CentOS 文件描述符资源限制
2018-07-20 16:24 Jeff Ma 阅读(1994) 评论(0) 编辑 收藏 举报
一、系统范围 system-wide FD (file-descriptor) limits)
1、错误消息
[ENFILE] Too many files open in system.
# define ENFILE 23 /* File table overflow */
ENFILE is too many files opened in the entire system.
各进程打开的文件数的总和超过系统的限制。
2、查看
最大值:
cat /proc/sys/fs/file-max
当前值:
cat /proc/sys/fs/file-nr
或者
Sysctl is a tool which provides easy configuration of these kernel parameter.
[root@centos6.9 ~]# sysctl -a|grep file
fs.file-nr = 576 0 97761
fs.file-max = 97761
[root@centos7.2~]# sysctl -a|grep file
fs.file-max = 99148
fs.file-nr = 896 0 99148
fs.xfs.filestream_centisecs = 3000
与查看file-max、file-nr的值一致
fs.file-nr三列:
the number of allocated file handles (i.e., the number of files presently opened);
the number of free file handles;
and the maximum number of file handles
3、调整
现在,系统范围内的文件描述符限制很少需要手动调整,因为它的默认值与内存成正比。
手动调整:
[root@centos6.9 ~]# vi /etc/sysctl.conf
......
fs.file-max = 100000
[root@centos6.9 ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
fs.file-max = 100000
无需重新启动
[root@centos6.9 ~]# cat /proc/sys/fs/file-max
100000
或者
[root@centos6.9 ~]# echo "200000">/proc/sys/fs/file-max
-----------------------------------------------------------------------
[root@centos7.2~]#cat /usr/lib/sysctl.d/00-system.conf
# Kernel sysctl configuration file
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
fs.file-max = 100000
[root@centos7.2~]# sysctl -p
需要重新启动
[root@centos7.2~]# cat /proc/sys/fs/file-max
100000
4、更多
CentOS6.9
[root@centos6.9 ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
#
# Use '/sbin/sysctl -a' to list all possible parameters.
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
配置文件中没有关于file-max的默认设置
-----------------------------------------------------------------------
[root@centos7.2~]# cat /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
[root@centos7.2~]#cat /usr/lib/sysctl.d/00-system.conf
# Kernel sysctl configuration file
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
[root@centos7.2 ~]# man sysctl
2、进程范围 process-specific
1、错误消息
[EMFILE] Too many open files.
# define EMFILE 24 /* Too many open files */
EMFILE is too many files opened in your process.
2、查看
[root@centos6.9 ~]# ulimit -n
1024
[root@centos6.9 ~]# ulimit -Hn
4096
[root@centos6.9 ~]# ulimit -Sn
1024
--------------------------------------------------------------------
[root@centos7.2 ~]# ulimit -n
1024
[root@centos7.2 ~]# ulimit -Hn
4096
[root@centos7.2 ~]# ulimit -Sn
1024
查看某进程的文件打开数
cat /proc/<pid>/limits
ls -lh /proc/<pid>/fd
ls -lh /proc/<pid>/fd|wc -l
不要使用lsof,lsof最初的目的是列出OpenFiles,但现在它已经增长并列出了其他内容,比如cmd和mmap区域,所以结果是不准确的。
[root@centos6.9 ~]# ps -ef|grep nginx
root 1459 1 0 00:52 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nginx 1461 1459 0 00:52 ? 00:00:00 nginx: worker process
root 1743 1533 0 03:03 pts/0 00:00:00 grep nginx
[root@centos6.9 ~]# cat /proc/1459/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 10485760 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 3873 3873 processes
Max open files 1024 4096 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 3873 3873 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
[root@centos6.9 ~]# ls -lh /proc/1459/fd
total 0
lrwx------. 1 root root 64 Jul 20 02:57 0 -> /dev/null
lrwx------. 1 root root 64 Jul 20 02:57 1 -> /dev/null
l-wx------. 1 root root 64 Jul 20 02:57 2 -> /usr/local/nginx/logs/error.log
lrwx------. 1 root root 64 Jul 20 02:57 3 -> socket:[12618]
l-wx------. 1 root root 64 Jul 20 02:57 4 -> /usr/local/nginx/logs/access.log
l-wx------. 1 root root 64 Jul 20 02:57 5 -> /usr/local/nginx/logs/error.log
lrwx------. 1 root root 64 Jul 20 02:57 6 -> socket:[12615]
lrwx------. 1 root root 64 Jul 20 02:57 7 -> socket:[12619]
[root@centos6-clean sbin]# ls -lh /proc/1461/fd
total 0
lrwx------. 1 nginx nginx 64 Jul 20 02:57 0 -> /dev/null
lrwx------. 1 nginx nginx 64 Jul 20 02:57 1 -> /dev/null
l-wx------. 1 nginx nginx 64 Jul 20 02:57 2 -> /usr/local/nginx/logs/error.log
l-wx------. 1 nginx nginx 64 Jul 20 02:57 4 -> /usr/local/nginx/logs/access.log
l-wx------. 1 nginx nginx 64 Jul 20 02:57 5 -> /usr/local/nginx/logs/error.log
lrwx------. 1 nginx nginx 64 Jul 20 02:57 6 -> socket:[12615]
lrwx------. 1 nginx nginx 64 Jul 20 02:57 7 -> socket:[12619]
lrwx------. 1 nginx nginx 64 Jul 20 02:57 8 -> [eventpoll]
lrwx------. 1 nginx nginx 64 Jul 20 02:57 9 -> [eventfd]
Nginx父和子进程一共打开多少?
centos7.2与centos6.9类似
3、调整
Soft vs. Hard limits
Soft limits are the current setting for a particular limit. They can be increased only to the current hard limit setting.
