一、系統范圍 system-wide FD (file-descriptor) limits)
1、錯誤消息
[ENFILE] Too many files open in system.
# define ENFILE 23 /* File table overflow */
ENFILE is too many files opened in the entire system.
各進程打開的文件數的總和超過系統的限制。
2、查看
最大值:
cat /proc/sys/fs/file-max
當前值:
cat /proc/sys/fs/file-nr
或者
Sysctl is a tool which provides easy configuration of these kernel parameter.
[root@centos6.9 ~]#
sysctl -a|grep file
fs.file-nr = 576 0 97761
fs.file-max = 97761
[root@
centos7.2~]#
sysctl -a|grep file
fs.file-max = 99148
fs.file-nr = 896 0 99148
fs.xfs.filestream_centisecs = 3000
與查看file-max、file-nr的值一致
fs.file-nr三列:
the number of allocated file handles (i.e., the number of files presently opened);
the number of free file handles;
and the maximum number of file handles
3、調整
現在,系統范圍內的文件描述符限制很少需要手動調整,因為它的默認值與內存成正比。
手動調整:
[root@centos6.9 ~]#
vi /etc/sysctl.conf
......
fs.file-max = 100000
[root@centos6.9 ~]#
sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
fs.file-max = 100000
無需重新啟動
[root@centos6.9 ~]#
cat /proc/sys/fs/file-max
100000
或者
[root@centos6.9 ~]#
echo "200000">/proc/sys/fs/file-max
-----------------------------------------------------------------------
[root@
centos7.2~]#
cat /usr/lib/sysctl.d/00-system.conf
# Kernel sysctl configuration file
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
fs.file-max = 100000
[root@
centos7.2~]#
sysctl -p
需要重新啟動
[root@
centos7.2~]#
cat /proc/sys/fs/file-max
100000
4、更多
CentOS6.9
[root@centos6.9 ~]#
cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
#
# Use '/sbin/sysctl -a' to list all possible parameters.
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
配置文件中沒有關於file-max的默認設置
-----------------------------------------------------------------------
[root@
centos7.2~]#
cat /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
[root@centos7.2~]#
cat /usr/lib/sysctl.d/00-system.conf
# Kernel sysctl configuration file
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
[root@centos7.2 ~]# man sysctl
2、進程范圍 process-specific
1、錯誤消息
[EMFILE] Too many open files.
# define EMFILE 24 /* Too many open files */
EMFILE is too many files opened in your process.
2、查看
[root@centos6.9 ~]#
ulimit -n
1024
[root@centos6.9 ~]#
ulimit -Hn
4096
[root@centos6.9 ~]#
ulimit -Sn
1024
--------------------------------------------------------------------
[root@centos7.2 ~]# ulimit -n
1024
[root@centos7.2 ~]#
ulimit -Hn
4096
[root@centos7.2 ~]#
ulimit -Sn
1024
查看某進程的文件打開數
cat /proc/<pid>/limits
ls -lh /proc/<pid>/fd
ls -lh /proc/<pid>/fd|wc -l
不要使用lsof,lsof最初的目的是列出OpenFiles,但現在它已經增長並列出了其他內容,比如cmd和mmap區域,所以結果是不准確的。
[root@centos6.9 ~]#
ps -ef|grep nginx
root 1459 1 0 00:52 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nginx 1461 1459 0 00:52 ? 00:00:00 nginx: worker process
root 1743 1533 0 03:03 pts/0 00:00:00 grep nginx
[root@centos6.9 ~]#
cat /proc/1459/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 10485760 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 3873 3873 processes
Max open files 1024 4096 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 3873 3873 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
[root@centos6.9 ~]#
ls -lh /proc/1459/fd
total 0
lrwx------. 1 root root 64 Jul 20 02:57 0 -> /dev/null
lrwx------. 1 root root 64 Jul 20 02:57 1 -> /dev/null
l-wx------. 1 root root 64 Jul 20 02:57 2 -> /usr/local/nginx/logs/error.log
lrwx------. 1 root root 64 Jul 20 02:57 3 -> socket:[12618]
l-wx------. 1 root root 64 Jul 20 02:57 4 -> /usr/local/nginx/logs/access.log
l-wx------. 1 root root 64 Jul 20 02:57 5 -> /usr/local/nginx/logs/error.log
lrwx------. 1 root root 64 Jul 20 02:57 6 -> socket:[12615]
lrwx------. 1 root root 64 Jul 20 02:57 7 -> socket:[12619]
[root@centos6-clean sbin]#
ls -lh /proc/1461/fd
total 0
lrwx------. 1 nginx nginx 64 Jul 20 02:57 0 -> /dev/null
lrwx------. 1 nginx nginx 64 Jul 20 02:57 1 -> /dev/null
l-wx------. 1 nginx nginx 64 Jul 20 02:57 2 -> /usr/local/nginx/logs/error.log
l-wx------. 1 nginx nginx 64 Jul 20 02:57 4 -> /usr/local/nginx/logs/access.log
l-wx------. 1 nginx nginx 64 Jul 20 02:57 5 -> /usr/local/nginx/logs/error.log
lrwx------. 1 nginx nginx 64 Jul 20 02:57 6 -> socket:[12615]
lrwx------. 1 nginx nginx 64 Jul 20 02:57 7 -> socket:[12619]
lrwx------. 1 nginx nginx 64 Jul 20 02:57 8 -> [eventpoll]
lrwx------. 1 nginx nginx 64 Jul 20 02:57 9 -> [eventfd]
Nginx父和子進程一共打開多少?
centos7.2與centos6.9類似
3、調整
Soft vs. Hard limits
Soft limits are the current setting for a particular limit. They can be increased only to the current hard limit setting.
