Date: Thu, 10 Sep 2015 15:11:39 -0700 From: Adrian Chadd <adrian@freebsd.org> To: John-Mark Gurney <jmg@funkthat.com> Cc: Eric van Gyzen <vangyzen@freebsd.org>, Warner Losh <imp@bsdimp.com>, Ed Maste <emaste@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r287606 - head/sys/kern Message-ID: <CAJ-Vmon%2BBdPUF05%2BHYzXnHpU3b8zBZMpqA%2BW1iyS%2Bb5bV7LtAg@mail.gmail.com> In-Reply-To: <CAJ-Vmo=uNzSYpApanf%2BriLTL9WnLYakP=734dOLA57pkuySewA@mail.gmail.com> References: <201509100405.t8A45xrJ070199@repo.freebsd.org> <CAPyFy2DjD3Dv6VYjd_6CKe3_2ZuMC5ayMKnzATLb=a4yZUYyLw@mail.gmail.com> <CANCZdfoBN9keiZCUpJ_v5y6mUpKcY_26Y_2=xCLwJovz%2B8a_xQ@mail.gmail.com> <CAJ-VmonUm5Sf8TPLnciouyiJjLUndtNJX368US5_hgQwzYBdkQ@mail.gmail.com> <20150910175324.GW33167@funkthat.com> <55F1E06F.7000008@FreeBSD.org> <20150910211417.GY33167@funkthat.com> <CAJ-Vmo=uNzSYpApanf%2BriLTL9WnLYakP=734dOLA57pkuySewA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Fixed a couple of bugs, and: https://reviews.freebsd.org/D3630 -adrian On 10 September 2015 at 15:02, Adrian Chadd <adrian@freebsd.org> wrote: > I'd love for rc.subr to grow the ability to set per-daemon cpuset, > class, environment, etc. We have some of that in the rc script > already. > > What I have so far for local hacking is this, which at least gets the > default login class bits and runs things as user daemon. > Yes, there are issues with inheriting the environment and other things > from the callee - I think that's a separate issue to solve. > > Thanks, > > > -a > > adrian@hulk:~/work/freebsd/head/src % svn diff etc > > Index: etc/login.conf > =================================================================== > --- etc/login.conf (revision 28758) > +++ etc/login.conf (working copy) > @@ -36,7 +36,8 @@ > :memoryuse=unlimited:\ > :filesize=unlimited:\ > :coredumpsize=unlimited:\ > - :openfiles=unlimited:\ > + :openfiles-cur=4096:\ > + :openfiles-max=65536:\ > :maxproc=unlimited:\ > :sbsize=unlimited:\ > :vmemoryuse=unlimited:\ > @@ -61,6 +62,8 @@ > :tc=default: > daemon:\ > :memorylocked=128M:\ > + :openfiles-cur=32768:\ > + :openfiles-max=65536:\ > :tc=default: > news:\ > :tc=default: > Index: etc/rc.subr > =================================================================== > --- etc/rc.subr (revision 287580) > +++ etc/rc.subr (working copy) > @@ -768,6 +768,8 @@ > # > # ${name}_prepend n Command added before ${command}. > # > +# ${name}_login_class n Login class to use, else "daemon". > +# > # ${rc_arg}_cmd n If set, use this as the method when invoked; > # Otherwise, use default command (see below) > # > > @@ -942,8 +944,13 @@ > _nice=\$${name}_nice _user=\$${name}_user \ > _group=\$${name}_group _groups=\$${name}_groups \ > _fib=\$${name}_fib _env=\$${name}_env \ > - _prepend=\$${name}_prepend > + _prepend=\$${name}_prepend _login_class=\$${name}_login_class > > + # Default to 'daemon' if no login class is provided > + if [ -n "$_login_class" ]; then > + _login_class="daemon" > + fi > + > if [ -n "$_user" ]; then # unset $_user if running as that user > if [ "$_user" = "$(eval $IDCMD)" ]; then > unset _user > @@ -1050,6 +1057,9 @@ > fi > fi > > + # Prepend default limits > + _doit="limits -C $_login_class $_doit" > + > # run the full command > # > if ! _run_rc_doit "$_doit"; then > > On 10 September 2015 at 14:14, John-Mark Gurney <jmg@funkthat.com> wrote: >> Eric van Gyzen wrote this message on Thu, Sep 10, 2015 at 14:56 -0500: >>> On 09/10/2015 12:53, John-Mark Gurney wrote: >>> > Adrian Chadd wrote this message on Thu, Sep 10, 2015 at 09:18 -0700: >>> >> On 10 September 2015 at 09:04, Warner Losh <imp@bsdimp.com> wrote: >>> >>> >>> >>> >>> >>> On Thu, Sep 10, 2015 at 9:53 AM, Ed Maste <emaste@freebsd.org> wrote: >>> >>>> >>> >>>> On 10 September 2015 at 04:05, Adrian Chadd <adrian@freebsd.org> wrote: >>> >>>>> Author: adrian >>> >>>>> Date: Thu Sep 10 04:05:58 2015 >>> >>>>> New Revision: 287606 >>> >>>>> URL: https://svnweb.freebsd.org/changeset/base/287606 >>> >>>>> >>> >>>>> Log: >>> >>>>> Also make kern.maxfilesperproc a boot time tunable. >>> >>>>> ... >>> >>>>> TODO: >>> >>>> >>> >>>> Also "we" should >>> >>>> * Submit patches upstream or to the ports tree to use closefrom >>> >>> >>> >>> >>> >>> I thought the consensus was that we'd fix things to have fewer FDs >>> >>> by default, but instead allow individual processes to raise it via the >>> >>> usual methods. >>> >>> We could--and should--do both, because they're both good ideas. >>> >>> >> I'm looking at how to do this in a somewhat sensible fashion. Right >>> >> now we just have openfiles=unlimited; in /etc/login.conf which seems a >>> >> little odd. I don't know yet if that affects the default set that >>> >> services started via /etc/rc get - init gets the whole default >>> >> maxfilesperproc and stuff seems to inherit from that unless told >>> >> otherwise. >>> >> >>> >> I think the more sensible default would be: >>> >> >>> >> * set /etc/login.conf to some much lower values - say, 4k soft, 64k hard; >>> >> * root can always override its settings up to kern.maxfilesperproc; >>> >> * modify /etc/rc to set some default rlimits as appropriate; >>> > >>> > We should probably just use the daemon class from login.conf... Do we >>> > have a program that will set the current limits to a specified class? >>> >>> See limits(1). The apache rc.d script uses it, along with some related >>> rc.conf variables. >> >> So, one issue w/ limits is that it only does the limits side of >> things, not environment or cpusets... see: >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=161401 >> >> limits doesn't address PATH and other environment variables... >> >> We should have rc.subr setup the environment completely when executing >> the daemon/scripts instead of depending upon any of this.. >> >> It turns out that init doesn't setup the environment vars provided by >> login.config either... >> >>> >> * introduce configuration options ({daemon_rlimit_XXX}?) in >>> >> /etc/rc.conf that lets someone override what the default rlimits >>> >> should be for a given process,, as (and I'm not making this up) if you >>> >> run 'service XXX restart' from a root login you get the rlimits from >>> >> the shell, which may differ from the system startup. >>> > >>> > Why not daemon_login_class w/ the above? >>> > >>> >> That way we can setup various services to have higher openfile limits >>> >> via /etc/rc.conf entries for those services rather than having to hack >>> >> each startup script. It also means that no matter what is running >>> >> 'service XXX YYY' as root, you'll get the 'correct'(er) rlimits. >>> > >>> > Then service would just use the above program to get sane defaults... >> >> -- >> John-Mark Gurney Voice: +1 415 225 5579 >> >> "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmon%2BBdPUF05%2BHYzXnHpU3b8zBZMpqA%2BW1iyS%2Bb5bV7LtAg>