Increase NOFILE limit for tox-bootstrapd

tox-bootstrapd can use around 600 TCP sockets during TCP server's normal functioning. Many systems default to having a soft limit of 1024 open file descriptors, which we are close to reaching, so it was suggested we bump that limit to a higher number. iphy suggested increasing it to 32768.
author: Maxim Biro <nurupo.contributions@gmail.com> 2018-10-18 04:23:21 -0400
committer: Maxim Biro <nurupo.contributions@gmail.com> 2018-11-04 20:10:09 -0500
commit: 5530e417428c7d5a3165db65ae4dc9f6086b3eb2 (patch)
tree: 20841e9e9be92bcb0758d19ff7ec6f303a65be2b /other
parent: b56166f5a6dd2eaef4861c50cbb11b3568aa040e (diff)
4 files changed, 65 insertions, 4 deletions
diff --git a/other/bootstrap_daemon/README.md b/other/bootstrap_daemon/README.md
index 848f9fa1..541305b1 100644
--- a/other/bootstrap_daemon/README.md
+++ b/other/bootstrap_daemon/README.md
@@ -219,7 +219,7 @@ sudo docker build -t tox-bootstrapd docker/
 sudo useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
 sudo chmod 700 /var/lib/tox-bootstrapd
-sudo docker run -d --name tox-bootstrapd --restart always -v /var/lib/tox-bootstrapd/:/var/lib/tox-bootstrapd/ -p 443:443 -p 3389:3389 -p 33445:33445 -p 33445:33445/udp tox-bootstrapd
+sudo docker run -d --name tox-bootstrapd --restart always -v /var/lib/tox-bootstrapd/:/var/lib/tox-bootstrapd/ --ulimit nofile=32768:32768 -p 443:443 -p 3389:3389 -p 33445:33445 -p 33445:33445/udp tox-bootstrapd
 ```
 We create a new user and protect its home directory in order to mount it in the Docker image, so that the kyepair the daemon uses would be stored on the host system, which makes it less likely that you would loose the keypair while playing with or updating the Docker container.
diff --git a/other/bootstrap_daemon/src/tox-bootstrapd.c b/other/bootstrap_daemon/src/tox-bootstrapd.c
index 5dba9dcc..88f45494 100644
--- a/other/bootstrap_daemon/src/tox-bootstrapd.c
+++ b/other/bootstrap_daemon/src/tox-bootstrapd.c
@@ -27,11 +27,14 @@
 #endif
 // system provided
+#include <sys/resource.h>
 #include <sys/stat.h>
-#include <signal.h> // for POSIX sigaction(2)
+#include <signal.h> // system header, rather than C, because we need it for POSIX sigaction(2)
 #include <unistd.h>
 // C
+#include <assert.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -424,6 +427,30 @@ int main(int argc, char *argv[])
        if (tcp_server != nullptr) {
            log_write(LOG_LEVEL_INFO, "Initialized Tox TCP server successfully.\n");
+            struct rlimit limit;
+            const rlim_t rlim_suggested = 32768;
+            const rlim_t rlim_min = 4096;
+            assert(rlim_suggested >= rlim_min);
+            if (!getrlimit(RLIMIT_NOFILE, &limit)) {
+                if (limit.rlim_cur < limit.rlim_max) {
+                    // Some systems have a hard limit of over 1000000 open file descriptors, so let's cap it at something reasonable
+                    // so that we don't set it to an unreasonably high number.
+                    limit.rlim_cur = limit.rlim_max > rlim_suggested ? rlim_suggested : limit.rlim_max;
+                    setrlimit(RLIMIT_NOFILE, &limit);
+                }
+            }
+            if (!getrlimit(RLIMIT_NOFILE, &limit) && limit.rlim_cur < rlim_min) {
+                log_write(LOG_LEVEL_WARNING,
+                          "Current limit on the number of files this process can open (%ju) is rather low for the proper functioning of the TCP server. "
+                          "Consider raising the limit to at least %ju or the recommended %ju. "
+                          "Continuing using the current limit (%ju).\n",
+                          (uintmax_t)limit.rlim_cur, (uintmax_t)rlim_min, (uintmax_t)rlim_suggested, (uintmax_t)limit.rlim_cur);
+            }
        } else {
            log_write(LOG_LEVEL_ERROR, "Couldn't initialize Tox TCP server. Exiting.\n");
            kill_onion_announce(onion_a);
diff --git a/other/bootstrap_daemon/tox-bootstrapd.service b/other/bootstrap_daemon/tox-bootstrapd.service
index 20f698d2..88ea9afa 100644
--- a/other/bootstrap_daemon/tox-bootstrapd.service
+++ b/other/bootstrap_daemon/tox-bootstrapd.service
@@ -11,6 +11,9 @@ WorkingDirectory=/var/lib/tox-bootstrapd
 ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf
 User=tox-bootstrapd
 Group=tox-bootstrapd
+# TCP Server needs to be able to have lots of TCP sockets open.
