CENTOS sets ULIMIT resource limits for SYSTEMD SERVICE

In bash, there is a ulimit command that provides available resource control for shell and processes started by this shell. It mainly includes the number of opened file descriptors, the maximum number of processes of the user, and the size of the coredump file.

In centos 5/6 and other versions, you can configure resource restrictions in/etc/security/limits. conf, which is set for each user such as root/user or * representing all users. Of course,/etc/security/limits. d/can be configured. The system first loads limits. conf and then load limits in alphabetical order. d directory, and then load the configuration to overwrite the previous configuration. A configuration example is as follows:

* Soft nofile 100000
* Hard nofile 100000
* Soft nproc 100000
* Hard nproc 100000
* Soft core 100000
* Hard core 100000

However, in CentOS 7/RHEL 7 systems, Systemd is used to replace the previous SysV, so the configuration scope of the/etc/security/limits. conf file is reduced. The configuration in limits. conf is only applicable to resource restrictions for users logging on through PAM authentication. It does not take effect for the resource restrictions of systemd service. Login user restrictions, as described above, can be configured through/etc/security/limits. conf and limits. d.
How can I configure the resource limits of systemd service?

Global configuration is put in the file/etc/systemd/system. conf and/etc/systemd/user. conf. At the same time, it will load all of the two corresponding directories. conf file/etc/systemd/system. conf. d /*. conf and/etc/systemd/user. conf. d /*. conf
Here, system. conf is used by the system instance and user. conf is used by the user instance. For general sevice, use the configuration in system. conf. The configuration in systemd. conf. d/*. conf overwrites system. conf.

DefaultLimitCORE = infinity
DefaultLimitNOFILE = 100000
DefaultLimitNPROC = 100000
Note: After system. conf is modified, it takes effect only after the system is restarted.

For a single Service, you can also set nginx as an example.
Edit the/usr/lib/systemd/system/nginx. service file, or
/Usr/lib/systemd/system/nginx. service. d/my-limit.conf file, do the following configuration:

[Service]
LimitCORE = infinity
Maid = 100000
LimitNPROC = 100000

Then, run the following command to take effect.

Sudo systemctl daemon-reload
Sudo systemctl restart nginx. service
View limit settings for a process: cat/proc/YOUR-PID/limits

For example, the configuration effect of one of my nginx services is as follows:

$ Cat/proc/$ (cat/var/run/nginx. pid)/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited seconds
Max file size unlimited bytes
Max data size unlimited bytes
Max stacks size 8388608 unlimited bytes
Max core file size unlimited bytes
Max resident set unlimited bytes
Max processes 100000 100000 processes
Max open files 100000 100000 files
Max locked memory 65536 65536 bytes
Max address space unlimited bytes
Max file locks unlimited locks
Max pending signals 1030606 1030606 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited us

By the way, I am also included in/etc/security/limits. the d/20-nproc.conf file is too open. By default, the maximum number of processes for non-root users is 4096. no effect is set in conf. It was previously limit. the configuration in the d directory overwrites.