Configuring the file descriptor limits
The operating system default file descriptor limits restrict the number of PingDirectory server connections. You can change the descriptor limits to allow more connections.
About this task
The PingDirectory server allows for an unlimited number of connections by default, but the file descriptor limit on the operating system restricts the number of connections. Many Linux distributions have a default file descriptor limit of 1024 per process, which might be too low for the server if it needs to handle a large number of concurrent connections.
If the operating system relies on systemd
, see the Linux operating system documentation for instructions on setting the file descriptor limit.
After you set the operating system limit, you can configure the number of file descriptors that the server will use either by using a NUM_FILE_DESCRIPTORS
environment variable, or by creating a config/num-file-descriptors
file with a single line such as NUM_FILE_DESCRIPTORS=12345
. If these are not set, the operating system uses the default of 65535 descriptors. This is an optional change that you can make if you want to make sure the server shuts down safely before reaching the file descriptor limit.
Steps
-
Display the current
fs.file-max
limit of the system.sysctl fs.file-max
The
fs.file-max
limit is the maximum server-wide file limit that you can set without tuning the kernel parameters in theproc
file system. -
Edit the
/etc/sysctl.conf
file.If there is a line that sets the value of the
fs.file-max
property, make sure that its value is set to at least 1.5 times the per-process limit.If there is no line that sets a value for this property, add the following to the end of the file:
fs.file-max = 100000
100000 is just an example here. Specify a value of at least 1.5 times the per-process limit.
-
Display the current hard limit of the system.
ulimit -aH
The
open files (-n)
value is the maximum number of open files per process limit.The value should be set to at least 65535.
-
Edit the
/etc/security/limits.conf
file.If the file has lines that set the soft and hard limits for the number of file descriptors, make sure the values are set to 65535. If the lines are not present, add the following lines before
#End of file
, making certain to insert a tab between the columns.* soft nofile 65535 * hard nofile 65535
The number of open file descriptors is limited by the physical memory available to the host. You can determine this limit with the following command.
cat /proc/sys/fs/file-max
If the
file-max
value is significantly higher than the 65535 limit, consider increasing the file descriptor limit to between 10% and 15% of the system-wide file descriptor limit. For example, if thefile-max
value is 810752, you could set the file descriptor limit to 100000. If thefile-max
value is lower than 65535, the host is likely not sized appropriately. -
Reboot your system, and then use the
ulimit
command to verify that the file descriptor limit is set to 65535.# ulimit -n
Result
For RedHat 7 or later, modify the /etc/security/limits.d/20-nproc.conf Add or edit the following lines if they do not already exist: * soft nproc 65536 * soft nofile 65536 * hard nproc 65536 * hard nofile 65536 root soft nproc unlimited |