On Mon, Sep 13, 2021 at 03:32:57PM -0500, Nate Collins via samba
wrote:>We have monitoring in place to detect when processes on servers are
>approaching their open file limits (ulimit -n). On all our Ubuntu servers,
>winbind processes have a soft limit of 270 (this seems to be the default),
>and most winbind processes use up most or all of these open files. We've
>been noticing some domain join flakiness on some of our servers, and
>are trying to determine if processes reaching their soft file limit is
>related or not.
>
>I attempted to increase the open file limits for winbind via LimitNOFILE
>in systemd, and was able to set the hard limit, but not the soft limit:
>
># systemctl show --property MainPID --value winbind
>6194
># cat /proc/6194/limits | grep 'open files'
>Max open files 270 524288 files
># vim /etc/systemd/system/winbind.service.d/override.conf
># cat /etc/systemd/system/winbind.service.d/override.conf | grep LimitNOFILE
>LimitNOFILE=2048:524287
># systemctl daemon-reload
># systemctl restart winbind
># systemctl show --property MainPID --value winbind
>6269
># cat /proc/6269/limits | grep 'open files'
>Max open files 270 524287 files
>#
>
>Does winbind adjust the soft limit on process initialization, or is there
>something else at play? Should we be concerned about winbind processes
>reaching their soft file limits?
winbind calculates it's open file limit using this code:
static void winbindd_setup_max_fds(void)
{
int num_fds = MAX_OPEN_FUDGEFACTOR;
int actual_fds;
num_fds += lp_winbind_max_clients();
/* Add some more to account for 2 sockets open
when the client transitions from unprivileged
to privileged socket
*/
num_fds += lp_winbind_max_clients() / 10;
/* Add one socket per child process
(yeah there are child processes other than the
domain children but only domain children can vary
with configuration
*/
num_fds += lp_winbind_max_domain_connections() *
(lp_allow_trusted_domains() ? WINBIND_MAX_DOMAINS_HINT : 1);
actual_fds = set_maxfiles(num_fds);
if (actual_fds < num_fds) {
DEBUG(1, ("winbindd_setup_max_fds: Information only:
"
"requested %d open files, %d are
available.\n",
num_fds, actual_fds));
}
}
So that would normally be:
MAX_OPEN_FUDGEFACTOR = 40
+ lp_winbind_max_clients() = 200 (default)
+ (lp_winbind_max_clients() / 10) = 20
+ 1 * (WINBIND_MAX_DOMAINS_HINT = 10)
which is where the 270 comes from. Might be this
calculation is a bit old. Maybe we should bump
it up.