Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-7915

We need to change to couchbase user without side effect of lowering rlimits (was: We should be included our own security limits file so the user doesn't have to edit their own (and possibly get it wrong))

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.1.0
    • Component/s: installer
    • Security Level: Public
    • Labels:
      None

      Description

      /etc/security/limits.d/couchbase.conf
      couchbase - memlock unlimited
      couchbase - nofile 100000

      No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

        Hide
        alkondratenko Aleksey Kondratenko (Inactive) added a comment -

        My problem with that is that there can be all sorts of pam configurations that could override or interfere with what we need.

        So it's easier and seemingly more robust to adjust rlimits as part of initscript where we know we're root and therefore able to change any of them to exact value we need.

        Show
        alkondratenko Aleksey Kondratenko (Inactive) added a comment - My problem with that is that there can be all sorts of pam configurations that could override or interfere with what we need. So it's easier and seemingly more robust to adjust rlimits as part of initscript where we know we're root and therefore able to change any of them to exact value we need.
        Hide
        alkondratenko Aleksey Kondratenko (Inactive) added a comment -

        BTW raising nofile to something very big will cause beam.smp to eat lots of ram. I allocates table of ports that's as big as fds rlimit and I've seen that table to eat few hundreds of megs for nofile rlimit of 1 million.

        Show
        alkondratenko Aleksey Kondratenko (Inactive) added a comment - BTW raising nofile to something very big will cause beam.smp to eat lots of ram. I allocates table of ports that's as big as fds rlimit and I've seen that table to eat few hundreds of megs for nofile rlimit of 1 million.
        Hide
        maria Maria McDuff (Inactive) added a comment -

        per alk, meged/fixed.

        Show
        maria Maria McDuff (Inactive) added a comment - per alk, meged/fixed.
        Hide
        maria Maria McDuff (Inactive) added a comment -

        pls verify/close if passes against current 2.0.2 build. thanks.

        Show
        maria Maria McDuff (Inactive) added a comment - pls verify/close if passes against current 2.0.2 build. thanks.
        Hide
        thuan Thuan Nguyen added a comment -

        Install couchbase 2.0.2-760 on centos 5.8 64bit,
        Verified parameters below are set
        ulimit -n 10240
        ulimit -c unlimited
        ulimit -l unlimited

