我正在构建一个 docker 镜像,我想增加可以打开的最大文件数量。我尝试了几件事,但当我打开一个连接到容器的新 SSH session 时,它们都没有奏效。他们在对容器执行 bash 时确实有效。
我试过了,在 docker build 中:
RUN echo "DefaultLimitNOFILE=65535" >> /etc/systemd/system.conf
也试过:RUN set ulimit -n 65535
RUN set ulimit -Sn 65535
RUN set ulimit -Hn 65535
我尝试添加 --ulimit nofile=65535:65535
到docker run
和 docker build
命令。在我启动镜像并通过 SSH 登录后,软限制永远不是我设置的。
docker build :
FROM nvcr.io/nvidia/deepstream:6.0-triton
ENV GIT_SSL_NO_VERIFY=1
# SETUP PYTHON
RUN sh docker_python_setup.sh
RUN update-alternatives --set python3 /usr/bin/python3.8
RUN apt install --fix-broken -y
RUN apt -y install python3-gi python3-gst-1.0 python-gi-dev git python3 python3-pip cmake g++ build-essential \
libglib2.0-dev python3-dev python3.8-dev libglib2.0-dev-bin python-gi-dev libtool m4 autoconf automake
# DEEPSTREAM PYTHON BINDINGS
RUN cd /opt/nvidia/deepstream/deepstream-6.0/sources/apps && \
git clone https://github.com/NVIDIA-AI-IOT/deepstream_python_apps.git
RUN cd /opt/nvidia/deepstream/deepstream-6.0/sources/apps/deepstream_python_apps && \
git submodule update --init
RUN cd /opt/nvidia/deepstream/deepstream-6.0/sources/apps/deepstream_python_apps/3rdparty/gst-python/ && \
./autogen.sh && \
make && \
make install
RUN pip3 install --upgrade pip
RUN cd /opt/nvidia/deepstream/deepstream-6.0/sources/apps/deepstream_python_apps/bindings && \
mkdir build && \
cd build && \
cmake -DPYTHON_MAJOR_VERSION=3 -DPYTHON_MINOR_VERSION=8 -DPIP_PLATFORM=linux_x86_64 -DDS_PATH=/opt/nvidia/deepstream/deepstream-6.0 .. && \
make && \
pip3 install pyds-1.1.0-py3-none-linux_x86_64.whl
RUN cd /opt/nvidia/deepstream/deepstream-6.0/sources/apps/deepstream_python_apps && \
mv apps/* ./
# RTSP DEPENDENCIES
RUN apt update && \
apt install -y python3-gi python3-dev python3-gst-1.0
RUN apt update && \
apt install -y libgstrtspserver-1.0-0 gstreamer1.0-rtsp && \
apt install -y libgirepository1.0-dev && \
apt-get install -y gobject-introspection gir1.2-gst-rtsp-server-1.0
# DEVELOPMENT AND DEBUGGING TOOLS
RUN apt install -y ipython3 graphviz graphviz-dev ffmpeg
# SSH AND REMOTE LOGIN FOR DEVELOPMENT PURPOSES
RUN apt update && apt install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:230idsjfjzJNJK3' | chpasswd
RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
RUN sed -i 's/\(^Port\)/#\1/' /etc/ssh/sshd_config && echo Port 2222 >> /etc/ssh/sshd_config
# Export 2222 for SSH server
EXPOSE 2222
# SET ULIMIT USING THE COMMANDS ABOVE ....
# STARTUP
# Disable previous entrypoint.
ENTRYPOINT []
# Set default dir
WORKDIR /src
# Enable SSH for debug on remote server
CMD ["/usr/sbin/sshd", "-D"]
在 SSH session 中,我总是得到值:root@ip-x-x-x-x:~# ulimit -n
1024
root@ip-x-x-x-x:~# ulimit -Sn
1024
root@ip-x-x-x-x:~# ulimit -Hn
1048576
我想为所有 future 的 SSH session 设置限制。编辑 : 我注意到如果我在容器中打开一个外壳,即使没有指定任何内容,软限制实际上也等于硬限制。所以默认限制是 1048576。但是如果我在容器中打开一个 SSH session ,软限制是 1024。我该如何解决这个问题?
最佳答案
您还应该使用 prlimit 并更新您所在的当前 session (Bash)的值。尝试运行以下脚本。
echo "add openfiles limit..........................."
sudo cp /etc/security/limits.conf /etc/security/orig_limits.conf
sudo cat <<EOT >> /etc/security/limits.conf
* hard nofile 33000
* soft nofile 33000
root hard nofile 33000
root soft nofile 33000
EOT
sudo echo "session required pam_limits.so" > /etc/pam.d/common-session
sudo ulimit -n 33000
ulimit -u unlimited
update_ulimit_per_pid(){
sudo echo "prlimit for pid "$pid" before updating is "$(ulimit -n)
sudo echo "Updating ulimit for pid: "$pid
sudo prlimit --pid $pid --nofile=33000:33000
sudo echo "prlimit for pid "$pid" after updating is "$(ulimit -n)
}
for pid in `ps -ef | grep 'bash' | awk '{print $2}'` ; do update_ulimit_per_pid ; done
这应该有效。这不仅会在您重新登录时更新 ulimit,还会在您所在的 bash session 中更新。
关于docker - ulimit 在 ssh session 中不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71082829/