From b4335630b78b5cf927e79724067803a6c0d7c04f Mon Sep 17 00:00:00 2001 From: Adam Farden Date: Sun, 3 May 2020 09:27:54 +0200 Subject: [PATCH] [systemd] Add value to LimitNOFILE due to performance problems When k3s is installed on an OS with default high ulimits, performance issues can be observed. This was discovered on CoreOS where the default value is 1073741816. Symptoms include very slow file operations such as installing a Rook/Ceph cluster will take ~6 hours instead of ~10 minutes. A google search for 'container LimitNOFILE' will show that most major projects set this already, including the (unused) containerd systemd unit found in this repository at /vendor/github.com/containerd/containerd/containerd.service k3OS is not affected becuasse the default there is already 1048576. See description in coreos/fedora-coreos-tracker#329 --- contrib/ansible/roles/k3s/master/templates/k3s.service.j2 | 4 +++- contrib/ansible/roles/k3s/node/templates/k3s.service.j2 | 4 +++- install.sh | 4 +++- k3s.service | 4 +++- package/rpm/install.sh | 4 +++- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/contrib/ansible/roles/k3s/master/templates/k3s.service.j2 b/contrib/ansible/roles/k3s/master/templates/k3s.service.j2 index 1d6c5d20f6..d0f7dcc0fd 100644 --- a/contrib/ansible/roles/k3s/master/templates/k3s.service.j2 +++ b/contrib/ansible/roles/k3s/master/templates/k3s.service.j2 @@ -10,7 +10,9 @@ ExecStartPre=-/sbin/modprobe overlay ExecStart=/usr/local/bin/k3s server {{ extra_server_args | default("") }} KillMode=process Delegate=yes -LimitNOFILE=infinity +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity diff --git a/contrib/ansible/roles/k3s/node/templates/k3s.service.j2 b/contrib/ansible/roles/k3s/node/templates/k3s.service.j2 index 76c927695e..cf491213d9 100644 --- a/contrib/ansible/roles/k3s/node/templates/k3s.service.j2 +++ b/contrib/ansible/roles/k3s/node/templates/k3s.service.j2 @@ -10,7 +10,9 @@ ExecStartPre=-/sbin/modprobe overlay ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --token {{ hostvars[groups['master'][0]]['token'] }} KillMode=process Delegate=yes -LimitNOFILE=infinity +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity diff --git a/install.sh b/install.sh index 2d81e8d524..fdc8eb4610 100755 --- a/install.sh +++ b/install.sh @@ -646,7 +646,9 @@ Type=${SYSTEMD_TYPE} EnvironmentFile=${FILE_K3S_ENV} KillMode=process Delegate=yes -LimitNOFILE=infinity +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity diff --git a/k3s.service b/k3s.service index 94abfb771a..8da71c7d9c 100644 --- a/k3s.service +++ b/k3s.service @@ -9,7 +9,9 @@ EnvironmentFile=/etc/systemd/system/k3s.service.env ExecStart=/usr/local/bin/k3s server KillMode=process Delegate=yes -LimitNOFILE=infinity +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity diff --git a/package/rpm/install.sh b/package/rpm/install.sh index ba9ec5345c..d4f8b6d047 100755 --- a/package/rpm/install.sh +++ b/package/rpm/install.sh @@ -670,7 +670,9 @@ Type=${SYSTEMD_TYPE} EnvironmentFile=${FILE_K3S_ENV} KillMode=process Delegate=yes -LimitNOFILE=infinity +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity