From 428d7337e808ec5f4dba1b0aceda002f295cc320 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 12 Jul 2016 22:54:56 +0200 Subject: [PATCH] Don't set ulimits (nproc) There is a not-insignificant performance overhead for all containers (if containerd is a child of Docker, which is the current setup) if rlimits are set on the main Docker daemon process (because the limits propogate to all children). We recommend using cgroups to do container-local accounting. This applies the change added in 8db61095a3d0bcb0733580734ba5d54bc27a614d to other init scripts. Note that nfile cannot be set to unlimited, and the limit is hardcoded to 1048576 (2^20) , see: http://stackoverflow.com/a/1213069/1811501 Signed-off-by: Sebastiaan van Stijn --- contrib/init/openrc/docker.initd | 5 ++++- contrib/init/systemd/docker.service | 2 +- contrib/init/sysvinit-debian/docker | 7 +++++-- contrib/init/upstart/docker.conf | 6 +++++- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd index f2e1536a96..5d3160338a 100644 --- a/contrib/init/openrc/docker.initd +++ b/contrib/init/openrc/docker.initd @@ -13,7 +13,10 @@ start_pre() { checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE" ulimit -n 1048576 - ulimit -u 1048576 + + # Having non-zero limits causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. + ulimit -u unlimited return 0 } diff --git a/contrib/init/systemd/docker.service b/contrib/init/systemd/docker.service index c3f3472472..5024c96525 100644 --- a/contrib/init/systemd/docker.service +++ b/contrib/init/systemd/docker.service @@ -11,9 +11,9 @@ Type=notify # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// ExecReload=/bin/kill -s HUP $MAINPID +LimitNOFILE=1048576 # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. -LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. diff --git a/contrib/init/sysvinit-debian/docker b/contrib/init/sysvinit-debian/docker index 047af417f3..034f9601e8 100755 --- a/contrib/init/sysvinit-debian/docker +++ b/contrib/init/sysvinit-debian/docker @@ -94,10 +94,13 @@ case "$1" in chgrp docker "$DOCKER_LOGFILE" ulimit -n 1048576 + + # Having non-zero limits causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. if [ "$BASH" ]; then - ulimit -u 1048576 + ulimit -u unlimited else - ulimit -p 1048576 + ulimit -p unlimited fi log_begin_msg "Starting $DOCKER_DESC: $BASE" diff --git a/contrib/init/upstart/docker.conf b/contrib/init/upstart/docker.conf index b5ad74a6af..29a66de476 100644 --- a/contrib/init/upstart/docker.conf +++ b/contrib/init/upstart/docker.conf @@ -2,8 +2,12 @@ description "Docker daemon" start on (filesystem and net-device-up IFACE!=lo) stop on runlevel [!2345] + limit nofile 524288 1048576 -limit nproc 524288 1048576 + +# Having non-zero limits causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +limit nproc unlimited unlimited respawn