<div dir="ltr"><div>Hi,</div><div><br></div><div> I want to ask, if it is really needed to use ulimit or /etc/security/limits.conf to increase max_filedescriptors value? From my testing, it seems not.<br></div><div><br></div><div><br></div><div><b>= my environment:</b></div><div><br></div><div>CentOS 6.9</div><div>Squid 3.1.23 / 3.4.14</div><div><br></div><div><b>- default ulimits for root and other users:</b><br></div><div><br></div><div>[root@...]# ulimit -Sa | grep -- '-n'<br>open files (-n) 1024<br></div><div><div>[root@...]# ulimit -Ha | grep -- '-n'<br>open files (-n) 4096</div><div><br></div><div><b>- default ulimits for squid user:</b><br></div><div><br></div><div>[root@...]# sudo -u squid /bin/bash<br>bash-4.1$ id<br>uid=23(squid) gid=23(squid) groups=23(squid),...<br>bash-4.1$ ulimit -Sa | grep -- '-n'<br>open files (-n) 1024<br>bash-4.1$ ulimit -Ha | grep -- '-n'<br>open files (-n) 4096<br></div><div><br></div><div><b>- processes:</b></div><div><br></div><div>[root@...]# ps aux | grep squid<br>root 7194 0.0 0.1 73524 3492 ? Ss May17 0:00 squid -f /etc/squid/squid.conf<br>squid 7197 0.2 10.9 276080 210156 ? S May17 4:53 (squid) -f /etc/squid/squid.conf<br>squid 7198 0.0 0.0 20080 1084 ? S May17 0:00 (unlinkd)<br></div></div><div><br></div><div><b>- error and warning messages from cache.log:</b><br></div><div><br></div><div>client_side.cc(3070) okToAccept: WARNING! Your cache is running out of filedescriptors<br></div><div><br></div><div>comm_open: socket failure: (24) Too many open files<br></div><div><br></div><div>IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 68: (2) No such file or directory ... (many with different FD)<br></div><div><br></div><div><br></div><div><br></div><div>I found many How-tos like these - <a href="https://access.redhat.com/solutions/63027">https://access.redhat.com/solutions/63027</a> and <a href="https://www.cyberciti.biz/faq/squid-proxy-server-running-out-filedescriptors/">https://www.cyberciti.biz/faq/squid-proxy-server-running-out-filedescriptors/</a>. <span id="gmail-result_box" class="gmail-" lang="en"><span class="gmail-">Both how-tos mention editing the file /etc/security/limits.conf and adding the line "* - nofile 4096" to increase the nofile limit for all users except root - I don't like this. <span id="gmail-result_box" class="gmail-" lang="en"><span class="gmail-">According to my test, see below, this is not necessary, but I want to be sure, so I'm writing here.</span></span></span></span><br></div><div><br></div><div><br></div><div><b>a) Squid default configuration (max_filedesc 0) and default nofile limit (1024/4096):</b></div><div><div><br></div><div>[root@...]# ps aux | grep squid<br>root 17837 0.0 0.1 73524 3496 ? Ss 13:45 0:00 squid -f /etc/squid/squid.conf<br>squid 17840 0.3 0.5 76552 10860 ? S 13:45 0:00 (squid) -f /etc/squid/squid.conf<br>squid 17841 0.0 0.0 20080 1084 ? S 13:45 0:00 (unlinkd)<br></div><div><br></div><div>[root@...]# grep -E "Limit|Max open files" /proc/17837/limits<br>Limit Soft Limit Hard Limit Units<br>Max open files 1024 4096 files</div><div><br></div><div>[root@...]# grep -E "Limit|Max open files" /proc/17840/limits<br>Limit Soft Limit Hard Limit Units<br>Max open files 1024 4096 files</div><div><br></div><div>[root@...]# grep -E "Limit|Max open files" /proc/17841/limits<br>Limit Soft Limit Hard Limit Units<br>Max open files 1024 4096 files</div></div><div><br></div><div><br></div><div><b>b) Squid configuration with max_filedesc 2048 and default nofile limit (1024/4096):</b><br></div><div><br></div><div><div>[root@...]# ps aux | grep squid<br>root 7194 0.0 0.1 73524 3492 ? Ss May17 0:00 squid -f /etc/squid/squid.conf<br>squid 7197 0.2 10.9 276080 210156 ? S May17 4:53 (squid) -f /etc/squid/squid.conf<br>squid 7198 0.0 0.0 20080 1084 ? S May17 0:00 (unlinkd)</div></div><div><br></div><div>[root@...]# grep -E "Limit|Max open files" /proc/7194/limits<br>Limit Soft Limit Hard Limit Units<br>Max open files 1024 4096 files</div><div><br></div><div>[root@...]# grep -E "Limit|Max open files" /proc/7197/limits<br>Limit Soft Limit Hard Limit Units<br>Max open files <b>2048</b> 4096 files</div><div><br></div><div>[root@...]# grep -E "Limit|Max open files" /proc/7198/limits<br>Limit Soft Limit Hard Limit Units<br>Max open files <b>2048</b> 4096 files<br></div><div><br></div><div>- soft nofile limit was increased for processes running under squid user<br></div><div><br></div><div><div><br></div><div><b>c) Squid configuration with max_filedesc 8192 and default nofile limit (1024/4096):</b></div></div><div><br></div><div>[root@...]# ps aux | grep squid<br>root 18734 0.0 0.1 73524 3492 ? Ss 14:00 0:00 squid -f /etc/squid/squid.conf<br>squid 18737 0.3 0.6 80244 11860 ? S 14:00 0:00 (squid) -f /etc/squid/squid.conf<br>squid 18740 0.0 0.0 20080 1088 ? S 14:00 0:00 (unlinkd)</div><div><br></div><div>[root@...]# grep -E "Limit|Max open files" /proc/18734/limits<br>Limit Soft Limit Hard Limit Units<br>Max open files 1024 4096 files</div><div><br></div><div>[root@...]# grep -E "Limit|Max open files" /proc/18737/limits<br>Limit Soft Limit Hard Limit Units<br>Max open files <b>8192</b> <b>8192</b> files</div><div><br></div><div>[root@...]# grep -E "Limit|Max open files" /proc/18740/limits<br>Limit Soft Limit Hard Limit Units<br>Max open files <b>8192</b> <b>8192</b> files<br></div><div><br></div><div>- both soft and hard nofile limits were increased for processes running under squid user</div><div><br></div><div><br></div><div><span id="gmail-result_box" class="gmail-" lang="en"><span class="gmail-">I think, that the limits could be increased in tests b) and c) because the master process runs under the root user. <span id="gmail-result_box" class="gmail-short_text" lang="en"><span class="gmail-">Am I right or not?</span></span></span></span><br></div><div>Or need I to increase the limits for the master proccess too?<br></div><div><br></div><div>Thank you and with best regards,<br></div><div><div><div class="gmail_signature">-- <br>Karel Ziegler<br><br></div></div>
</div></div>