-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch systemd unit to TasksMax #107
Comments
The limit got raised to a generous value of The |
I'm confused. Why would you be running Docker using the Anyway this seems to make sense on paper, but I'd like @carlwgeorge to review as well. |
The problem is that the numeric UID of the caddy user happens to overlap with one or more users inside Docker containers. On my host, the |
The limit seems to include threads as explained in setrlimit(2):
I used the following bash script to determine the current value: sudo ps -U caddy -h -o nlwp | awk '{total += $1} END {print total}' This yields The task limit is much more reliable and better reflects reality:
1 parent process + 7 children -> 8 tasks |
The main offender in my case is the browserless/chrome container. docker top playwright-chrome o user,uid,pid
The container alone is enough to trip the limitation: docker top playwright-chrome -o nlwp,pid | tail -n +2 | awk '{total += $1} END {print total}' yields |
@francislavoie the following systemd documentation PR describes the situation very good: systemd/systemd#23242 |
@francislavoie Sorry for my delay in getting back to you on this. Adoption of this option should wait until the project is ready to abandon building for RHEL 7. |
Thanks @carlwgeorge, glad I waited. Would it be okay if we dropped RHEL 7 support early then? It just would mean it wouldn't receive this one last release before official EOL I guess. Does COPR have recent download stats that would give us an idea how much it's still being used? |
Note that users would still able to work around it using |
Yeah, understood. I just rather not block merging this for everyone else who would benefit, while waiting for one old distribution to cycle out. |
I don't have a problem with the project dropping support for RHEL 7 early, I just would like to be an explicit decision, not a "whoops". Doing it intentionally would also be less disruptive for RHEL 7 caddy users, as we wouldn't ship an update to them with an incompatible option. Ideally we would inform them with some kind of announcement that there will be no more RHEL 7 caddy updates.
RHEL 7 and it's derivatives are still pretty popular, more so than they should be this late into their lifecycles. Here are the download stats from COPR.
Just like people that want to start using |
We could also simply drop |
Oof, yeah that's not as low as I'd hoped.
Yeah, I'd be okay with that too in the short term. I don't really think we need to worry about Go running wild, it's a well behaving runtime. |
Small update, RHEL 7 is now EOL, and we already skipped building caddy 2.8 for it a month before the EOL date. We could add |
I'm hitting the same problem as outlined in caddyserver/caddy#1802. The culprit seems to be how systemd handles the
LimitNProc
option:dist/init/caddy.service
Line 30 in 49a805b
While caddy doesn't occupy that many processes, some other docker containers seem to use the same UID for their processes:
The systemd documentation notes that
TasksMax
should be preferred overLimitNProc
:https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#Process%20Properties
The text was updated successfully, but these errors were encountered: