Closed mortie closed 9 months ago
Thanks for reaching out!
@ashley-cui @baude can you confirm the observation?
I also got troubled with open files limit in macOS m1 chip. It seems to be related to this issue. In my case, there are mysql and mongoDB container, they got error (24) : too many open files when initialize.
@gbraad Do you know if this is easily overridden?
Updated: Hmm. It can be reproduced by any files in /Users
on podman machine ssh
without container environments.
It seems it cannot be reproduced without a file on a mounted volume. I wonder whether it is related to 9p and virtio.
I tested on a MacBook Pro with Intel Chip:
Darwin ****** 22.1.0 Darwin Kernel Version 22.1.0: Sun Oct 9 20:14:54 PDT 2022;
root:xnu-8792.41.9~2/RELEASE_X86_64 x86_64
The mount info:
[root@b30cfa454a1f code]# cat /proc/self/mountinfo | grep $PWD
754 701 0:44 /****** /mnt/code rw,relatime - 9p vol0 rw,sync,dirsync,access=client,trans=virtio
The test file on a volume:
[root@b30cfa454a1f code]# ./nofile /mnt/code/test-file
RLIMIT_NOFILE: current: 1048576, max: 1048576
Error after 64 files: Too many open files (errno 24)
The test file on a writable layer instead of a volume:
[root@b30cfa454a1f code]# ./nofile /root/test-file
RLIMIT_NOFILE: current: 1048576, max: 1048576
Error after 1048573 files: Too many open files (errno 24)
[root@b30cfa454a1f code]#
I searched the linux kernel (fs/9p
and net/9p
) for EMFILE
and found nothing besides rlimit
. There are no something like "fd limit on the mount scope".
I have made some experiments by dtruss
and lsof
also. Now I believe this problem is caused by macOS.
The qemu-system-x86_64
is restricted to open file descriptors between 192r
to 255r
. The QEMU (9p server) itself receives the errno EMFILE
and passes it to the guest machine.
A workaround is podman machine stop && ulimit -n unlimited && podman machine start
.
A friendly reminder that this issue had no activity for 30 days.
Perhaps if we move to MAC native virtualization this will be fixed.
A friendly reminder that this issue had no activity for 30 days.
Perhaps if we move to MAC native virtualization this will be fixed.
By using something like VZVirtioFileSystemDeviceConfiguration to replace the 9p file system? Is this in the roadmap of podman machine?
Yes this is on the roadmap.
Running into this while trying to build Node.js / Go apps in a container with a large git repo shared from the host to the container. My options seem to be:
Does that sound about right?
Perhaps if we move to MAC native virtualization this will be fixed.
I seem to recall running into open file limits despite using virtiofs when I was experimenting with it last year. A lot has changed since the last time I touched the virtualization framework though.
If for some reason virtiofs would bypass user limits without podman explicitly setting ulimit on start, I would call it a bug as well as a security issue.
If using Podman with VS Code, VS Code will happily open enough files to almost reach this limit before you start doing anything, so it's easy for a small build job to run out of open files. It would be nice if podman machine start would set the limit itself.
What limit should it set?
I set it to unlimited. As I recall, XNU has three fd limits:
I think this was the first bug I ever reported in OS X: they didn’t change the latter two since they were set in OPENSTEP 4, so they were low enough to break things if you had a lot of apps open. Around 10.4, they increased both and (I think) made them scale with available memory, so even if ulimit is set to unlimited there are two later limits that prevent the system exhausting kernel resources with too many fds.
Seems reasonable, if a non-admin user can do this. @baude @ashley-cui WDYT?
I was quite surprised that you can increase ulimit values, but it seems that you can, at least for this one. I am an admin user, but I didn't privilege elevate. Not sure if it's disallowed for non-admin users.
if i understand this issue (and maybe i dont fully grok it), I think #20612 might resolve this when all the applehv work is done in FCOS and it also merges. Do folks agree?
Checked as of commit 111b2337f9ca17a9f20a4ad456913fba41e3f18a (2 hours ago). Seems to still be unresolved.
I thought qemu needed it's ulimit increased to resolve this, not the services inside the VM.
Update to help illustrate the issue:
The problem is that the virtiofs server provided by qemu is inheriting the ulimit of the user launching it.
This is my default ulimit:
% ulimit -n
256
% ./bin/darwin/podman run --rm -it -v $HOME/tmp-data-dir:/data-dir ubuntu:22.04
root@86f58d98b8fa:/data-dir# ./nofile /data-dir/test-file
RLIMIT_NOFILE: current: 524288, max: 524288
Error after 70 files: Too many open files (errno 24)
Before starting my podman machine, I increase it to 2000:
% ulimit -n 2000
% ulimit -n
2000
% ./bin/darwin/podman machine init --cpus 4 -m 8188 --now --volume-driver virtfs
...
% ./bin/darwin/podman run --rm -it -v $HOME/tmp-data-dir:/data-dir ubuntu:22.04
root@6d74215c310c:/# cd data-dir/
root@6d74215c310c:/data-dir# apt update && apt install -y gcc
root@6d74215c310c:/data-dir# gcc -o nofile nofile.c
root@6d74215c310c:/data-dir# ls -lah
total 16K
drwxr-xr-x. 5 root nogroup 160 Nov 7 19:15 .
dr-xr-xr-x. 1 root root 77 Nov 7 19:14 ..
