file there, call it `10-prlimits.conf` or something :)
 
  • Like
Reactions: flotho
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back