How to set ulimit? (Previous solutions not working anymore?)

Hi team,

I’m trying to run a Vespa vector database as one of my apps. But the application is failing to start because Vespa needs a higher ulimit.

vespa-start-configserver warning Wanted 262144 as limit for open files but cannot exceed current hard limit: 10240

My Dockerfile is running a shell script that is trying to set the ulimit, but it fails:

ulimit: open files: cannot modify limit: Operation not permitted

As seen in the Dockerfile, I’m trying to run this as a vespa USER, which is the USER of the base image I’m using (according to docker inspect --format '{{.Config.User}}' vespaengine/vespa:8.277.17), following an advice I’ve read in a Vespa issue.

I’ve tried every solutions from previous community post I could find here that would be relevant to my case to edit ulimit, but to no avail. I would be grateful if someone could put me in the right direction.

Thanks in advance!

1 Like

Hi… I’ve gotten ulimit for a non-root user working recently, although not in a pretty way…

FROM debian:bullseye-slim

RUN apt-get update -y && apt-get install -y locales \
    && apt-get install -y --no-install-recommends irb \
    && apt-get clean && rm -f /var/lib/apt/lists/*_*

RUN useradd --no-create-home aerial --shell /bin/bash

RUN mkdir --parents /home/aerial
RUN chown aerial    /home/aerial

COPY --chmod=644 limits.conf /etc/security/limits.d/aerial.conf

WORKDIR /home/aerial

COPY --chown=aerial try.rb try.rb

CMD ["su", "-c", "ruby try.rb", "aerial"]

Note that it runs as root, but then immediately switches to user aerial in the CMD.

I think this forces a PAM login, whereas USER aerial would instead be a Fly transmogrification, :tiger:.

The limits.conf file is:

aerial hard nofile 20000
aerial soft nofile 20000

And the Ruby script just does a ton of opens—to demonstrate the new limit…

system("bash -c 'ulimit -n'")  # ...shows current limit; does not set.

# 10241 open file descriptors...
h= {};  (1..10241).each do |i|
  if i > 10230
    p i  # in log.
  h[i] ='/dev/null')

sleep 1_000_000

It appears that Vespa is based instead on Red Hat, though, so additional tweaking may be required.

Hope it helps a little!

Added machines

I’ll share my not so pretty solution. It is in bash:

Put the commands you want to run as root in lines 4-10.

Replace rails with the user id you want in line 12. This line reruns the same script with a different user id.

Replace lines 15 through 20 with the commands you want to run as the non-root user.

Thank you @mayailurus and @rubys! These techniques did the trick and pulled me out of hours of fruitless trials and errors.