I am trying to start a cassandra (not dsc) server on Docker (ubuntu 14.04). When I run service cassandra start (as root), I get
/etc/init.d/cassandra: 82: ulimit: error setting limit (Operation not permitted)
line 82 of that file is
ulimit -l unlimited
I'm not really sure what I need to change it to.
I would expect you would get that warning but that Cassandra would continue to start up and run correctly. As pointed out in the other answer, Docker restricts certain operations for safety reasons. In this case, the Casssandra init script is trying to allow unlimited locked memory. Assuming you are running with swap disabled (as it is a Cassandra best practice) then you can safely ignore this error.
I run Cassandra in Docker for my development environment and also get this warning, but Cassandra starts and runs just fine. If it is not starting up, check the cassandra log files for another problem.
A short intro into ulimit: RESOURCE LIMITS ON UNIX SYSTEMS (ULIMIT).
The command this init script is trying to issue is supposed to set the max locked memory limit to, well, unlimited. Should succeed for root. Does whoami print root?
UPD: further research led me to this Google Groups discussion. Hopefully it will clarify things a bit.
/etc/init.d/cassandra start/restart/status will not work because init system is not running inside the container so the available option is to restart the container
docker restart "container id or container name"
Related
Working on learning linux, Docker, and Docker Volumes. I want to spin up an httpd container that references a httpd.conf file on my local machine that has proxy and load balancing code in it with the correct modules loaded. I've gotten it figured out manually, but now I want to try using a volume to simplify the process.
My issue is I'm getting permission errors when trying to run the container. I'm using CentOS 7 on a VM, and I'm getting an SELinux Alert when I try to start up the container. I believe this is a permissions issue, I've changed permissions on my local machine so that the directory and httpd.conf file are accessible to anyone, but I believe the actual issue is within the httpd containers permissions.
How do I allow the volume to work? Please let me know what other information to provide if what I have here is too vague, still learning linux and docker so not sure what else will be required to diagnose this problem.
According to the Docker reference manual, you can add an additional option to the mount parameter which modifies the SELinux label to the host file/directory being mounted.
So your volume mount parameter will go from something like:
-v /folder/to/mount:/directory/in/container
To:
-v /folder/to/mount:/directory/in/container:z
Full command line example:
docker run -d --name my-httpd-cont -ti -v "$(pwd)"/httpd.conf:conf/httpd.conf:z httpd:latest
As you're learning Linux, you can turn SELinux off, or put it into permissive mode which will log warnings, but won't act upon them. This can be done by running the following command.
setenforce 0
To turn it off altogether, manually edit the /etc/selinux/config file and reboot the server.
I have a VPS with firewall and security notices enabled. I keep getting emails like this:
Time: Wed Jun 19 19:01:54 2019 -0500
Account: user
Resource: Process Time
Exceeded: 7248 > 3600 (seconds)
Executable: /opt/cpanel/ea-php72/root/usr/sbin/php-fpm
Command Line: php-fpm: pool domain_com
PID: 16374 (Parent PID:9915)
Killed: No
So for some reason with this example I have a script that has apparently been running for 2+ hours non-stop. I don't have anything that should be doing that.
I'm getting notices like this quite often. How can I use this info to track down what specifically is causing this?
Any information would be greatly appreciated. Thanks!
You can track which the exact process with the process ID mentioned.
lsof -p 16374
The alert which you are getting is from the LDF which is installed as a part of CSF. I think its normal for cPanel with php_fpm to have the process php_fpm run this long.
You can add the php-fpm to csf.pignore file to stop this warning.
You can also refer the below cPanel fourm thread.
https://forums.cpanel.net/threads/lfd-excessive-resource-usage-normal-for-php-fpm.592583/
To get more information on processes, I would use the Htop tool. This is a great article for learning about how to manage processes using htop and ps
Lsof (List open files) will tell you more information about what files the process is using.
You can get htop and lsof with
sudo apt install htop lsof -y
This article indicates that :
That message comes from the third-party CSF/LFD application and indicates a PHP-FPM process was running longer than the maximum time configured for the CSF/LFD detection period. It shows the process was not killed, thus you should not have traffic loss.
So you might want to check the PHP-FPM error log for the account in-question to see if you notice any particular error messages. It's located at:
/home/$username/logs/domain_tld.php.error.log
It looks like your specific issue has not been resolved on that form. So, you might want to try strace. It handles watching system calls made by a given process including all read-write operations and os function calls. You can activate it on the command line before the program you want to track or attach to a running process by hitting s on a process selected in htop.
In opensuse docker container, cronjob is not working. When I try systemctl command getting this error: Failed to et D-bus: Unknown error -1 . I have tried many blogs and stackoverflow questions everywhere It was advised that basic architecture of Docker image should be redesigned.
What exactly needs to be done here is not mentioned. Kindly help, I am stuck on this issue.
To a first approximation, commands like systemctl, initctl, service, or start just don't work in Docker and you should find a different way to do what you're attempting.
Stylewise, the standard way to use a Docker container is to launch some sort of service in the foreground. As one specific example, the standard Redis image doesn't go through any sort of init script; it just runs
CMD ["redis-server"]
In most Docker images it's unusual to even so much as launch a background process (with the shell & operator). It's not usually necessary and in Dockerfiles the interaction with the RUN directive has confused some people.
In the specific case of systemctl, it requires an extremely heavyweight init system that is not just a process manager but also wants to monitor and manage kernel-level parameters, includes a logging system, runs an inter-process message bus, and some other functionality. You can't run systemd under Docker without the container being --privileged, which gives the container the ability to "escape" on to the host system in some unfortunate ways.
By default, CoreOS and the Linux kernel has some pretty conservative limits defined for things such as open files and locked memory.
So I upped the values in /etc/systemd/system.conf:
DefaultLimitNOFILE=500000
DefaultLimitMEMLOCK=unlimited
However, when I start my docker containers the limits are still low. ulimit -l prints 64.
Running ulimit -l unlimited prints an error.
ulimit: max locked memory: cannot modify limit: Operation not
permitted
So I placed
LimitMAXLOCKED=unlimited
LimitNOFILE=64000
In my systemd unit file.
However, these values are not coming through to the docker container and calling them still doesn't work. I've rebooted the machine after changing the systemwide defaults.
This is probably more of a systemd thing. How do I fix this?
Docker containers are not started nor managed by systemd. The Docker daemon is responsible for setting limits here. Here is an example taken from the official documentation:
# docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n"
We would like to monitor our CouchDB installation using the default pid file method with MONIT, however although couchdb is working fine there is no pid file generated under /var/run/couchdb, there is only a couch.uri file.
Permissions on /var/run/couchdb are good (couch:couch) and service couchdb stop and start work fine, although for MONIT to stop/start we would need the /etc/init.d/couchdb start/stop option (which again isn't present).
For info we just installed using apt-get install couchdb on Ubuntu 14.04.
Any advice appreciated.
Best regards
RichBos
I have done this with an older version (1.3) of CouchDB installed from source. Please check if this is working for you:
check process couchdb with pidfile
/usr/local/var/run/couchdb/couchdb.pid
group database
start program = "/etc/init.d/couchdb start -u couchdb"
stop program = "/etc/init.d/couchdb stop -u couchdb"
if failed host 127.0.0.1 port 5984 then restart
if cpu is greater than 40% for 2 cycles then alert
if cpu > 60% for 5 cycles then restart
if 10 restarts within 10 cycles then timeout
If you have installed it via a package manager, you will most likely find the pid in /var/run/couchdb/couchdb.pid
The place of the pid file did not change since 1.3. So chances are good, that it's working for you.