+LimitNOFILE=32768
+# Uncomment to allow binding to ports < 1024, e.g. 443 (HTTPS) for TCP Server
 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 [Install]
diff --git a/other/bootstrap_daemon/tox-bootstrapd.sh b/other/bootstrap_daemon/tox-bootstrapd.sh
index d33c38da..5f1e5c68 100644
--- a/other/bootstrap_daemon/tox-bootstrapd.sh
+++ b/other/bootstrap_daemon/tox-bootstrapd.sh
@@ -1,4 +1,4 @@
-#! /bin/sh
+#! /bin/bash
 ### BEGIN INIT INFO
 # Provides:          tox-bootstrapd
 # Required-Start:    $remote_fs $syslog
@@ -22,6 +22,35 @@ SCRIPTNAME=/etc/init.d/$NAME
 USER=tox-bootstrapd
 GROUP=tox-bootstrapd
+# Set ulimit -n based on number of fds available.
+# This check is borrowed from Debian's tor package, with a few modifications.
+if [ -r /proc/sys/fs/file-max ]; then
+        system_max=$(cat /proc/sys/fs/file-max)
+        if [ "$system_max" -gt "80000" ] ; then
+                MAX_FILEDESCRIPTORS=32768
+        elif [ "$system_max" -gt "40000" ] ; then
+                MAX_FILEDESCRIPTORS=16384
+        elif [ "$system_max" -gt "20000" ] ; then
+                MAX_FILEDESCRIPTORS=8192
+        elif [ "$system_max" -gt "10000" ] ; then
+                MAX_FILEDESCRIPTORS=4096
+        else
+                MAX_FILEDESCRIPTORS=1024
+                cat << EOF
+Warning: Your system has very few file descriptors available in total.
+Maybe you should try raising that by adding 'fs.file-max=100000' to your
+/etc/sysctl.conf file.  Feel free to pick any number that you deem appropriate.
+Then run 'sysctl -p'.  See /proc/sys/fs/file-max for the current value, and
+file-nr in the same directory for how many of those are used at the moment.
+EOF
+        fi
+else
+        MAX_FILEDESCRIPTORS=32768
+fi
 # Exit if the package is not installed
 [ -x "$DAEMON" ] || exit 0
@@ -48,6 +77,8 @@ do_start()
        fi
        chown $USER:$GROUP $PIDDIR
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test --chuid $USER > /dev/null || return 1
+        # TCP Server needs to be able to have lots of TCP sockets open.
