inotify.max_user_instances default very low for using containers #36214
Comments
|
I think some desktop apps (e.g. https://confluence.jetbrains.com/display/IDEADEV/Inotify+Instances+Limit) also want to use many inotify instances, so I'd vote for increasing the default globally. |
FRidh
added
the
6.topic: nixos
|
Other distros like Ubuntu and RedHat set higher limits when needed: moby/moby#1044 (comment) We should do the same and higher the limit for services like docker and nixos-containers, but also document how to fix the issue, for example for JetBrains. |
|
Is anyone interested in creating a PR for this? |
|
Hello, I'm a bot and I thank you in the name of the community for opening this issue. To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human. The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it. If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use Git blame or GitHub's web interface on the relevant files to find them. Lastly, you can always ask for help at our Discourse Forum or at #nixos' IRC channel. |
stale
bot
added
the
2.status: stale
Per issue NixOS#36214, it's really common to run into limits here with the kernel default of '128'. One easy way to hit this limit is to run ~130 containers, and then run software that tails their logs in realtime (such as to aggregate them), since each call to 'docker logs' uses an inotify user instance. This increases it to a value recommended in an upstream issue.
|
I ran into this limit with docker, so I figured it would be easy enough to throw up a PR for that: #112472 |
stale
bot
removed
the
2.status: stale
|
Since |
Nowadays most applications require a good amount of inotify watches, so raise our default to what other distros do. If kernel supports it enable dynamic setting. fixes NixOS#36214, NixOS#65001 (re-fix) - NixOS/nixops#890 - divnix/digga#209 replaces: NixOS#112472
|
hello. I've just ran into this again it seems. @blaggacao it seemed your MR #126777 would have been the proper solution to this. is there any particular reason this never got merged? |
The
max_user_instancessysctl limit defaults to 128 on NixOS and per user. When NixOS containers (nixos-containeror declarative containers) are used, the inotify instances forrootadd up across containers, thus leading to exhaustion andToo many open filesalready for a few containers.In my case it happened with ~20 containers.
This is explained in https://kdecherf.com/blog/2015/09/12/systemd-and-the-fd-exhaustion/
https://stackoverflow.com/questions/535768/what-is-a-reasonable-amount-of-inotify-watches-with-linux explains that one inotify watch takes 1 KB (note, this is not one of the 128 instances, but it allows to estimate how much RAM can be maximally used per user, by multiplying
1KB * max_user_instances * max_user_instances).When watches are not used, the limit has no effect on RAM, so setting an upper limit is mainly a safeguard against accidental self-RAM-DoS (when a user goes wild and creates tons of watches; the 1KB are kernel memory so it cannot be swapped).
Docker sets
fs.inotify.max_user_instances=8192(moby/moby#1044).Perhaps we want to set
max_user_instancesto a higher default than 128 (e.g.boot.kernel.sysctl."max_user_instances" = 8192;), or document in the manual that you should do that if you usenixos-containers?The text was updated successfully, but these errors were encountered: