[httpd][daily] 查看并修改httpd的最大fd打开个数limit

 

 

 

 

 

 

 

 

 

 

 

重要提示: 请直接阅读步骤(6),如果不生效,再回头阅读(1)-(5)。

 

如题:

修改这个文件就行了:/etc/security/limits.conf

 

查看当前配置的方法:

1. 找到httpd的pid(中间那三个apache的)

[root@server-tong-1 ~]# ps -ef |grep httpd
root      1234     1  0 03:21 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    1235  1234  0 03:21 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    1236  1234  0 03:21 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    1237  1234  0 03:21 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache    1239  1234  0 03:21 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
root      1537  1210  0 03:28 pts/0    00:00:00 grep --color=auto httpd

 

2. 查看这几个进程当前使用的值

[root@server-tong-1 ~]# cat /proc/1236/limits
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             15072                15072                processes 
Max open files            1024                 4096                 files     
Max locked memory         65536                65536                bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       15072                15072                signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us    

 

3. 查看系统允许修改的最大值,以及用户名

[root@server-tong-1 ~]# cat /etc/shadow |grep apa
apache:!!:17833::::::
[root@server-tong-1 ~]# cat /proc/sys/fs/nr_open 
1048576

查到,limit可以使用的最大值是1048576,用户名是apache

另外,需要提到的一点,我曾经尝试直接将这个值设置成unlimited, 结果导致了root无法登录。【大哭~~】,后来想办法进去之后,查看到报错如下:【tag:修改limit.conf之后 ssh失败 root无法登录 OS无法登录】

546 Dec 10 02:44:03 server-tong-1 login: pam_limits(login:session): Could not set limit for 'nofile': Operation not permitted
547 Dec 10 02:44:03 server-tong-1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
548 Dec 10 02:44:03 server-tong-1 login: Permission denied
549 Dec 10 02:44:15 server-tong-1 login: pam_limits(login:session): Could not set limit for 'nofile': Operation not permitted
550 Dec 10 02:44:15 server-tong-1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
551 Dec 10 02:44:15 server-tong-1 login: Permission denied
552 Dec 10 02:44:42 server-tong-1 login: pam_limits(login:session): Could not set limit for 'nofile': Operation not permitted
553 Dec 10 02:44:42 server-tong-1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
554 Dec 10 02:44:42 server-tong-1 login: Permission denied
555 Dec 10 02:44:55 server-tong-1 login: pam_unix(login:auth): check pass; user unknown
556 Dec 10 02:44:55 server-tong-1 login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
557 Dec 10 02:44:57 server-tong-1 login: FAILED LOGIN 1 FROM tty1 FOR (unknown), User not known to the underlying authentication module
558 Dec 10 02:45:03 server-tong-1 login: pam_limits(login:session): Could not set limit for 'nofile': Operation not permitted
559 Dec 10 02:45:03 server-tong-1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
560 Dec 10 02:45:03 server-tong-1 login: Permission denied
561 Dec 10 02:50:01 server-tong-1 crond[14616]: pam_limits(crond:session): Could not set limit for 'nofile': Operation not permitted
562 Dec 10 03:00:01 server-tong-1 crond[14649]: pam_limits(crond:session): Could not set limit for 'nofile': Operation not permitted
563 Dec 10 03:00:20 server-tong-1 sshd[784]: Received signal 15; terminating.

 

4. 准备就绪后,我们现在来修改limit.conf文件吧!追加两行配置如下,并重启OS

[root@server-tong-1 ~]# tail -n3 /etc/security/limits.conf 
apache hard nofile 1048576
apache soft nofile 1048576
# End of file
[root@server-tong-1 ~]# 

 

5. 用2中的方法查看修改是否成功。

结果,令人尴尬的是,这个修改并不好使。。。。。

为什么呢? 因为我使用systemctl来管理httpd服务的启动的。所以当使用systemctl来start的时候,并不生效。但是手动执行/usr/bin/httpd是生效的。

这个时候我们需要步骤六,来搞定这一切

 

6.  修改 httpd.service文件

在 [Service] 章节增加如下一行:

LimitNOFILE=1048576

重启服务。

详见:https://fredrikaverpil.github.io/2016/04/27/systemd-and-resource-limits/

 

更值得注意的一件事情是什么呢?

这里边,1到5的步骤都是可以省略的,直接改第六步就可以生效了。

 

完!

 

posted on 2018-12-10 11:37  toong  阅读(838)  评论(0编辑  收藏  举报