-rwxr-xr-x. 1 root nogroup 9.0K Nov 7 19:15 nofile
-rw-r--r--. 1 root nogroup 630 Nov 7 18:45 nofile.c
-rw-r--r--. 1 root nogroup 0 Nov 7 18:46 test-file
root@6d74215c310c:/data-dir# ./nofile /data-dir/test-file
RLIMIT_NOFILE: current: 524288, max: 524288
^C^C^C^C^Z^C^C^Z^C^C^C^Z^C^Z^C^C
^ --- This ends up hanging, because it's in D state and isn't fast enough reach 2000 files open at once
root@6d74215c310c:/data-dir# jobs -l
root@6d74215c310c:/data-dir#
exit
% ./bin/darwin/podman machine stop
Waiting for VM to exit...
Machine "podman-machine-default" stopped successfully
% ./bin/darwin/podman machine rm
In contrast, if I lower the open file count to 80 (tried 50, but it was too low), we see that the number of open files reached is just 21
% ulimit -n
2000
% ulimit -n 80
% ulimit -n
80
% ./bin/darwin/podman machine stop
Waiting for VM to exit...
Machine "podman-machine-default" stopped successfully
% ./bin/darwin/podman machine start
Starting machine "podman-machine-default"
Waiting for VM ...
Mounting volume... /Users:/Users
Mounting volume... /private:/private
Mounting volume... /var/folders:/var/folders
% ./bin/darwin/podman run --rm -it -v $HOME/tmp-data-dir:/data-dir ubuntu:22.04
root@0f00a3296fe5:/data-dir# ./nofile /data-dir/test-file
RLIMIT_NOFILE: current: 524288, max: 524288
Error after 21 files: Too many open files (errno 24)
The fix for this is to update the open file limit like this:
err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, &syscall.Rlimit{
Max: syscall.RLIM_INFINITY,
Cur: syscall.RLIM_INFINITY,
})
if err != nil {
fmt.Println("Error Setting Rlimit ", err)
}
It needs to happen before the qemu process is started: https://github.com/containers/podman/blob/111b2337f9ca17a9f20a4ad456913fba41e3f18a/pkg/machine/qemu/machine.go#L490
What I did for testing was probably results in the limit always being updated, but it does work. I added an init function here for to test the ulimit changes in Go: https://github.com/containers/podman/blob/main/pkg/machine/qemu/machine_unix.go#L14
func init() {
err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, &syscall.Rlimit{
Max: syscall.RLIM_INFINITY,
Cur: syscall.RLIM_INFINITY,
})
if err != nil {
fmt.Println("Error Setting Rlimit ", err)
}
}
Please open a PR to make this change.
Limits are a security/safety feature. The suggestion I made is too broadly scoped. I will follow up in a few hours with a PR that is more narrowly scoped to address this issue.
I believe the change final change should only affect MacOS, FreeBSD, and Linux when qemu is being used to serve files, using virtiofs or p9.
Also... I'm starting to question if this should actually be addressed in qemu instead. I can't recall ever running into issues with the p9 server in qemu, but that's because p9 is functionally different than virtiofs...
Feedback on this is welcome, while I put together my PR today. 🤔
It's not exactly what I wanted to do, but this is what I landed on for resolving this: https://github.com/containers/podman/pull/20643
Merge in https://github.com/containers/podman/pull/20643 fixes this.
@mortie @protosam Can this be closed now?
@sanmai-NL as far as I can tell, this is solved. So I want to say: yes.
I still end up with an error when doing an NPM install, might be doing something wrong, I am on an intel mac 2.6 GHz 6-Core Intel Core i7 with sonoma
npm ERR! EMFILE: too many open files, open
podman --version
podman version 4.9.1
scratch % ulimit -n
unlimited
scratch % podman machine init --image-path next --cpus 10 --memory 10240 --now --volume-driver virtfs
scratch % podman run --rm -it -v $HOME/scratch:/data-dir ubuntu:22.04
root@2dd76789a1d6:/# ulimit -n
524288
@plessbd use the nolimit flag on your podman run --ulimit=nofile=1024:1024
. The problem was that the host layer was preventing the container from opening the number of files it's ulimit was set to. The test can open 524288 out of 524288 files permitted by the ulimit, instead of being throttled to my user's limit of 256.
@sanmai-NL upon testing today, the PR I made prior seems to work. I upgraded to version 4.9.1
with homebrew.
@plessbd use the nolimit flag on your
podman run --ulimit=nofile=1024:1024
. The problem was that the host layer was preventing the container from opening the number of files it's ulimit was set to. The test can open 524288 out of 524288 files permitted by the ulimit, instead of being throttled to my user's limit of 256.
That worked! Thank you
Technically since I was using podman-compose I set the default for everything (better to do it in the compose file, but well I was lazy for testing:
cat ~/.local/share/containers/containers.conf
[containers]
default_ulimits = [
"nofile=65535:65535",
]
@sanmai-NL I still think we're good to close the issue.
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Volumes mounted with
-v
have a max open file count of 64. This is way too low to be useful.Steps to reproduce the issue:
mkdir data-dir
podman run --rm -it -v $(pwd)/data-dir:/data-dir ubuntu:22.04
/data-dir
.Here's some source code I wrote for testing (and which also reports its resource limits, for good measure):
If we compile and run that:
apt update && apt install gcc
gcc -o nofile nofile.c
touch /data-dir/test-file
./nofile /data-dir/test-file
Describe the results you received:
The program is only able to open 64 or so files.
Describe the results you expected:
The program should've been able to open a whole lot more than 64. I don't know what would be a good default, but 1048576 (which is used as the default resource limit for everything outside of volumes) seems like a good number.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info
:Package info (e.g. output of
rpm -q podman
orapt list podman
orbrew info podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Podman is running on macOS running on a Mac with an M1 Pro chip.