Error Message

Applications will fail if they hit a limit that has been defined in ulimits based on the assumption that this is a global value.  

This is exacerbated by the fact that the value is picked up when the command is executed on the CLI, but fails when the resource is started by VCS.

If VCS has a resource agent that creates a SystemD .service the system ulimits are not honoured. This is by SystemD design.

SystemD ignores /etc/security/limits* and so these values are not picked up if configuring a resource under VCS or by creating a SystemD service file.

These values can be set in the resource named file /etc/systemd/system/.d/limits.conf

The mappings of  ulimit to SystemD limits (as documented at the time of this knowledge creation)

Directive                         ulimit equivalent  Unit
LimitCPU=                     ulimit -t                 Seconds
LimitFSIZE=                  ulimit -f                 Bytes
LimitDATA=                   ulimit -d                Bytes
LimitSTACK=                ulimit -s                Bytes
LimitCORE=                 ulimit -c                Bytes
LimitRSS=                    ulimit -m               Bytes
LimitNOFILE=              ulimit -n                Number of File Descriptors
LimitAS=                      ulimit -v                Bytes
LimitNPROC=              ulimit -u                Number of Processes
LimitMEMLOCK=         ulimit -l                 Bytes
LimitLOCKS=               ulimit -x                Number of Locks
LimitSIGPENDING=    ulimit -i                 Number of Queued Signals
LimitMSGQUEUE=      ulimit -q               Bytes
LimitNICE=                  ulimit -e               Nice Level
LimitRTPRIO=             ulimit -r                Realtime Priority
LimitRTTIME=             No equivalent

 

Note: ulimit "unlimited" would be mapped as "infinity" within SystemD limits.

For example:

# mkdir -p /etc/systemd/system/.d
# vi  /etc/systemd/system/.d/limits.conf
[Service]
LimitNOFILE=10240
LimitNPROC=4096

Save this file. The configuration can be reloaded using "systemctl daemon-reload" for these changes to take effect. After this the VCS resource will need to be offlined and then onlined. 

Some versions of the VCS agents allow for the limits to be set as a resource attribute using SystemDAttrList.

If the VCS agent supports this then the following can be used:

1. Add a key-value pair in the SystemDAttrList attribute.

   # hares -modify oracle SystemDAttrList LimitNOFILE 2048

   where LimitNOFILE is the key and 2048 is the value for that key.

2. Modify an existing attribute.

   # hares -modify oracle SystemDAttrList -update LimitNOFILE 1024

   After the SystemDAttrList attribute has been updated, the vcs-custom.conf file will reflect the added key-value pairs.

For example:

Systemd attribute = Value
LimitLOCKS = infinity
LimitMEMLOCK = infinity
LimitCORE = infinity
LimitNOFILE = 1024
EnvironmentFile => /tmp/myenv.file

The new values can be confirmed by checking the resource process limits

Example:

# cat /proc//limits

SystemD ignores /etc/security/limits*