search

docker-library / cassandra

Docker Official Image packaging for Cassandra
Apache License 2.0
262 stars 281 forks source link

Fix to build on newer linux kernels #195

Closed rgeary1 closed 4 years ago

rgeary1 commented 4 years ago

On Fedora 30, kernel version 5.3.7, Cassandra 3.11 dockerfile fails to build with library initialization failed - unable to allocate file descriptor table - out of memoryAborted when installing ca-certificates-java

Newer kernels have a high open file limit (1073741816), but older JVMs attempt to pre-allocate for every FD. This fixes the build it by setting a lower open file limit.

yosifkit commented 4 years ago

ulimits are a host specific problem and not usually one that needs to be addressed in every image. I'd recommend setting your daemon.json file to have appropriate values for your environment:

https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file

  "default-ulimits": {
      "nofile": {
          "Name": "nofile",
          "Hard": 64000,
          "Soft": 64000
      }
  },
rgeary1 commented 4 years ago

This is a user impacting problem. How do you intend to communicate this solution to every person who builds or runs your container images on the latest stable Fedora? Do you see a downside in setting a maximum fd limit in the way its done it here?

yosifkit commented 4 years ago

This is a user impacting problem.

When building the image; the built image is hosted on Docker Hub. We don't build on Fedora hosts and all of our build processes are quite open (https://github.com/docker-library/faq/#an-images-source-changed-in-git-now-what).

How do you intend to communicate this solution to every person who builds or runs your container images on the latest stable Fedora?

This should be added to the Documentation for Docker (https://docs.docker.com/install/linux/docker-ce/fedora/) so that anyone installing Docker on Fedora knows the limitations and can choose to fix them (or it should probably have a default daemon.json for the packages on Fedora 30).

Do you see a downside in setting a maximum fd limit in the way its done it here?

This is a host level problem and will affect more places than just when installing ca-certificates-java from apt in this particular set of images. This is the wrong place to fix it, since everyone would have to apply it on any Dockerfile that might be built on Fedora 30.