[libvirt PATCH 6/9] src: set max open file limit to match systemd >= 240 defaults

Daniel P. Berrangé berrange at redhat.com
Wed Jun 21 13:32:29 UTC 2023 

Since systemd 240, all services get an open file hard limit of
500k, and a soft limit of 1024. This limit means apps are safe
to use select() by default which is limited to 1024 FDs. Apps
which don't use select() are expected to simply set their soft
limit to match the hard limit during startup.

With our current unit file settings we've been effectively
reducing the max open files we have on most modern systems.

https://gitlab.com/libvirt/libvirt/-/issues/489
Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
 src/ch/virtchd.service.in        |  9 ++++-----
 src/locking/virtlockd.service.in |  8 ++++----
 src/logging/virtlogd.service.in  | 11 ++++-------
 src/lxc/virtlxcd.service.in      |  9 ++++-----
 src/qemu/virtqemud.service.in    |  9 ++++-----
 src/remote/libvirtd.service.in   |  9 ++++-----
 tests/virshtest.c                |  1 +
 tools/virsh.c                    |  2 +-
 8 files changed, 26 insertions(+), 32 deletions(-)

diff --git a/src/ch/virtchd.service.in b/src/ch/virtchd.service.in
index 6e3b13446f..22314bc907 100644
--- a/src/ch/virtchd.service.in
+++ b/src/ch/virtchd.service.in
@@ -22,11 +22,10 @@ ExecStart=@sbindir@/virtchd $VIRTCHD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
-# At least 2 FD per guest (eg ch monitor + ch socket).
-# eg if we want to support 4096 guests, we'll typically need 8192 FDs
-# If changing this, also consider virtlogd.service & virtlockd.service
-# limits which are also related to number of guests
-LimitNOFILE=8192
+# Raise hard limits to match behaviour of systemd >= 240.
+# During startup, daemon will set soft limit to match hard limit
+# per systemd recommendations
+LimitNOFile=512000:1024
 # The cgroups pids controller can limit the number of tasks started by
 # the daemon, which can limit the number of domains for some hypervisors.
 # A conservative default of 8 tasks per guest results in a TasksMax of
diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
index 23054369d5..f1792dcb43 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -15,10 +15,10 @@ ExecReload=/bin/kill -USR1 $MAINPID
 # cause the machine to be fenced (rebooted), so make
 # sure we discourage OOM killer
 OOMScoreAdjust=-900
-# Needs to allow for max guests * average disks per guest
-# libvirtd.service written to expect 4096 guests, so if we
-# allow for 10 disks per guest, we get:
-LimitNOFILE=40960
+# Raise hard limits to match behaviour of systemd >= 240.
+# During startup, daemon will set soft limit to match hard limit
+# per systemd recommendations
+LimitNOFile=512000:1024
 
 [Install]
 Also=virtlockd.socket
diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
index e4aecd46a7..cef4053f59 100644
--- a/src/logging/virtlogd.service.in
+++ b/src/logging/virtlogd.service.in
@@ -15,13 +15,10 @@ ExecReload=/bin/kill -USR1 $MAINPID
 # cause the machine to be fenced (rebooted), so make
 # sure we discourage OOM killer
 OOMScoreAdjust=-900
-# Need to have at least one file open per guest (eg QEMU
-# stdio log), but might be more (eg serial console logs)
-# A common case is OpenStack which often has up to 4 file
-# handles per guest.
-# libvirtd.service written to expect 4096 guests, so if we
-# guess at 4 files per guest here that is 16k:
-LimitNOFILE=16384
+# Raise hard limits to match behaviour of systemd >= 240.
+# During startup, daemon will set soft limit to match hard limit
+# per systemd recommendations
+LimitNOFile=512000:1024
 
 [Install]
 Also=virtlogd.socket
diff --git a/src/lxc/virtlxcd.service.in b/src/lxc/virtlxcd.service.in
index 06c70ccde2..59d7d26657 100644
--- a/src/lxc/virtlxcd.service.in
+++ b/src/lxc/virtlxcd.service.in
@@ -22,11 +22,10 @@ ExecStart=@sbindir@/virtlxcd $VIRTLXCD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
-# At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent).
-# eg if we want to support 4096 guests, we'll typically need 8192 FDs
-# If changing this, also consider virtlogd.service & virtlockd.service
-# limits which are also related to number of guests
-LimitNOFILE=8192
+# Raise hard limits to match behaviour of systemd >= 240.
+# During startup, daemon will set soft limit to match hard limit
+# per systemd recommendations
+LimitNOFile=512000:1024
 # The cgroups pids controller can limit the number of tasks started by
 # the daemon, which can limit the number of domains for some hypervisors.
 # A conservative default of 8 tasks per guest results in a TasksMax of
diff --git a/src/qemu/virtqemud.service.in b/src/qemu/virtqemud.service.in
index 46917b746d..7e02f7ab51 100644
--- a/src/qemu/virtqemud.service.in
+++ b/src/qemu/virtqemud.service.in
@@ -24,11 +24,10 @@ ExecStart=@sbindir@/virtqemud $VIRTQEMUD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
-# At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent).
-# eg if we want to support 4096 guests, we'll typically need 8192 FDs
-# If changing this, also consider virtlogd.service & virtlockd.service
-# limits which are also related to number of guests
-LimitNOFILE=8192
+# Raise hard limits to match behaviour of systemd >= 240.
+# During startup, daemon will set soft limit to match hard limit
+# per systemd recommendations
+LimitNOFile=512000:1024
 # The cgroups pids controller can limit the number of tasks started by
 # the daemon, which can limit the number of domains for some hypervisors.
 # A conservative default of 8 tasks per guest results in a TasksMax of
diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
index afda257228..28bcdb1220 100644
--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
@@ -29,11 +29,10 @@ ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
-# At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent).
-# eg if we want to support 4096 guests, we'll typically need 8192 FDs
-# If changing this, also consider virtlogd.service & virtlockd.service
-# limits which are also related to number of guests
-LimitNOFILE=8192
+# Raise hard limits to match behaviour of systemd >= 240.
+# During startup, daemon will set soft limit to match hard limit
+# per systemd recommendations
+LimitNOFile=512000:1024
 # The cgroups pids controller can limit the number of tasks started by
 # the daemon, which can limit the number of domains for some hypervisors.
 # A conservative default of 8 tasks per guest results in a TasksMax of
diff --git a/tests/virshtest.c b/tests/virshtest.c
index cf834bb847..022cd075f9 100644
--- a/tests/virshtest.c
+++ b/tests/virshtest.c
@@ -118,6 +118,7 @@ testCompareOutputLit(const char *expectData,
 
     cmd = virCommandNewArgs(argv);
 
+    virCommandAddEnvPassCommon(cmd);
     virCommandAddEnvString(cmd, "LANG=C");
     virCommandSetInputBuffer(cmd, empty);
     virCommandSetOutputBuffer(cmd, &actualData);
diff --git a/tools/virsh.c b/tools/virsh.c
index 963e886860..55a1ffca86 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -123,7 +123,7 @@ virshConnect(vshControl *ctl, const char *uri, bool readonly)
         keepalive_forced = true;
     }
 
-    if (virPolkitAgentAvailable() &&
+    if (0 && virPolkitAgentAvailable() &&
         !(pkagent = virPolkitAgentCreate()))
         virResetLastError();
 
-- 
2.40.1

More information about the libvir-list mailing list