Hard limits are the maximum limit that can be configured. Any changes to these require root access.
Soft limits could be set by any user while hard limits are changeable only by root.
(1)使用ulimit進行調整
ulimit的作用是,顯示或修改“當前shell”的resource limits,或者在當前shell中啟動的進程的resource limits。
ulimit命令的特點:
>> 只對當前tty(終端有效),若要每次都生效的話,可以把ulimit參數放到對應用戶的.bash_profile里面;如果放到/etc/profile,針對所有用戶有效。
>> ulimit命令本身就有分軟硬設置,加-H就是硬,加-S就是軟;
硬限制是可以在任何時候任何進程中設置 但硬限制只能由超級用戶提起
軟限制是內核實際執行的限制,任何進程都可以將軟限制設置為任意小於等於對進程限制的硬限制的值
>> 默認顯示的是軟限制,如果運行ulimit命令修改的時候沒有加上的話,就是兩個參數一起改變生效;
[root@centos6.9 ~]#
ulimit -n 2048
[root@centos6.9 ~]#
ulimit -Hn
2048
[root@centos6.9 ~]#
ulimit -Sn
2048
重新登錄后會失效,所以添加到初始文件中
[root@centos6-clean ~]#
vi /etc/profile
......
unset -f pathmunge
ulimit -n 8192
"/etc/profile" 79L, 1857C written
[root@centos6.9 ~]#
source /etc/profile
注意:這個配置會覆蓋limits.conf中的配置
[root@centos6.9 ~]#
ulimit -Hn
8192
[root@centos6.9 ~]#
ulimit -Sn
8192
(2)通過Linux PAM的配置文件進行調整。
nofile - max number of open file descriptors
nproc - max number of processes 要分清楚
limits.conf file is used store limit related configuration. It can be accessed from /etc/security/limits.conf . There s also /etc/security/limits.d directory which can hold multiple configurations files.
/etc/security/limit.conf
/etc/security/limit.d/*.conf
[root@centos6.9 ~]#
vi /etc/security/limits.conf
或者
[root@centos6.9 ~]#
vi /etc/security/limits.d/91-nofile.conf
* - nofile 8192
重新登錄
[root@centos6.9 ~]#
ulimit -Hn
8192
[root@centos6.9 ~]#
ulimit -Sn
8192
--------------------------------------------------------------------------
[root@
centos7.2 ~]#
vi /etc/security/limits.conf
或者
[root@
centos7.2 ~]#
vi /etc/security/limits.d/21-nofile.conf
* - nofile 10240
21-nofile.conf 會覆蓋limits.conf的設置
重新登錄
[root@
centos7.2 ~]#
ulimit -Hn
10240
[root@
centos7.2 ~]#
ulimit -Sn
10240
其他設置形式
* soft nofile 4096
* hard nofile 4096
或者針對用戶
roy soft nofile 8192
roy hard nofile 8192
對於systemd控制的服務,修改limits.conf已沒有意義:
[root@
centos7.2 ~]#
vi /usr/lib/systemd/system/nginx.service
[Service] ... LimitNOFILE=10000
[root@
centos7.2 ~]#
systemctl daemon-reload
Restart nginx:
[root@
centos7.2 ~]#
systemctl restart nginx.service
驗證
[root@localhost ~]#
ps -ef|grep nginx
root 2269 1 0 00:22 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx 2270 2269 0 00:22 ? 00:00:00 nginx: worker process
root 2274 2177 0 00:22 pts/0 00:00:00 grep --color=auto nginx
[root@localhost ~]# cat /proc/2269/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 3899 3899 processes
Max open files 10000 10000 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 3899 3899 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
或者
$ mkdir -p /etc/systemd/system/nginx.service.d/
$ cat /etc/systemd/system/nginx.service.d/limits.conf [Service] LimitNOFILE=10000
$ systemctl daemon-reload
$ systemctl restart nginx
沒有實驗成功。
4、更多
/etc/security/limits.conf和/etc/security/limits.d/*.conf 是Linux PAM的配置文件。
[root@centos6.9 ~]#
cat /etc/security/limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open file descriptors
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#
#<domain> <type> <item> <value>
#
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
# End of file
都是注釋條目
--------------------------------------------------------------------------------------
[root@
centos7.2 ~]#
cat /etc/security/limits.conf
# /etc/security/limits.conf
#
#This file sets the resource limits for the users logged in via PAM.
#It does not affect resource limits of the system services.
#
#Also note that configuration files in /etc/security/limits.d directory,
#which are read in alphabetical order, override the settings in this
#file in case the domain is the same or more specific.
#That means for example that setting a limit for wildcard domain here
#can be overriden with a wildcard setting in a config file in the
#subdirectory, but a user specific setting here can be overriden only
#with a user specific setting in the subdirectory.
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open file descriptors
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
#
#<domain> <type> <item> <value>
#
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
# End of file
都是注釋條目
------------------------------------------------------------------------------------------
參考: