Login/Register
how to set ulimit / file descriptor on docker container the image tag is phusion/baseimage-docker
Asked Answered
dockerulimit
F

9

65

I need to set the file descriptor limit correctly on the docker container I connect to container with ssh (https://github.com/phusion/baseimage-docker)

Already tried:

  • edit limits.conf the container ignore this file
  • upstart procedure found at https://coderwall.com/p/myodcq but this docker image has different kind of init process. (runit)
  • I tried to modify configuration of pam library in /etc/pam.d
  • try to enabled pam for ssh in sshd_config

The output it always the same. 

bash: ulimit: open files: cannot modify limit: Operation not permitted
Fiduciary answered 20/6, 2014 at 1:8 Comment(0)
D
72

The latest docker supports setting ulimits through the command line and the API. For instance, docker run takes --ulimit <type>=<soft>:<hard> and there can be as many of these as you like. So, for your nofile, an example would be --ulimit nofile=262144:262144

Durning answered 17/7, 2015 at 11:6 Comment(4)
Does this mean that specific container has higher ulimit than the others? Is the host machine's ulimit remain unchanged?Buddybuderus
@Buddybuderus Yes, it means that the specific container has higher ulimit than others. This is because if --ulimit is not specified in the docker run command, then the container inherits the default ulimit from the docker daemon. And also, the host machine's ulimit remain totally unchanged.Wesleyanism
@SuhasChikkanna just to make sure, if the container max "open files" limit is higher than the underlined host max "open files", would the container limit just get ignored?Masticatory
see also docs.docker.com/engine/reference/commandline/run/… for --sysctl fs.mqueue.msg_max=10000 style settingsCareerist
F
34

After some searching I found this on a Google groups discussion:

docker currently inhibits this capability for enhanced safety.

That is because the ulimit settings of the host system apply to the docker container. It is regarded as a security risk that programs running in a container can change the ulimit settings for the host.

The good news is that you have two different solutions to choose from.

  1. Remove sys_resource from lxc_template.go and recompile docker. Then you'll be able to set the ulimit as high as you like.

or

  1. Stop the docker demon. Change the ulimit settings on the host. Start the docker demon. It now has your revised limits, and its child processes as well.

I applied the second method:

  1. sudo service docker stop;

  2. changed the limits in /etc/security/limits.conf

  3. reboot the machine

  4. run my container

  5. run ulimit -a in the container to confirm the open files limit has been inherited.

See: https://groups.google.com/forum/#!searchin/docker-user/limits/docker-user/T45Kc9vD804/v8J_N4gLbacJ

Fiduciary answered 20/6, 2014 at 16:19 Comment(2)
Also there is a useful tutorial about changing /etc/security/limits.conf in access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/…Federicofedirko
Do you know why it requires a reboot? Why not just restart the shell?Subcutaneous
O
22

If using the docker-compose file, Based on docker compose version 2.x We can set like as below, by overriding the default config.

ulimits:
  nproc: 65535
  nofile:
    soft: 26677
    hard: 46677

https://docs.docker.com/compose/compose-file/compose-file-v3/

Opportunism answered 25/9, 2019 at 7:14 Comment(1)
Current doc linkMetamerism
S
9

I have tried many options and unsure as to why a few solutions suggested above work on one machine and not on others.

A solution that works and that is simple and can work per container is:

docker run --ulimit memlock=819200000:819200000 -h <docker_host_name> --name=current -v /home/user_home:/user_home -i -d -t docker_user_name/image_name
Spherulite answered 14/11, 2015 at 22:8 Comment(2)
Explain about ulimitMetamerism
Though we thank you for your answer, it would be better if it provided additional value on top of the other answers. In this case, your answer does not provide additional value, since another user already posted that solution. If a previous answer was helpful to you, you should vote it up instead of repeating the same information.Foxhole
I
5

Here is what I did.

set ulimit -n 32000 in the file /etc/init.d/docker

and restart the docker service

docker run -ti node:latest /bin/bash

run this command to verify

user@4d04d06d5022:/# ulimit -a

should see this in the result

open files (-n) 32000

[user@ip ec2-user]# docker run -ti node /bin/bash
user@4d04d06d5022:/# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 58729
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 32000
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 58729
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
Indent answered 20/2, 2015 at 20:29 Comment(0)
G
4

Actually, I have tried the above answer, but it did not seem to work.

To get my containers to acknowledge the ulimit change, I had to update the docker.conf file before starting them:

$ sudo service docker stop
$ sudo bash -c "echo \"limit nofile 262144 262144\" >> /etc/init/docker.conf"
$ sudo service docker start
Gallardo answered 14/10, 2014 at 16:6 Comment(1)
These changes don't prevail when machine comes up after reboot but once we restart the services of the docker after machine comes up then container takes the required configuration.Nicodemus
L
2

The docker run command has a --ulimit flag you can use this flag to set the open file limit in your docker container.

Run the following command when spinning up your container to set the open file limit.

docker run --ulimit nofile=<softlimit>:<hardlimit> the first value before the colon indicates the soft file limit and the value after the colon indicates the hard file limit. you can verify this by running your container in interactive mode and executing the following command in your containers shell ulimit -n

PS: check out this blog post for more clarity

Lizethlizette answered 19/12, 2017 at 5:46 Comment(1)
Though we thank you for your answer, it would be better if it provided additional value on top of the other answers. In this case, your answer does not provide additional value, since another user already posted that solution. If a previous answer was helpful to you, you should vote it up instead of repeating the same information.Foxhole
M
1

For boot2docker, we can set it on /var/lib/boot2docker/profile, for instance:

ulimit -n 2018

Be warned not to set this limit too high as it will slow down apt-get! See bug #1332440. I had it with debian jessie.

Manicotti answered 6/3, 2015 at 6:2 Comment(0)
I
0

To set the max_locked_memory while doing docker build itself add the following argument,

docker build --ulimit memlock=-1

which sets the max_locked_memory to unlimited(which can be viewed by using ulimit -l). This is because docker build is running in a seperate user space and has its own File system. As we don't want it to take the host machine's specifications we are adding this command line argument.

To replicate the same changes inside the docker container, run the docker image with the same command

Ex, docker run --ulimit memlock=-1
Infestation answered 21/6, 2023 at 18:22 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.