2012년 5월 21일 월요일

[TechNote] Guidelines for setting ulimits on AIX and Linux

Guidelines for setting ulimits on AIX and Linux

Problem(Abstract)

This document describes various ways to set ulimit values on the AIX and Linux operating systems.

Symptom

Setting ulimits correctly can overcome these errors:

Resolving the problem

Is it possible to display the current ulimit settings?
The command ulimit -a will display all current settings that are set for the current login session. However if a process is already running, it can be more difficult to get the ulimit settings, as they may not match the output of ulimit -a. For some tips to retrieve this information, see the following technote

How to determine the ulimit settings of a running WebSphere Application Server process on Linux



How are ulimts set?
Temporary Settings (for current session) Temporary settings are set via the command line using the ulimit command. It's required to pass an argument representing the setting to change, such as ulimit -n (see the charts below). These settings are only temporary for the current session and will be lost once the session is over or the terminal window is closed.
These can also be added to shell scripts so that the ulimit settings will only be active during the script's operations. This will also effect any spawned processes from the script, or if other shell scripts are called.
Global Settings
Any changes to these global configuration limits files should be performed by your system administrator. Instructions on how to edit the files can be found on the manpage or in the commented section of the configuration file, as they can vary between versions of UNIX or Linux.
The format of the file, which differs slightly on versions of UNIX and Linux, allows individual limits per users or groups, as well as set hard and soft limits. Normally both settings are changed at the same time, you can think of soft and hard limits as a min and max setting. The users that are set up with these two limits can adjust the sizes between these values via the ulimit command.
Changes made to any limits file take effect after launching a new login shell (such as bash -l), or if the user logs out and logs back in to the system.


AIX

Global settings are generally set in the file /etc/security/limits, although there may be different limit files for LPARs and WPARs.
Please note that this table may not represent all ulimit items as they can vary between AIX versions. Consult the ulimit man page or the limits file for further information.

Command Line​*​
/etc/security/limits​
Description​
ulimit -c [value]​ core​
core_hard​
Core file size in 512 byte blocks.​
ulimit -t [value]​
(seconds)​
cpu​
cpu_hard​
Max per process CPU time (in seconds).​
ulimit -d [value]​
(K bytes)​
data​
data_hard​
Data segment size of processes in 512 byte blocks.​
ulimit -f [value]​ fsize​
fsize_hard​
File size limit in 512 byes blocks.​
ulimit -n [value]​ nofiles​
nofiles_hard​
Max number of open files and/or sockets per process.​
ulimit -m [value]​
(K bytes)​
rss​
rss_hard​
The memory size of the process in 512 byte blocks.​
ulimit -r [value]​ threads​
threads_hard​
Max number of threads per process.​
ulimit -s [value]​
(K bytes)​
stack​
stack_hard​
The stack segment size in 512 byte blocks.​
ulimit -u [value]​ nproc​
nproc_hard​
Specifies the limit on the number of a process can take.​
* Values are in 512 byte blocks unless otherwise specified



Linux

Global settings are set in the file /etc/security/limits.conf.
The format for setting each limit is as follows:
<domain> <type> <item> <value>
<domain> controls which users or groups will have these limits
<type> is either the string "soft" or "hard" limits.
The hyphen "-" can also be used which represents both soft and hard limits
<item> and <value> are shown in the table below. Most values can also use the string unlimited.
Please note that this table may not represent all ulimit items as they can vary between Linux variants. Consult the ulimit man page or the limits.conf file for further information.

Command Line​
/etc/security/limits.conf <item>​
Description​
ulimit -c [value]​ core​ Max core dump file size (KB)​
ulimit -t [value]​ cpu​ Max CPU time (minutes or seconds)​
ulimit -d [value]​ data​ Max data size (KB)​
ulimit -f [value]​ fsize​ Max file size (KB)​
ulimit -l [value]​ memlock​ Max size of address space that can be locked into memory (KB)​
ulimit -n [value]​ nofile​ Max number of open files/sockets per process​**​
ulimit -u [value]​ nproc​ Max number of processes for a single user​
ulimit -m [value]​ rss​ Max resident set size (KB)​
ulimit -s [value]​ stack​ The maximum stack size (KB)​
** There is a restriction that occurs on Red Hat Enterprise Linux that this value cannot be set to unlimited



On Linux, can I set the ulimit for the number of open files to unlimited?
Certain versions of Red Hat Enterprise Linux do not allow this value to be set to unlimited due to a known issue in Red Hat Enterprise Linux 5. Other versions of Linux may not have this restriction. However, for those operating systems that are affected, the limit must be set to an integer value no larger than 1048576. In the Information Center for WebSphere Application, there is a recommendation of 8000.
If an attempt is made to set this ulimit to unlimited via the command line, an error will be displayed, and the old value will remain in place:
[root] # ulimit -n unlimited
bash: ulimit: open files: cannot modify limit: Operation not permitted
If you try to edit the /etc/security/limits.conf file to force unlimited for the number of open files, this will still be considered invalid and it will be reset to 0. This will prevent any new processes from spawning by that user or group. If this is the root user, the system will slowly die as new processes will be unable to generate. A recovery disc will be needed to reset the value.
I am using an /etc/init.d script (or inittab) to start my application server and setting the global ulimit settings had no effect?
The global settings for ulimit will not take effect if the init process starts the application server or nodeagent because it has yet to load the global settings. The global settings take effect once a login terminal session is started, or when a user logs in to the system, not when the init process spawns new processes based on init.d scripts. At startup, the operating system hasn't begun to load specific profiles up, even the root user. When you see individual services and processes starting, these are all child processes of the init process
This is documented for AIX in the following infocenter article entitled "telinit or init Command", under the Environments section.
"A command that is executed by init from the /etc/inittab file uses init's ulimit values and not the default values as given in /etc/security/limits. The result is that a command that is successfully executed from the command line may not execute correctly when invoked by init. Any command that has specific ulimit requirements should include specific actions to set the ulimit values as required."

Related information

Domino for Linux (see step 2)
How to determine the ulimit settings on a running proce

댓글 없음:

댓글 쓰기