limits.conf
Reference material for adding security information to the limits.conf
configuration file when setting up Kerberos for non-Ambari clusters.
Adjust the Maximum Number of Open Files and Processes
In a secure cluster, if the DataNodes are started as the root user, JSVC downgrades the processing using setuid to hdfs. However, the ulimit is based on the ulimit of the root user, and the default ulimit values assigned to the root user for the maximum number of open files and processes may be too low for a secure cluster. This can result in a “Too Many Open Files” exception when the DataNodes are started.
Therefore, when configuring a secure cluster you should increase the following root ulimit values:
-
nofile: The maximum number of open files. Recommended value: 65536
-
nproc: The maximum number of processes. Recommended value: 65536
/etc/security/limits.conf file on every host in your
cluster:* - nofile 65536
* - nproc 65536/etc/security/limits.conf
file.root - nofile 65536
root - nproc 65536You can use the ulimit -a command to view the current settings:
[root@node-1 /]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14874
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 14874
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimitedYou can also use the ulimit command to dynamically set these limits until the
next reboot. This method sets a temporary value that will revert to the settings
in the /etc/security/limits.conf file after the next reboot,
but it is useful for experimenting with limit settings. For example:
[root@node-1 /]# ulimit -n 65536The updated value can then be displayed:
[root@node-1 /]# ulimit -n
65536