How to set ulimit? (Previous solutions not working anymore?)

davybraun · April 21, 2024, 9:49pm

Hi team,

I’m trying to run a Vespa vector database as one of my apps. But the application is failing to start because Vespa needs a higher ulimit.

vespa-start-configserver warning Wanted 262144 as limit for open files but cannot exceed current hard limit: 10240

My Dockerfile is running a shell script that is trying to set the ulimit, but it fails:

ulimit: open files: cannot modify limit: Operation not permitted

As seen in the Dockerfile, I’m trying to run this as a vespa USER, which is the USER of the base image I’m using (according to docker inspect --format '{{.Config.User}}' vespaengine/vespa:8.277.17), following an advice I’ve read in a Vespa issue.

I’ve tried every solutions from previous community post I could find here that would be relevant to my case to edit ulimit, but to no avail. I would be grateful if someone could put me in the right direction.

Thanks in advance!

mayailurus · April 22, 2024, 1:18am

Hi… I’ve gotten ulimit for a non-root user working recently, although not in a pretty way…

FROM debian:bullseye-slim

RUN apt-get update -y && apt-get install -y locales \
    && apt-get install -y --no-install-recommends irb \
    && apt-get clean && rm -f /var/lib/apt/lists/*_*

RUN useradd --no-create-home aerial --shell /bin/bash

RUN mkdir --parents /home/aerial
RUN chown aerial    /home/aerial

COPY --chmod=644 limits.conf /etc/security/limits.d/aerial.conf

WORKDIR /home/aerial

COPY --chown=aerial try.rb try.rb

CMD ["su", "-c", "ruby try.rb", "aerial"]

Note that it runs as root, but then immediately switches to user aerial in the CMD.

I think this forces a PAM login, whereas USER aerial would instead be a Fly transmogrification, .

The limits.conf file is:

aerial hard nofile 20000
aerial soft nofile 20000

And the Ruby script just does a ton of opens—to demonstrate the new limit…

system("whoami")
system("bash -c 'ulimit -n'")  # ...shows current limit; does not set.

# 10241 open file descriptors...
h= {};  (1..10241).each do |i|
  if i > 10230
    p i  # ...show in log.
    STDOUT.flush
  end
  h[i] = File.open('/dev/null')
end

sleep 1_000_000

It appears that Vespa is based instead on Red Hat, though, so additional tweaking may be required.

Hope it helps a little!

mayailurus · April 22, 2024, 1:19am

Added machines

rubys · April 22, 2024, 1:37am

I’ll share my not so pretty solution. It is in bash:

github.com

fly-apps/dockerfile-rails/blob/main/test/results/swap/docker-entrypoint

#!/bin/bash -e

if [ $UID -eq 0 ]; then
  # allocate swap space
  fallocate -l 512M /swapfile
  chmod 0600 /swapfile
  mkswap /swapfile
  echo 10 > /proc/sys/vm/swappiness
  swapon /swapfile
  echo 1 > /proc/sys/vm/overcommit_memory

  exec su rails $0 $@
fi

# If running the rails server then create or migrate existing database
if [ "${1}" == "./bin/rails" ] && [ "${2}" == "server" ]; then
  ./bin/rails db:prepare
fi

exec "${@}"

Put the commands you want to run as root in lines 4-10.

Replace rails with the user id you want in line 12. This line reruns the same script with a different user id.

Replace lines 15 through 20 with the commands you want to run as the non-root user.

davybraun · April 22, 2024, 9:45am

Thank you @mayailurus and @rubys! These techniques did the trick and pulled me out of hours of fruitless trials and errors.

Topic		Replies	Views
Operating system limits Questions / Help	2	217	December 5, 2023
How to settings maximal file descriptor e.g using ulimit ?	2	529	October 27, 2022
Setting `ulimit`	5	715	July 19, 2023
Setting vm.max_map_count to at least 262144 before running Dockerfile.	5	1331	August 14, 2023
Example Request - Prisma.io	6	450	February 15, 2021

How to set ulimit? (Previous solutions not working anymore?)

Related topics