        root@cen-1913 ~]# ps aux | grep couchbase
        101 4716 0.0 0.0 10568 412 ? S 16:17 0:00 /opt/couchbase/lib/erlang/erts-5.8.5/bin/epmd -daemon
        101 4734 2.3 1.1 110284 93816 ? SLl 16:17 0:00 /opt/couchbase/lib/erlang/erts-5.8.5/bin/beam.smp -A 16 -sbt u -P 327680 -K true -MMmcs 30 – -root /opt/couchbase/lib/erlang -progname erl – -home /opt/couchbase – -smp enable -kernel inet_dist_listen_min 21100 inet_dist_listen_max 21299 error_logger false -sasl sasl_error_logger false -name babysitter_of_ns_1@127.0.0.1 -noshell -noinput -noshell -noinput -run ns_babysitter_bootstrap – -couch_ini /opt/couchbase/etc/couchdb/default.ini /opt/couchbase/etc/couchdb/default.d/capi.ini /opt/couchbase/etc/couchdb/default.d/geocouch.ini /opt/couchbase/etc/couchdb/local.ini -ns_babysitter cookiefile "/opt/couchbase/var/lib/couchbase/couchbase-server.cookie" -ns_server config_path "/opt/couchbase/etc/couchbase/static_config" -ns_server pidfile "/opt/couchbase/var/lib/couchbase/couchbase-server.pid" -ns_server nodefile "/opt/couchbase/var/lib/couchbase/couchbase-server.node" -ns_server cookiefile "/opt/couchbase/var/lib/couchbase/couchbase-server.cookie-ns-server" -ns_server enable_mlockall true
        101 4764 9.3 2.0 224392 166780 ? SLsl 16:17 0:03 /opt/couchbase/lib/erlang/erts-5.8.5/bin/beam.smp -A 16 -sbt u -P 327680 -K true – -root /opt/couchbase/lib/erlang -progname erl – -home /opt/couchbase – -smp enable -setcookie nocookie -kernel inet_dist_listen_min 21100 inet_dist_listen_max 21299 error_logger false -sasl sasl_error_logger false -nouser -ns_server babysitter_cookie 'HIRAZDFCWNGUHHGRTTTM' -run child_erlang child_start ns_bootstrap – -smp enable -kernel inet_dist_listen_min 21100 inet_dist_listen_max 21299 error_logger false -sasl sasl_error_logger false -couch_ini /opt/couchbase/etc/couchdb/default.ini /opt/couchbase/etc/couchdb/default.d/capi.ini /opt/couchbase/etc/couchdb/default.d/geocouch.ini /opt/couchbase/etc/couchdb/local.ini -ns_babysitter cookiefile "/opt/couchbase/var/lib/couchbase/couchbase-server.cookie" -ns_server config_path "/opt/couchbase/etc/couchbase/static_config" -ns_server pidfile "/opt/couchbase/var/lib/couchbase/couchbase-server.pid" -ns_server nodefile "/opt/couchbase/var/lib/couchbase/couchbase-server.node" -ns_server cookiefile "/opt/couchbase/var/lib/couchbase/couchbase-server.cookie-ns-server" -ns_server enable_mlockall true
        101 4796 0.0 0.0 3796 540 ? Ss 16:17 0:00 /opt/couchbase/lib/erlang/lib/os_mon-2.2.7/priv/bin/memsup
        101 4797 0.0 0.0 3792 396 ? Ss 16:17 0:00 /opt/couchbase/lib/erlang/lib/os_mon-2.2.7/priv/bin/cpu_sup
        101 4798 0.0 0.0 38340 1732 ? Ss 16:17 0:00 /opt/couchbase/lib/erlang/lib/ssl-4.1.6/priv/bin/ssl_esock
        101 4802 0.0 0.0 92260 1688 ? Ssl 16:17 0:00 /opt/couchbase/bin/moxi -Z port_listen=11211,default_bucket_name=default,downstream_max=1024,downstream_conn_max=4,connect_max_errors=5,connect_retry_interval=30000,connect_timeout=400,auth_timeout=100,cycle=200,downstream_conn_queue_timeout=200,downstream_timeout=5000,wait_queue_timeout=200 -z url=http://127.0.0.1:8091/pools/default/saslBucketsStreaming -p 0 -Y y -O stderr
        101 4803 0.2 0.7 178204 58832 ? Ssl 16:17 0:00 /opt/couchbase/bin/memcached -X /opt/couchbase/lib/memcached/stdin_term_handler.so -X /opt/couchbase/lib/memcached/file_logger.so,cyclesize=104857600;sleeptime=19;filename=/opt/couchbase/var/lib/couchbase/logs/memcached.log -l 0.0.0.0:11210,0.0.0.0:11209:1000 -p 11210 -E /opt/couchbase/lib/memcached/bucket_engine.so -B binary -r -c 10000 -e admin=_admin;default_bucket_name=default;auto_create=false
        root 4823 0.0 0.0 61232 780 pts/0 S+ 16:17 0:00 grep couchbase
        [root@cen-1913 ~]# cat /proc/4716/limits
        Limit Soft Limit Hard Limit Units
        Max cpu time unlimited unlimited seconds
        Max file size unlimited unlimited bytes
        Max data size unlimited unlimited bytes
        Max stack size 10485760 unlimited bytes
        Max core file size unlimited unlimited bytes
        Max resident set unlimited unlimited bytes
        Max processes 73728 73728 processes
        Max open files 10240 10240 files
        Max locked memory unlimited unlimited bytes
        Max address space unlimited unlimited bytes
        Max file locks unlimited unlimited locks
        Max pending signals 73728 73728 signals
        Max msgqueue size 819200 819200 bytes
        Max nice priority 0 0
        Max realtime priority 0 0
        [root@cen-1913 ~]# cat /proc/4734/limits
        Limit Soft Limit Hard Limit Units
        Max cpu time unlimited unlimited seconds
        Max file size unlimited unlimited bytes
        Max data size unlimited unlimited bytes
        Max stack size 10485760 unlimited bytes
        Max core file size unlimited unlimited bytes
        Max resident set unlimited unlimited bytes
        Max processes 73728 73728 processes
        Max open files 10240 10240 files
        Max locked memory unlimited unlimited bytes
        Max address space unlimited unlimited bytes
        Max file locks unlimited unlimited locks
        Max pending signals 73728 73728 signals
        Max msgqueue size 819200 819200 bytes
        Max nice priority 0 0
        Max realtime priority 0 0
        [root@cen-1913 ~]# cat /proc/4803/limits
        Limit Soft Limit Hard Limit Units
        Max cpu time unlimited unlimited seconds
        Max file size unlimited unlimited bytes
        Max data size unlimited unlimited bytes
        Max stack size 10485760 unlimited bytes
        Max core file size unlimited unlimited bytes
        Max resident set unlimited unlimited bytes
        Max processes 73728 73728 processes
        Max open files 10240 10240 files
        Max locked memory unlimited unlimited bytes
        Max address space unlimited unlimited bytes
        Max file locks unlimited unlimited locks
        Max pending signals 73728 73728 signals
        Max msgqueue size 819200 819200 bytes
        Max nice priority 0 0
        Max realtime priority 0 0

        Show
        thuan Thuan Nguyen added a comment - Install couchbase 2.0.2-760 on centos 5.8 64bit, Verified parameters below are set ulimit -n 10240 ulimit -c unlimited ulimit -l unlimited root@cen-1913 ~]# ps aux | grep couchbase 101 4716 0.0 0.0 10568 412 ? S 16:17 0:00 /opt/couchbase/lib/erlang/erts-5.8.5/bin/epmd -daemon 101 4734 2.3 1.1 110284 93816 ? SLl 16:17 0:00 /opt/couchbase/lib/erlang/erts-5.8.5/bin/beam.smp -A 16 -sbt u -P 327680 -K true -MMmcs 30 – -root /opt/couchbase/lib/erlang -progname erl – -home /opt/couchbase – -smp enable -kernel inet_dist_listen_min 21100 inet_dist_listen_max 21299 error_logger false -sasl sasl_error_logger false -name babysitter_of_ns_1@127.0.0.1 -noshell -noinput -noshell -noinput -run ns_babysitter_bootstrap – -couch_ini /opt/couchbase/etc/couchdb/default.ini /opt/couchbase/etc/couchdb/default.d/capi.ini /opt/couchbase/etc/couchdb/default.d/geocouch.ini /opt/couchbase/etc/couchdb/local.ini -ns_babysitter cookiefile "/opt/couchbase/var/lib/couchbase/couchbase-server.cookie" -ns_server config_path "/opt/couchbase/etc/couchbase/static_config" -ns_server pidfile "/opt/couchbase/var/lib/couchbase/couchbase-server.pid" -ns_server nodefile "/opt/couchbase/var/lib/couchbase/couchbase-server.node" -ns_server cookiefile "/opt/couchbase/var/lib/couchbase/couchbase-server.cookie-ns-server" -ns_server enable_mlockall true 101 4764 9.3 2.0 224392 166780 ? SLsl 16:17 0:03 /opt/couchbase/lib/erlang/erts-5.8.5/bin/beam.smp -A 16 -sbt u -P 327680 -K true – -root /opt/couchbase/lib/erlang -progname erl – -home /opt/couchbase – -smp enable -setcookie nocookie -kernel inet_dist_listen_min 21100 inet_dist_listen_max 21299 error_logger false -sasl sasl_error_logger false -nouser -ns_server babysitter_cookie 'HIRAZDFCWNGUHHGRTTTM' -run child_erlang child_start ns_bootstrap – -smp enable -kernel inet_dist_listen_min 21100 inet_dist_listen_max 21299 error_logger false -sasl sasl_error_logger false -couch_ini /opt/couchbase/etc/couchdb/default.ini /opt/couchbase/etc/couchdb/default.d/capi.ini /opt/couchbase/etc/couchdb/default.d/geocouch.ini /opt/couchbase/etc/couchdb/local.ini -ns_babysitter cookiefile "/opt/couchbase/var/lib/couchbase/couchbase-server.cookie" -ns_server config_path "/opt/couchbase/etc/couchbase/static_config" -ns_server pidfile "/opt/couchbase/var/lib/couchbase/couchbase-server.pid" -ns_server nodefile "/opt/couchbase/var/lib/couchbase/couchbase-server.node" -ns_server cookiefile "/opt/couchbase/var/lib/couchbase/couchbase-server.cookie-ns-server" -ns_server enable_mlockall true 101 4796 0.0 0.0 3796 540 ? Ss 16:17 0:00 /opt/couchbase/lib/erlang/lib/os_mon-2.2.7/priv/bin/memsup 101 4797 0.0 0.0 3792 396 ? Ss 16:17 0:00 /opt/couchbase/lib/erlang/lib/os_mon-2.2.7/priv/bin/cpu_sup 101 4798 0.0 0.0 38340 1732 ? Ss 16:17 0:00 /opt/couchbase/lib/erlang/lib/ssl-4.1.6/priv/bin/ssl_esock 101 4802 0.0 0.0 92260 1688 ? Ssl 16:17 0:00 /opt/couchbase/bin/moxi -Z port_listen=11211,default_bucket_name=default,downstream_max=1024,downstream_conn_max=4,connect_max_errors=5,connect_retry_interval=30000,connect_timeout=400,auth_timeout=100,cycle=200,downstream_conn_queue_timeout=200,downstream_timeout=5000,wait_queue_timeout=200 -z url= http://127.0.0.1:8091/pools/default/saslBucketsStreaming -p 0 -Y y -O stderr 101 4803 0.2 0.7 178204 58832 ? Ssl 16:17 0:00 /opt/couchbase/bin/memcached -X /opt/couchbase/lib/memcached/stdin_term_handler.so -X /opt/couchbase/lib/memcached/file_logger.so,cyclesize=104857600;sleeptime=19;filename=/opt/couchbase/var/lib/couchbase/logs/memcached.log -l 0.0.0.0:11210,0.0.0.0:11209:1000 -p 11210 -E /opt/couchbase/lib/memcached/bucket_engine.so -B binary -r -c 10000 -e admin=_admin;default_bucket_name=default;auto_create=false root 4823 0.0 0.0 61232 780 pts/0 S+ 16:17 0:00 grep couchbase [root@cen-1913 ~] # cat /proc/4716/limits Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 10485760 unlimited bytes Max core file size unlimited unlimited bytes Max resident set unlimited unlimited bytes Max processes 73728 73728 processes Max open files 10240 10240 files Max locked memory unlimited unlimited bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 73728 73728 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 [root@cen-1913 ~] # cat /proc/4734/limits Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 10485760 unlimited bytes Max core file size unlimited unlimited bytes Max resident set unlimited unlimited bytes Max processes 73728 73728 processes Max open files 10240 10240 files Max locked memory unlimited unlimited bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 73728 73728 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 [root@cen-1913 ~] # cat /proc/4803/limits Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 10485760 unlimited bytes Max core file size unlimited unlimited bytes Max resident set unlimited unlimited bytes Max processes 73728 73728 processes Max open files 10240 10240 files Max locked memory unlimited unlimited bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 73728 73728 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0

          People

          • Assignee:
            thuan Thuan Nguyen
            Reporter:
            perry Perry Krug
          • Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Gerrit Reviews

              There are no open Gerrit changes