From c177987f81171845324a71ad6b7bffe6b151379e Mon Sep 17 00:00:00 2001 From: Gregory Thiemonge Date: Thu, 22 Apr 2021 10:58:08 +0200 Subject: [PATCH] Update nr_open limit value in the amphora Using haproxy 2.x, the ideal rlimit value for nr_open is close to connection_limit * 2.5 (see compute_ideal_* in src/haproxy.c). Set this limit to 2,600,000 in the amphora to support a loadbalancer with maxconn 1M. This prevents the following warning messages when launching/reloading haproxy: * "Cannot raise FD limit to 2375058, limit is 2097152." * "FD limit (2097152) too low for maxconn=950000/maxsock=2375058. Please raise 'ulimit-n' to 2375058 or more to avoid any trouble." Change-Id: I6251cd17bd6fa9faf5109e50c2190dda3614908d (cherry picked from commit 4174f4a5a47a208d7cb7fa6d736f5bb20e995b64) (cherry picked from commit f55376bf5d715e5c1f0b3ace6c2190f8e9def28a) --- .../haproxy-octavia/post-install.d/20-haproxy-tune-kernel | 4 ++-- .../backends/agent/api_server/templates/systemd.conf.j2 | 2 +- .../notes/fix-nr_open-limit-value-7f475c3e301a608d.yaml | 6 ++++++ 3 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/fix-nr_open-limit-value-7f475c3e301a608d.yaml diff --git a/elements/haproxy-octavia/post-install.d/20-haproxy-tune-kernel b/elements/haproxy-octavia/post-install.d/20-haproxy-tune-kernel index 00f68cc508..cfe0e70215 100755 --- a/elements/haproxy-octavia/post-install.d/20-haproxy-tune-kernel +++ b/elements/haproxy-octavia/post-install.d/20-haproxy-tune-kernel @@ -12,8 +12,8 @@ sysctl-write-value net.core.somaxconn 65534 sysctl-write-value net.ipv4.tcp_synack_retries 3 sysctl-write-value net.core.netdev_max_backlog 100000 # This should allow HAProxy maxconn to be 1,000,000 -sysctl-write-value fs.file-max 2097152 -sysctl-write-value fs.nr_open 2097152 +sysctl-write-value fs.file-max 2600000 +sysctl-write-value fs.nr_open 2600000 # It's ok for these to fail if conntrack module isn't loaded sysctl-write-value net.netfilter.nf_conntrack_tcp_timeout_time_wait 5 || true diff --git a/octavia/amphorae/backends/agent/api_server/templates/systemd.conf.j2 b/octavia/amphorae/backends/agent/api_server/templates/systemd.conf.j2 index 9a835cdc41..545486e3a7 100644 --- a/octavia/amphorae/backends/agent/api_server/templates/systemd.conf.j2 +++ b/octavia/amphorae/backends/agent/api_server/templates/systemd.conf.j2 @@ -30,7 +30,7 @@ Type=notify KillMode=mixed Restart=always -LimitNOFILE=2097152 +LimitNOFILE=2600000 [Install] WantedBy=multi-user.target diff --git a/releasenotes/notes/fix-nr_open-limit-value-7f475c3e301a608d.yaml b/releasenotes/notes/fix-nr_open-limit-value-7f475c3e301a608d.yaml new file mode 100644 index 0000000000..5976cdc9bb --- /dev/null +++ b/releasenotes/notes/fix-nr_open-limit-value-7f475c3e301a608d.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Increase the limit value for nr_open and file-max in the amphora, the new + value is based on what HAProxy 2.x is expecting from the system with the + greatest maxconn value that Octavia can set.