-
Notifications
You must be signed in to change notification settings - Fork 455
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[dbode] Call syscall.Setrlimit to set num files open hard limit with setcap for DB docker image #1666
[dbode] Call syscall.Setrlimit to set num files open hard limit with setcap for DB docker image #1666
Changes from all commits
f9c9d91
d813447
05df35e
791b151
bca7c42
0fb6110
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
# stage 1: build | ||
# Stage 1: build | ||
FROM golang:1.10-alpine AS builder | ||
LABEL maintainer="The M3DB Authors <[email protected]>" | ||
|
||
|
@@ -14,7 +14,7 @@ RUN cd /go/src/github.com/m3db/m3/ && \ | |
git submodule update --init && \ | ||
make m3dbnode-linux-amd64 | ||
|
||
# stage 2: lightweight "release" | ||
# Stage 2: lightweight "release" | ||
FROM alpine:latest | ||
LABEL maintainer="The M3DB Authors <[email protected]>" | ||
|
||
|
@@ -26,5 +26,14 @@ COPY --from=builder /go/src/github.com/m3db/m3/bin/m3dbnode /bin/ | |
COPY --from=builder /go/src/github.com/m3db/m3/src/dbnode/config/m3dbnode-local-etcd.yml /etc/m3dbnode/m3dbnode.yml | ||
COPY --from=builder /go/src/github.com/m3db/m3/scripts/m3dbnode_bootstrapped.sh /bin/ | ||
|
||
# Use setcap to set +e "effective" and +p "permitted" to adjust the | ||
# SYS_RESOURCE so the process can raise the hard file limit with | ||
# setrlimit | ||
RUN apk add libcap && \ | ||
setcap cap_sys_resource=+ep /bin/m3dbnode | ||
|
||
# Set the environment variable to raise the limit on startup | ||
ENV PROCESS_LIMITS_RAISE true | ||
|
||
ENTRYPOINT [ "/bin/m3dbnode" ] | ||
CMD [ "-f", "/etc/m3dbnode/m3dbnode.yml" ] |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,3 +27,12 @@ type ProcessLimits struct { | |
VMMaxMapCount int64 // corresponds to /proc/sys/vm/max_map_count | ||
VMSwappiness int64 // corresponds to /proc/sys/vm/swappiness | ||
} | ||
|
||
// RaiseProcessNoFileToNROpenResult captures the result of trying to | ||
// raise the process num files open limit to the nr_open system value. | ||
type RaiseProcessNoFileToNROpenResult struct { | ||
RaisePerformed bool | ||
NROpenValue uint64 | ||
NoFileMaxValue uint64 | ||
NoFileCurrValue uint64 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe a comment here saying that this will be the curr value before the raise was performed (if it was performed) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That's not true though, it will be the curr value (after the raise) or if no raise then it will be the curr value (unadjusted). |
||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,14 +22,17 @@ | |
|
||
package xos | ||
|
||
import "errors" | ||
import ( | ||
"errors" | ||
) | ||
|
||
const ( | ||
nonLinuxWarning = "unable to determine process limits on non-linux os" | ||
) | ||
|
||
var ( | ||
errUnableToDetermineProcessLimits = errors.New(nonLinuxWarning) | ||
errUnableToDetermineProcessLimits = errors.New(nonLinuxWarning) | ||
errUnableToRaiseProcessNoFileNonLinux = errors.New("unable to raise no file limits on non-linux os") | ||
) | ||
|
||
// CanGetProcessLimits returns a boolean to signify if it can return limits, | ||
|
@@ -42,3 +45,9 @@ func CanGetProcessLimits() (bool, string) { | |
func GetProcessLimits() (ProcessLimits, error) { | ||
return ProcessLimits{}, errUnableToDetermineProcessLimits | ||
} | ||
|
||
// RaiseProcessNoFileToNROpen attempts to raise the process num files | ||
// open limit to the nr_open system value. | ||
func RaiseProcessNoFileToNROpen() (RaiseProcessNoFileToNROpenResult, error) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If we're gonna start doing this it might be nice to have a generic There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is that kind of method however, it is meant to be abstract and returns enough information (without taking a logger itself). That way callers can either log it as a warning or a hard error, depending on their situation. |
||
return RaiseProcessNoFileToNROpenResult{}, errUnableToRaiseProcessNoFileNonLinux | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Had not seen this before. Did some reading. Kind of bizarre that the capabilities get set on the file/binary level
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does the
+ep
do? Can you just add a comment to this line generally alsoThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not opposed to adding a comment, the +e is "effective" and +p is for "permitted".