________________________________
From: Eliezer Croitoru <eliezer@xxxxxxxxxxxx>
>
> You will need to use:> ulimit -Hn 65535
>
> first and after this apply the lower limit:
> ulimit -n 16384
>
> As Amos suggested, since squid almost 100% requires root privileges then you can add to the openrc or system startup
> service\script the specific limit you want to apply in the scope of any start\restart of the service(squid).
Many thanks to both of you.
I created 01_squid.conf in /etc/security/limits.d/ with:
* hard nofile 65535
* soft nofile 16384
I then restarted squid, and haven't had any issues for the last 24+ hours.
I was hoping to change that file to:
squid hard nofile 65535
squid soft nofile 16384
However, correct me if I'm wrong, but it seems to me that you're saying that Squid adjusts the limit as "root" user, not as the squid user.
I have these main processes:
root 5690 0.0 0.0 87444 5676 ? Ss Aug31 0:00 /usr/sbin/squid -YC -f /etc/squid/squid.conf -n squid
squid 5694 2.9 3.3 1188628 1109564 ? S Aug31 55:06 (squid-1) -YC -f /etc/squid/squid.conf -n squid
So, is it preferable to use the squid user name in limits.conf's "domain" field, or should I use your method by modifying my openrc init script?
BTW my system is Gentoo, and here's what I can read in the default openrc init script:
# Maximum file descriptors squid can open is determined by:
# a basic default of N=1024
# ... altered by ./configure --with-filedescriptors=N
# ... overridden on production by squid.conf max_filedescriptors (if,
# and only if, setrlimit() RLIMIT_NOFILE is able to be built+used).
# Since we do not configure hard coded # of filedescriptors anymore,
# there is no need for ulimit calls in the init script.
# Use max_filedescriptors in squid.conf instead.
... and here's the start function:
start() {
checkconfig || return 1
checkpath -d -q -m 0750 -o squid:squid /run/${SVCNAME}
ebegin "Starting ${SVCNAME} (service name ${SVCNAME//[^[:alnum:]]/})"
KRB5_KTNAME="${SQUID_KEYTAB}" /usr/sbin/squid ${SQUID_OPTS} -f /etc/squid/${SVCNAME}.conf -n ${SVCNAME//[^[:alnum:]]/}
eend $? && sleep 1
}
The thing is that if Gentoo's default hard ulimit is x then I can't just set max_filedescriptors to a value >x in squid.conf. It simply won't work. Or will it?
When squid starts up as root, can it increase via setrlimit() to whatever value is in max_filedescriptors even if ulimit -Ha shows a lower value for nofiles?
These are the defaults on my system:
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 127512
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 127512
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
# ulimit -Ha
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 127512
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 4096
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) unlimited
cpu time (seconds, -t) unlimited
max user processes (-u) 127512
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
So, if I were to use your method I guess I would need to modify the init script's start() function like this:
start() {
[...]
ulimit -Hn 65535
ulimit -n 16384
ebegin "Starting ${SVCNAME} (service name ${SVCNAME//[^[:alnum:]]/})"
KRB5_KTNAME="${SQUID_KEYTAB}" /usr/sbin/squid ${SQUID_OPTS} -f /etc/squid/${SVCNAME}.conf -n ${SVCNAME//[^[:alnum:]]/}
[...]
Vieri
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
