[LINUX] System resource limit (ulimit)

Introduction

https://qiita.com/hot_study_man/items/24ba3e00fc936abab58b

At this point, I thought that I might limit the resources of the system in the future, so I investigated ulimit.

Subject to restrictions

Whole system

Resource limits such as the number of processes and files that can be used on the entire system are set by ** sysctl command **

Not a user or group unit daemon

• ** ulimit command ** --Log in as that user and use the ulimit command
• /etc/security/limits.conf --Enter the user and write the limit value --Restrictions via login shell

Daemon process

• For Cent7, it is necessary to describe the limit value in the systemd configuration file.

↓ There is a change in the number of apche processes, but it is only temporarily enabled and will be disabled if the OS is restarted. https://takeshiyako.blogspot.com/2013/01/httpdulimit.html

ulimit command

You can limit the resources that each process can use with internal commands included in bash etc.

Below -If there is no Sor-H, the specified value is reflected for both the soft limit and the hard limit.

//4000 software
ulimit -Sn 4000
//4000 for both software and hardware
ulimit -n 4000

Soft limit -S

• Limitation on available resources for currently active users. Can be increased to the hard limit

Hard limit -H

• General users can reduce the hard limit value, but not increase it
• Root users can be increased

How to write

ulimit -Sn 4000
ulimit -Sm 4000

Check the limit value for the resource of the process executed by the user

When the process is executed from this logged-in user, the following restrictions apply (default)

# ulimit -Sa
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 15234
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 15234
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
root@web2:~
# ulimit -Ha
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 15234
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 4096
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 15234
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

Confirmation of process ulimit In case of apache

# ps auxf | grep httpd
root     17733  0.0  0.0 103320   872 pts/0    S+   04:07   0:00          \_ grep httpd
root     19585  0.0  0.6 431068 25856 ?        Ss   Mar02   6:53 /usr/sbin/httpd
apache   15562  0.0  1.1 456336 46312 ?        S    03:16   0:01  \_ /usr/sbin/httpd
apache   15563  0.0  1.4 471072 60616 ?        S    03:16   0:02  \_ /usr/sbin/httpd
apache   15564  0.0  1.3 464788 55224 ?        S    03:16   0:02  \_ /usr/sbin/httpd
apache   15565  0.0  1.2 467252 49708 ?        S    03:16   0:02  \_ /usr/sbin/httpd
apache   15566  0.0  0.6 435212 24552 ?        S    03:16   0:00  \_ /usr/sbin/httpd
apache   15567  0.0  0.7 439356 28732 ?        S    03:16   0:00  \_ /usr/sbin/httpd
apache   15572  0.0  1.5 474280 63620 ?        S    03:16   0:01  \_ /usr/sbin/httpd
apache   15573  0.0  0.7 439336 28892 ?        S    03:16   0:01  \_ /usr/sbin/httpd
apache   15593  0.0  0.7 446508 29296 ?        S    03:16   0:01  \_ /usr/sbin/httpd
apache   15594  0.0  0.7 441316 30808 ?        S    03:16   0:00  \_ /usr/sbin/httpd
apache   15595  0.0  0.8 452592 34920 ?        S    03:16   0:01  \_ /usr/sbin/httpd
apache   17697  0.0  0.4 431068 19140 ?        S    04:06   0:00  \_ /usr/sbin/httpd

Check limits

# cat /proc/19585/limits 
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            10485760             unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             15234                15234                processes 
Max open files            1024                 4096                 files     
Max locked memory         65536                65536                bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       15234                15234                signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us        

Change limit limit for daemon process

https://staffblog.yumemi.jp/%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB%E3%83%87%E3%82%A3%E3%82%B9%E3%82%AF%E3%83%AA%E3%83%97%E3%82%BF%E6%95%B0%E3%81%AE%E4%B8%8A%E9%99%90%E5%A4%89%E6%9B%B4%E3%81%A8limits-conf%E3%81%AE%E7%BD%A0-2/

https://go-journey.club/archives/4823

PAM authentication

The value set in "/etc/security/limits.conf" has no effect on the "daemon process" that does not log in. In detail, the reason is that the settings in /etc/security/limits.conf are applied at the time of PAM authentication at login or when executing the su command, so it does not work for the daemon process.

** /etc/security/limits.conf cannot be used when setting the upper limit of the number of file descriptors for daemon processes. ** It may seem like it's set in some situations, but it's a big pitfall. It's a hassle, but let's set it appropriately using ulimit for each required process.

Only the settings in limits.conf are temporarily enabled

In other words, if you reboot manually, the settings in limits.conf will only take effect temporarily. Of course, if the machine itself is restarted, init will start each daemon and PAM authentication will not be entered, so it will return to the upper limit of 1024 specified by the OS.

After all, to raise the limit value, write ulimit -n

** If it is daemontools, add it to the / service / / run file ** ** If it is an rc script, add it to the /etc/init.d/ file ** I have to.

However, in the case of apache, please note that if you control via apachectl, it will not go through the rc script, so you must add it to apachectl as well.

For Cent7

Write the settings in the systemd config file