how to set ulimit / file descriptor on docker container the image tag is phusion/baseimage-docker

docker ulimit

I need to set the file descriptor limit correctly on the docker container I connect to container with ssh (https://github.com/phusion/baseimage-docker)

Already tried:

  • edit limits.conf the container ignore this file
  • upstart procedure found at https://coderwall.com/p/myodcq but this docker image has different kind of init process. (runit)
  • I tried to modify configuration of pam library in /etc/pam.d
  • try to enabled pam for ssh in sshd_config

The output it always the same. 

bash: ulimit: open files: cannot modify limit: Operation not permitted

Solution 1:

The latest docker supports setting ulimits through the command line and the API. For instance, docker run takes --ulimit <type>=<soft>:<hard> and there can be as many of these as you like. So, for your nofile, an example would be --ulimit nofile=262144:262144

Solution 2:

After some searching I found this on a Google groups discussion:

docker currently inhibits this capability for enhanced safety.

That is because the ulimit settings of the host system apply to the docker container. It is regarded as a security risk that programs running in a container can change the ulimit settings for the host.

The good news is that you have two different solutions to choose from.

  1. Remove sys_resource from lxc_template.go and recompile docker. Then you'll be able to set the ulimit as high as you like.

or

  1. Stop the docker demon. Change the ulimit settings on the host. Start the docker demon. It now has your revised limits, and its child processes as well.

I applied the second method:

  1. sudo service docker stop;

  2. changed the limits in /etc/security/limits.conf

  3. reboot the machine

  4. run my container

  5. run ulimit -a in the container to confirm the open files limit has been inherited.

See: https://groups.google.com/forum/#!searchin/docker-user/limits/docker-user/T45Kc9vD804/v8J_N4gLbacJ

Solution 3:

If using the docker-compose file, Based on docker compose version 2.x We can set like as below, by overriding the default config.

ulimits:
  nproc: 65535
  nofile:
    soft: 26677
    hard: 46677

https://docs.docker.com/compose/compose-file/compose-file-v3/

Solution 4:

I have tried many options and unsure as to why a few solutions suggested above work on one machine and not on others.

A solution that works and that is simple and can work per container is:

docker run --ulimit memlock=819200000:819200000 -h <docker_host_name> --name=current -v /home/user_home:/user_home -i -d -t docker_user_name/image_name

Solution 5:

Actually, I have tried the above answer, but it did not seem to work.

To get my containers to acknowledge the ulimit change, I had to update the docker.conf file before starting them:

$ sudo service docker stop
$ sudo bash -c "echo \"limit nofile 262144 262144\" >> /etc/init/docker.conf"
$ sudo service docker start

Related

Do Custom Elements require a dash in their name?
ES6 Tail Recursion Optimisation Stack Overflow
ReSharper conventions for names of event handlers
Class is implemented in both, One of the two will be used. Which one is undefined
What is the difference between std::atoi() and std::stoi?
How can I embed Lua in Java?
Django: How to get current user in admin forms?
Debugging template instantiations
jQuery.getScript alternative in native JavaScript
Bmp to jpg/png in C#
Android how to create triangle and rectangle shape programmatically?
How does OpenMP handle nested loops?