+        ulimit -n $MAX_FILEDESCRIPTORS
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- $DAEMON_ARGS || return 2
 }
@@ -113,4 +144,4 @@ case "$1" in
        exit 3
        ;;
 esac
-exit 0
-\ No newline at end of file
+exit 0
author	Maxim Biro <nurupo.contributions@gmail.com>	2018-10-18 04:23:21 -0400
committer	Maxim Biro <nurupo.contributions@gmail.com>	2018-11-04 20:10:09 -0500
commit	5530e417428c7d5a3165db65ae4dc9f6086b3eb2 (patch)
tree	20841e9e9be92bcb0758d19ff7ec6f303a65be2b /other
parent	b56166f5a6dd2eaef4861c50cbb11b3568aa040e (diff)

diff --git a/other/bootstrap_daemon/README.md b/other/bootstrap_daemon/README.md index 848f9fa1..541305b1 100644 --- a/other/bootstrap_daemon/README.md +++ b/other/bootstrap_daemon/README.md
@@ -219,7 +219,7 @@ sudo docker build -t tox-bootstrapd docker/
219	sudo useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd	219	sudo useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
220	sudo chmod 700 /var/lib/tox-bootstrapd	220	sudo chmod 700 /var/lib/tox-bootstrapd
221		221
222	sudo docker run -d --name tox-bootstrapd --restart always -v /var/lib/tox-bootstrapd/:/var/lib/tox-bootstrapd/ -p 443:443 -p 3389:3389 -p 33445:33445 -p 33445:33445/udp tox-bootstrapd	222	sudo docker run -d --name tox-bootstrapd --restart always -v /var/lib/tox-bootstrapd/:/var/lib/tox-bootstrapd/ --ulimit nofile=32768:32768 -p 443:443 -p 3389:3389 -p 33445:33445 -p 33445:33445/udp tox-bootstrapd
223	```	223	```
224		224
225	We create a new user and protect its home directory in order to mount it in the Docker image, so that the kyepair the daemon uses would be stored on the host system, which makes it less likely that you would loose the keypair while playing with or updating the Docker container.	225	We create a new user and protect its home directory in order to mount it in the Docker image, so that the kyepair the daemon uses would be stored on the host system, which makes it less likely that you would loose the keypair while playing with or updating the Docker container.


diff --git a/other/bootstrap_daemon/src/tox-bootstrapd.c b/other/bootstrap_daemon/src/tox-bootstrapd.c index 5dba9dcc..88f45494 100644 --- a/other/bootstrap_daemon/src/tox-bootstrapd.c +++ b/other/bootstrap_daemon/src/tox-bootstrapd.c
@@ -27,11 +27,14 @@
27	#endif	27	#endif
28		28
29	// system provided	29	// system provided
		30	#include <sys/resource.h>
30	#include <sys/stat.h>	31	#include <sys/stat.h>
31	#include <signal.h> // for POSIX sigaction(2)	32	#include <signal.h> // system header, rather than C, because we need it for POSIX sigaction(2)
32	#include <unistd.h>	33	#include <unistd.h>
33		34
34	// C	35	// C
		36	#include <assert.h>
		37	#include <stdint.h>
35	#include <stdio.h>	38	#include <stdio.h>
36	#include <stdlib.h>	39	#include <stdlib.h>
37	#include <string.h>	40	#include <string.h>
@@ -424,6 +427,30 @@ int main(int argc, char *argv[])
424		427
425	if (tcp_server != nullptr) {	428	if (tcp_server != nullptr) {
426	log_write(LOG_LEVEL_INFO, "Initialized Tox TCP server successfully.\n");	429	log_write(LOG_LEVEL_INFO, "Initialized Tox TCP server successfully.\n");
		430
		431	struct rlimit limit;
		432
		433	const rlim_t rlim_suggested = 32768;
		434	const rlim_t rlim_min = 4096;
		435
		436	assert(rlim_suggested >= rlim_min);
		437
		438	if (!getrlimit(RLIMIT_NOFILE, &limit)) {
		439	if (limit.rlim_cur < limit.rlim_max) {
		440	// Some systems have a hard limit of over 1000000 open file descriptors, so let's cap it at something reasonable
		441	// so that we don't set it to an unreasonably high number.
		442	limit.rlim_cur = limit.rlim_max > rlim_suggested ? rlim_suggested : limit.rlim_max;
		443	setrlimit(RLIMIT_NOFILE, &limit);
		444	}
		445	}
		446
		447	if (!getrlimit(RLIMIT_NOFILE, &limit) && limit.rlim_cur < rlim_min) {
		448	log_write(LOG_LEVEL_WARNING,
		449	"Current limit on the number of files this process can open (%ju) is rather low for the proper functioning of the TCP server. "
		450	"Consider raising the limit to at least %ju or the recommended %ju. "
		451	"Continuing using the current limit (%ju).\n",
		452	(uintmax_t)limit.rlim_cur, (uintmax_t)rlim_min, (uintmax_t)rlim_suggested, (uintmax_t)limit.rlim_cur);
		453	}
427	} else {	454	} else {
428	log_write(LOG_LEVEL_ERROR, "Couldn't initialize Tox TCP server. Exiting.\n");	455	log_write(LOG_LEVEL_ERROR, "Couldn't initialize Tox TCP server. Exiting.\n");
429	kill_onion_announce(onion_a);	456	kill_onion_announce(onion_a);


diff --git a/other/bootstrap_daemon/tox-bootstrapd.service b/other/bootstrap_daemon/tox-bootstrapd.service index 20f698d2..88ea9afa 100644 --- a/other/bootstrap_daemon/tox-bootstrapd.service +++ b/other/bootstrap_daemon/tox-bootstrapd.service
@@ -11,6 +11,9 @@ WorkingDirectory=/var/lib/tox-bootstrapd
11	ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf	11	ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf
12	User=tox-bootstrapd	12	User=tox-bootstrapd
13	Group=tox-bootstrapd	13	Group=tox-bootstrapd
		14	# TCP Server needs to be able to have lots of TCP sockets open.
