Setting ulimits for docker process and containers in Ubuntu (and possibly other distros)
Ulimit controls the maximum number of system resources that can be allocated to running processes. There is a number of settings. Their current values can be viewed by typing
ulimit -a into the terminal window. The result could be this:
core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 31343 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 31343 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
Very often the default settings are not the best ones for production setups. Applications such as cassandra or elasticsearch require changing the defaults for
open files or
max memory size. The problem I stumbled upon was increasing these values for apps running in docker containers.
Apps running in containers will inherit the limits from their parent process - docker daemon. Typically it is started and managed by upstart (Ubuntu 14.x) or systemd (Ubuntu 16.x) so changing the values in
/etc/security/limits.conf won’t affect them. They need to be set in the specific init scripts.
Upstart (Ubuntu 14.x)
Let’s say we want to increase the limit for
max locked memory to
unlimited and increase the limits for
open files to
1048576 respectively for soft limit and hard limit. To do this in upstart managed docker append to
/etc/init/docker.conf file the lines:
limit nofile 524288 1048576 limit memlock unlimited unlimited
Then save the file, stop the containers if they are running and restart the docker daemon:
sudo service docker restart
To be sure that everything is ok we can check the process' limits by issuing the command:
2238 is pid of our docker daemon process.
Soft limit is the limit enforced by kernel and the hard limit is the ceiling for the resource value for unprivilged processess which can raise its soft limit only to this value. More info on limits
Systemd.service (Ubuntu 16.x)
Let’s say we want to set unlimited locked memory for docker using the systemd. Just append:
/lib/systemd/system/docker.service file. Then again just stop the containers and restart the daemon. You can check the new limits as described above.
TL;DR To increase the limits edit the docker daemon upstart (Ubuntu 14.x) or systemd (Ubuntu 16.x) init scripts.