Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how to set ulimit / file descriptor on docker container the image tag is phusion/baseimage-docker

Tags:

docker

ulimit

I need to set the file descriptor limit correctly on the docker container I connect to container with ssh (https://github.com/phusion/baseimage-docker)

Already tried:

  • edit limits.conf the container ignore this file
  • upstart procedure found at https://coderwall.com/p/myodcq but this docker image has different kind of init process. (runit)
  • I tried to modify configuration of pam library in /etc/pam.d
  • try to enabled pam for ssh in sshd_config

The output it always the same. 

bash: ulimit: open files: cannot modify limit: Operation not permitted
like image 624
dnocode Avatar asked Jun 20 '14 01:06

dnocode

People also ask

What is Ulimit Memlock?

It is frequently used by database management applications such as Oracle or Sybase to lock shared memory for a shared pool so that it is always in memory for access by multiple sessions.

What is Nofile Ulimit?

nofile: -n: file descriptors. This ulimit settings parameters tells how many file descriptor a mongodb process can use. MongoDB internally uses file for storing connections, journal files, indexes and datafiles. MongoDB recommeneds to set nofile to 64000.

3 Answers

The latest docker supports setting ulimits through the command line and the API. For instance, docker run takes --ulimit <type>=<soft>:<hard> and there can be as many of these as you like. So, for your nofile, an example would be --ulimit nofile=262144:262144

like image 88
Glenn Avatar answered Sep 20 '22 21:09

Glenn

If using the docker-compose file, Based on docker compose version 2.x We can set like as below, by overriding the default config.

ulimits:
  nproc: 65535
  nofile:
    soft: 26677
    hard: 46677

https://docs.docker.com/compose/compose-file/compose-file-v3/

like image 22
MohanBabu Avatar answered Sep 21 '22 21:09

MohanBabu

After some searching I found this on a Google groups discussion:

docker currently inhibits this capability for enhanced safety.

That is because the ulimit settings of the host system apply to the docker container. It is regarded as a security risk that programs running in a container can change the ulimit settings for the host.

The good news is that you have two different solutions to choose from.

  1. Remove sys_resource from lxc_template.go and recompile docker. Then you'll be able to set the ulimit as high as you like.

or

  1. Stop the docker demon. Change the ulimit settings on the host. Start the docker demon. It now has your revised limits, and its child processes as well.

I applied the second method:

  1. sudo service docker stop;

  2. changed the limits in /etc/security/limits.conf

  3. reboot the machine

  4. run my container

  5. run ulimit -a in the container to confirm the open files limit has been inherited.

See: https://groups.google.com/forum/#!searchin/docker-user/limits/docker-user/T45Kc9vD804/v8J_N4gLbacJ

like image 43
dnocode Avatar answered Sep 19 '22 21:09

dnocode
Sign in to Comment

Related questions

Dockerfile CMD instruction will exit the container just after running it
How do you enable BuildKit with docker-compose?
Run jar file in docker image
multi-stage build in docker compose?
What Is The Difference Between Binding Mounts And Volumes While Handling Persistent Data In Docker Containers?
multiple app nodes how to expose jmx in kubernetes?
'docker ps' output formatting: list only names of running containers
Using an IDE while developing on a docker container
Docker - What is proper way to rebuild and push updated image to docker cloud?
do I need to manually tag "latest" when pushing to docker public repository?
Install pip in docker
How to prevent docker-compose building the same image multiple times?
Use of Supervisor in docker
Can't use yum inside Docker container running on CentOS
Docker: How to authenticate for docker push?
How to stop a docker container which started with `--restart=always`
Docker CMD exec-form for multiple command execution
Docker - Bash: IP: command not found
Port forwarding in docker-machine?
What is the default user and password for elasticsearch?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!