		15	LimitNOFILE=32768
		16	# Uncomment to allow binding to ports < 1024, e.g. 443 (HTTPS) for TCP Server
14	#CapabilityBoundingSet=CAP_NET_BIND_SERVICE	17	#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
15		18
16	[Install]	19	[Install]


diff --git a/other/bootstrap_daemon/tox-bootstrapd.sh b/other/bootstrap_daemon/tox-bootstrapd.sh index d33c38da..5f1e5c68 100644 --- a/other/bootstrap_daemon/tox-bootstrapd.sh +++ b/other/bootstrap_daemon/tox-bootstrapd.sh
@@ -1,4 +1,4 @@
1	#! /bin/sh	1	#! /bin/bash
2	### BEGIN INIT INFO	2	### BEGIN INIT INFO
3	# Provides: tox-bootstrapd	3	# Provides: tox-bootstrapd
4	# Required-Start: $remote_fs $syslog	4	# Required-Start: $remote_fs $syslog
@@ -22,6 +22,35 @@ SCRIPTNAME=/etc/init.d/$NAME
22	USER=tox-bootstrapd	22	USER=tox-bootstrapd
23	GROUP=tox-bootstrapd	23	GROUP=tox-bootstrapd
24		24
		25	# Set ulimit -n based on number of fds available.
		26	# This check is borrowed from Debian's tor package, with a few modifications.
		27	if [ -r /proc/sys/fs/file-max ]; then
		28	system_max=$(cat /proc/sys/fs/file-max)
		29	if [ "$system_max" -gt "80000" ] ; then
		30	MAX_FILEDESCRIPTORS=32768
		31	elif [ "$system_max" -gt "40000" ] ; then
		32	MAX_FILEDESCRIPTORS=16384
		33	elif [ "$system_max" -gt "20000" ] ; then
		34	MAX_FILEDESCRIPTORS=8192
		35	elif [ "$system_max" -gt "10000" ] ; then
		36	MAX_FILEDESCRIPTORS=4096
		37	else
		38	MAX_FILEDESCRIPTORS=1024
		39	cat << EOF
		40
		41	Warning: Your system has very few file descriptors available in total.
		42
		43	Maybe you should try raising that by adding 'fs.file-max=100000' to your
		44	/etc/sysctl.conf file. Feel free to pick any number that you deem appropriate.
		45	Then run 'sysctl -p'. See /proc/sys/fs/file-max for the current value, and
		46	file-nr in the same directory for how many of those are used at the moment.
		47
		48	EOF
		49	fi
		50	else
		51	MAX_FILEDESCRIPTORS=32768
		52	fi
		53
25	# Exit if the package is not installed	54	# Exit if the package is not installed
26	[ -x "$DAEMON" ] \|\| exit 0	55	[ -x "$DAEMON" ] \|\| exit 0
27		56
@@ -48,6 +77,8 @@ do_start()
48	fi	77	fi
49	chown $USER:$GROUP $PIDDIR	78	chown $USER:$GROUP $PIDDIR
50	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test --chuid $USER > /dev/null \|\| return 1	79	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test --chuid $USER > /dev/null \|\| return 1
		80	# TCP Server needs to be able to have lots of TCP sockets open.
		81	ulimit -n $MAX_FILEDESCRIPTORS
51	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- $DAEMON_ARGS \|\| return 2	82	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- $DAEMON_ARGS \|\| return 2
52	}	83	}
53		84
@@ -113,4 +144,4 @@ case "$1" in
113	exit 3	144	exit 3
114	;;	145	;;
115	esac	146	esac
116	exit 0 \ No newline at end of file	147	exit 0