Hi,
I want to ask, if it is really needed to use ulimit or /etc/security/limits.conf to increase max_filedescriptors value? From my testing, it seems not.
= my environment:
CentOS 6.9
Squid 3.1.23 / 3.4.14
- default ulimits for root and other users:
[root@...]# ulimit -Sa | grep -- '-n'
open files (-n) 1024
open files (-n) 1024
[root@...]# ulimit -Ha | grep -- '-n'
open files (-n) 4096
open files (-n) 4096
- default ulimits for squid user:
[root@...]# sudo -u squid /bin/bash
bash-4.1$ id
uid=23(squid) gid=23(squid) groups=23(squid),...
bash-4.1$ ulimit -Sa | grep -- '-n'
open files (-n) 1024
bash-4.1$ ulimit -Ha | grep -- '-n'
open files (-n) 4096
bash-4.1$ id
uid=23(squid) gid=23(squid) groups=23(squid),...
bash-4.1$ ulimit -Sa | grep -- '-n'
open files (-n) 1024
bash-4.1$ ulimit -Ha | grep -- '-n'
open files (-n) 4096
- processes:
[root@...]# ps aux | grep squid
root 7194 0.0 0.1 73524 3492 ? Ss May17 0:00 squid -f /etc/squid/squid.conf
squid 7197 0.2 10.9 276080 210156 ? S May17 4:53 (squid) -f /etc/squid/squid.conf
squid 7198 0.0 0.0 20080 1084 ? S May17 0:00 (unlinkd)
root 7194 0.0 0.1 73524 3492 ? Ss May17 0:00 squid -f /etc/squid/squid.conf
squid 7197 0.2 10.9 276080 210156 ? S May17 4:53 (squid) -f /etc/squid/squid.conf
squid 7198 0.0 0.0 20080 1084 ? S May17 0:00 (unlinkd)
- error and warning messages from cache.log:
client_side.cc(3070) okToAccept: WARNING! Your cache is running out of filedescriptors
comm_open: socket failure: (24) Too many open files
IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 68: (2) No such file or directory ... (many with different FD)
I found many How-tos like these - https://access.redhat.com/solutions/63027 and https://www.cyberciti.biz/faq/squid-proxy-server-running-out-filedescriptors/. Both how-tos mention editing the file /etc/security/limits.conf and adding the line "* - nofile 4096" to increase the nofile limit for all users except root - I don't like this. According to my test, see below, this is not necessary, but I want to be sure, so I'm writing here.
a) Squid default configuration (max_filedesc 0) and default nofile limit (1024/4096):
[root@...]# ps aux | grep squid
root 17837 0.0 0.1 73524 3496 ? Ss 13:45 0:00 squid -f /etc/squid/squid.conf
squid 17840 0.3 0.5 76552 10860 ? S 13:45 0:00 (squid) -f /etc/squid/squid.conf
squid 17841 0.0 0.0 20080 1084 ? S 13:45 0:00 (unlinkd)
root 17837 0.0 0.1 73524 3496 ? Ss 13:45 0:00 squid -f /etc/squid/squid.conf
squid 17840 0.3 0.5 76552 10860 ? S 13:45 0:00 (squid) -f /etc/squid/squid.conf
squid 17841 0.0 0.0 20080 1084 ? S 13:45 0:00 (unlinkd)
[root@...]# grep -E "Limit|Max open files" /proc/17837/limits
Limit Soft Limit Hard Limit Units
Max open files 1024 4096 files
Limit Soft Limit Hard Limit Units
Max open files 1024 4096 files
[root@...]# grep -E "Limit|Max open files" /proc/17840/limits
Limit Soft Limit Hard Limit Units
Max open files 1024 4096 files
Limit Soft Limit Hard Limit Units
Max open files 1024 4096 files
[root@...]# grep -E "Limit|Max open files" /proc/17841/limits
Limit Soft Limit Hard Limit Units
Max open files 1024 4096 files
Limit Soft Limit Hard Limit Units
Max open files 1024 4096 files
b) Squid configuration with max_filedesc 2048 and default nofile limit (1024/4096):
[root@...]# ps aux | grep squid
root 7194 0.0 0.1 73524 3492 ? Ss May17 0:00 squid -f /etc/squid/squid.conf
squid 7197 0.2 10.9 276080 210156 ? S May17 4:53 (squid) -f /etc/squid/squid.conf
squid 7198 0.0 0.0 20080 1084 ? S May17 0:00 (unlinkd)
root 7194 0.0 0.1 73524 3492 ? Ss May17 0:00 squid -f /etc/squid/squid.conf
squid 7197 0.2 10.9 276080 210156 ? S May17 4:53 (squid) -f /etc/squid/squid.conf
squid 7198 0.0 0.0 20080 1084 ? S May17 0:00 (unlinkd)
[root@...]# grep -E "Limit|Max open files" /proc/7194/limits
Limit Soft Limit Hard Limit Units
Max open files 1024 4096 files
Limit Soft Limit Hard Limit Units
Max open files 1024 4096 files
[root@...]# grep -E "Limit|Max open files" /proc/7197/limits
Limit Soft Limit Hard Limit Units
Max open files 2048 4096 files
Limit Soft Limit Hard Limit Units
Max open files 2048 4096 files
[root@...]# grep -E "Limit|Max open files" /proc/7198/limits
Limit Soft Limit Hard Limit Units
Max open files 2048 4096 files
Limit Soft Limit Hard Limit Units
Max open files 2048 4096 files
- soft nofile limit was increased for processes running under squid user
c) Squid configuration with max_filedesc 8192 and default nofile limit (1024/4096):
[root@...]# ps aux | grep squid
root 18734 0.0 0.1 73524 3492 ? Ss 14:00 0:00 squid -f /etc/squid/squid.conf
squid 18737 0.3 0.6 80244 11860 ? S 14:00 0:00 (squid) -f /etc/squid/squid.conf
squid 18740 0.0 0.0 20080 1088 ? S 14:00 0:00 (unlinkd)
root 18734 0.0 0.1 73524 3492 ? Ss 14:00 0:00 squid -f /etc/squid/squid.conf
squid 18737 0.3 0.6 80244 11860 ? S 14:00 0:00 (squid) -f /etc/squid/squid.conf
squid 18740 0.0 0.0 20080 1088 ? S 14:00 0:00 (unlinkd)
[root@...]# grep -E "Limit|Max open files" /proc/18734/limits
Limit Soft Limit Hard Limit Units
Max open files 1024 4096 files
Limit Soft Limit Hard Limit Units
Max open files 1024 4096 files
[root@...]# grep -E "Limit|Max open files" /proc/18737/limits
Limit Soft Limit Hard Limit Units
Max open files 8192 8192 files
Limit Soft Limit Hard Limit Units
Max open files 8192 8192 files
[root@...]# grep -E "Limit|Max open files" /proc/18740/limits
Limit Soft Limit Hard Limit Units
Max open files 8192 8192 files
Limit Soft Limit Hard Limit Units
Max open files 8192 8192 files
- both soft and hard nofile limits were increased for processes running under squid user
I think, that the limits could be increased in tests b) and c) because the master process runs under the root user. Am I right or not?
Or need I to increase the limits for the master proccess too?
Thank you and with best regards,
--
Karel Ziegler
Karel Ziegler
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