Hard limits are the maximum limit that can be configured. Any changes to these require root access.
Soft limits could be set by any user while hard limits are changeable only by root.
(1)使用ulimit进行调整
ulimit的作用是,显示或修改“当前shell”的resource limits,或者在当前shell中启动的进程的resource limits。
ulimit命令的特点:
>> 只对当前tty(终端有效),若要每次都生效的话,可以把ulimit参数放到对应用户的.bash_profile里面;如果放到/etc/profile,针对所有用户有效。
>> ulimit命令本身就有分软硬设置,加-H就是硬,加-S就是软;
硬限制是可以在任何时候任何进程中设置 但硬限制只能由超级用户提起
软限制是内核实际执行的限制,任何进程都可以将软限制设置为任意小于等于对进程限制的硬限制的值
>> 默认显示的是软限制,如果运行ulimit命令修改的时候没有加上的话,就是两个参数一起改变生效;
[root@centos6.9 ~]# ulimit -n 2048
[root@centos6.9 ~]# ulimit -Hn
2048
[root@centos6.9 ~]# ulimit -Sn
2048
重新登录后会失效,所以添加到初始文件中
[root@centos6-clean ~]# vi /etc/profile
......
unset -f pathmunge
ulimit -n 8192
"/etc/profile" 79L, 1857C written
[root@centos6.9 ~]# source /etc/profile
注意:这个配置会覆盖limits.conf中的配置
[root@centos6.9 ~]# ulimit -Hn
8192
[root@centos6.9 ~]# ulimit -Sn
8192
(2)通过Linux PAM的配置文件进行调整。
nofile - max number of open file descriptors
nproc - max number of processes 要分清楚
limits.conf file is used store limit related configuration. It can be accessed from /etc/security/limits.conf . There s also /etc/security/limits.d directory which can hold multiple configurations files.
/etc/security/limit.conf
/etc/security/limit.d/*.conf
[root@centos6.9 ~]# vi /etc/security/limits.conf
或者
[root@centos6.9 ~]# vi /etc/security/limits.d/91-nofile.conf
* - nofile 8192
重新登录
[root@centos6.9 ~]# ulimit -Hn
8192
[root@centos6.9 ~]# ulimit -Sn
8192
--------------------------------------------------------------------------
[root@centos7.2 ~]# vi /etc/security/limits.conf
或者
[root@centos7.2 ~]# vi /etc/security/limits.d/21-nofile.conf
* - nofile 10240
21-nofile.conf 会覆盖limits.conf的设置
重新登录
[root@centos7.2 ~]# ulimit -Hn
10240
[root@centos7.2 ~]# ulimit -Sn
10240
其他设置形式
* soft nofile 4096
* hard nofile 4096
或者针对用户
roy soft nofile 8192
roy hard nofile 8192
对于systemd控制的服务,修改limits.conf已没有意义:
[root@centos7.2 ~]# vi /usr/lib/systemd/system/nginx.service
[Service] ... LimitNOFILE=10000
[root@centos7.2 ~]# systemctl daemon-reload
Restart nginx:
[root@centos7.2 ~]# systemctl restart nginx.service
验证
[root@localhost ~]# ps -ef|grep nginx
root 2269 1 0 00:22 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx 2270 2269 0 00:22 ? 00:00:00 nginx: worker process
root 2274 2177 0 00:22 pts/0 00:00:00 grep --color=auto nginx
[root@localhost ~]# cat /proc/2269/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 3899 3899 processes
Max open files 10000 10000 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 3899 3899 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
或者
$ mkdir -p /etc/systemd/system/nginx.service.d/
$ cat /etc/systemd/system/nginx.service.d/limits.conf [Service] LimitNOFILE=10000
$ systemctl daemon-reload
$ systemctl restart nginx
没有实验成功。
4、更多
/etc/security/limits.conf和/etc/security/limits.d/*.conf 是Linux PAM的配置文件。
[root@centos6.9 ~]# cat /etc/security/limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open file descriptors
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#
#<domain> <type> <item> <value>
#
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
# End of file
都是注释条目
--------------------------------------------------------------------------------------
[root@centos7.2 ~]# cat /etc/security/limits.conf
# /etc/security/limits.conf
#
#This file sets the resource limits for the users logged in via PAM.
#It does not affect resource limits of the system services.
#
#Also note that configuration files in /etc/security/limits.d directory,
#which are read in alphabetical order, override the settings in this
#file in case the domain is the same or more specific.
#That means for example that setting a limit for wildcard domain here
#can be overriden with a wildcard setting in a config file in the
#subdirectory, but a user specific setting here can be overriden only
#with a user specific setting in the subdirectory.
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open file descriptors
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#
#<domain> <type> <item> <value>
#
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
# End of file
都是注释条目
------------------------------------------------------------------------------------------
参考:
