No limits!! We may all like to have no limits, but is it really a good idea?? In general, when there are no limits, 'there will be dragons'. The same goes for limits.conf, even if for test servers, a truly unlimited limit.conf helps!
What is it limits.conf?
the limits.conf The file contains the resource limit settings for the Linux operating system. When your Linux computer was installed, the file was created as part of the installation and contained values for resources such as virtual memory size, the maximum number of files and more.
These values are set to preset limits to ensure that your Linux system is not easily overloaded. Opposite case, a rogue program or procedure could easily stop an otherwise functioning system. Imagine, as an example, a situation where you set the maximum number of open files to unlimited, and a fraudulent procedure (what is a procedure with a fault, or even a piece of malicious software such as a virus or malware) now start opening the file. after file on system.
Soon, the system will run out of a resource it needs to handle all these open files. Whether the processor in your system (the CPU), or memory or even disk in some cases, where, as an example, we may have set the maximum kernel file size as unlimited, and we run large processes on a system with a lot of memory and little free space remaining, or a small root drive.
In summary, using the limits.conf configuration file, an user (the system administrator) you can specify limits on the resources available to the user and to the system.
The format of the limits.conf file (residing in /etc/security/) is well defined. Generally, we will specify an applicable domain (as a user, a group and even wildcards like *), a type (soft or hard limit), an element that the rule relates to (As the nofile element that sets the maximum number of open files, the locks element that sets the maximum number of file locks a user can maintain, etc.) and finally a value (the actual configuration / maxim).
The header of the limits.conf file clearly states it with an appropriate amount of detail:
If you want to read more about each specific item and other configuration settings with the limits.conf file, just run:
man limits.conf
On the indicator of your terminal.
Go unlimited
Usually, for all intents and purposes, one should never go unlimited with limits.conf. Then, You can ask, why this post? Well, whenever there is a rule, there is a valid exception. The exception, in this circumstance, is for testing servers. When performing tests or quality control work of any kind, you will often encounter the limits of a system.
Set things up as unlimited, with proper test framework configuration / quality control to take care of system resource management, is a valid exception to maintain reasonable and system-specific limits within limits.conf. For all other servers, as indicated, one configuration per server is preferred and recommended.
Without any more preambles, let's introduce a script that sets all variables and options in limits.conf to unlimited. This script is based on the GPLv2 license. setup_server.sh script in the mariadb-qa repository on GitHub. In addition, you may be interested in exploring this script for other files that you can adopt towards unlimited configurations for a test server configuration., as an example /etc/sysctl.conf settings and /etc/systemd/logind.conf
To configure a server as unlimited, run the following script at the server terminal prompt (test) you want to set as unlimited.
Warning: keep in mind that doing this on a production machine is probably not a good idea unless you have a solid understanding of the change you are making, as explained in part in this post, and is doing it for a specific and valid reason. Making this change also has significant security implications., and it is recommended to do it only on a machine that is behind a firewall and VPN, In other words, not a public facing server. TLDR; Proceeding to implement this is at your own risk.
You should also know that to use a high number (greater than ~ 20000) for soft and hard nproc can cause system instability and hangs on Centos 7, even when not in Ubuntu 18, 19 and 20. Me, and other engineers with me, we have I used this configuration for quite some time to test servers, and for that application, it is ideal. Tenga en cuenta que todas las configuraciones son ilimitadas excepto nofile para el cual 1048576 es el máximo.
sudo bash -c "cat << EOF > /etc/security/limits.conf
* soft core unlimited
* hard core unlimited
* soft data unlimited
* hard data unlimited
* soft fsize unlimited
* hard fsize unlimited
* soft memlock unlimited
* hard memlock unlimited
* soft nofile 1048576
* hard nofile 1048576
* soft rss unlimited
* hard rss unlimited
* soft stack unlimited
* hard stack unlimited
* soft cpu unlimited
* hard cpu unlimited
* soft nproc unlimited
* hard nproc unlimited
* soft as unlimited
* hard as unlimited
* soft maxlogins unlimited
* hard maxlogins unlimited
* soft maxsyslogins unlimited
* hard maxsyslogins unlimited
* soft locks unlimited
* hard locks unlimited
* soft sigpending unlimited
* hard sigpending unlimited
* soft msgqueue unlimited
* hard msgqueue unlimited
EOF"
Una vez que haya ejecutado esto, simply restart your server to load all new configuration settings. You won't notice any difference, except that your test runs, if they were very resource intensive, they will no longer stop at various boundary setting issues.
Having said this, as previously stated, will need, as part of your testing framework, a robust watchdog and server resource monitoring procedure to ensure your server is not overused, which often results in hangs and reboot requirements. In a future post, it is feasible that it provides the basics for such a script from where you can expand it to cover your own setup.
Ending
There are valid use cases to configure /etc/security/limits.conf to all possible maximums. In general, They are rare (and test servers are a notable exception).
In this post, we learned more about limits.conf: why it exists and how to change its configuration. We explore the limits.conf format, syntax and idioms and listed a simple script that can determine all of our settings as unlimited.
Even if you want to configure your server to lower limits, the script is easy to adapt and can be integrated (as GPLv2 code as described) in your own scripts: just change unlimited to the desired values. This is also a simple way to quickly set up a server with the desired values and, because, unify and code your farm. limits.conf setting.
Enjoy!
