0

I am using docker environment in an Elastic beanstalk cluster but having trouble with open files limit. I verified that on the host my open files limit is 65535, but in the docker container the soft limit is 1024 and hard limit is 4096. I'd like to increase these limits inside the container, but when I tried to do that manually I got error even with root:

root@4020d4faf5fc:/# ulimit -n 20000
bash: ulimit: open files: cannot modify limit: Operation not permitted

A similar thread also shares some ideas but seems like those are related to increasing limit of the host vs container.

Ankit
  • 3,878
  • 5
  • 35
  • 51

1 Answers1

3

You would need the SYS_RESOURCE Linux capability to set ulimit from within the container, which would typically be specified using the --cap-add flag with docker run.

With Elastic Beanstalk this can be accomplished in the following ways:

  1. If you are already using docker-compose, then add it to your compose file as usual (under services.<your service> key) 
    ulimits:
    nofile:
        soft: 20000
        hard: 20000
  2. If you use Dockerrun.aws.json version 1 for single-container Docker environments, see Task Definition Resource Limits: 
    {
    "AWSEBDockerrunVersion": "1",
    .
    .
    .
    "ulimits": [
        {
            "name": "nofile",
            "softLimit": 20000,
            "hardLimit": 20000
        }
    ]
}
  3. If you use Dockerrun.aws.json version 2 for multi-container Docker environments, this gist may be useful 
    {
   "AWSEBDockerrunVersion": "2",
   "containerDefinitions": [ 
       {
           .
           .
           .
           "ulimits": [ 
               { 
                   "hardLimit": 20000,
                   "name": "nofile",
                   "softLimit": 20000
               }
           ]
       }
   ]
}

See also the Elastic Beanstalk Docker docs.

tamth
  • 154
  • 3
  • Thank you @tamth, this looks promising. I could not find documentation for containerDefinitions, do you know if it works with a specific version of `Dockerrun.aws.json` – Ankit Dec 29 '20 at 23:50
  • @Ankit Thanks, I have expanded the answer to differentiate between v1 and v2. – tamth Dec 31 '20 at 01:43
  • 1
    Thanks. We ended up switching to using docker-compose.yml. Seems most straightforward. – Ankit Dec 31 '20 at 18:50
  • @tamth have you ever try solution 2? Nothing was changed in my test. :thinking: – user1791139 Jan 06 '21 at 16:38
  • @user1791139 I would need more context to understand your question. – tamth Jan 17 '21 at 16:47
  • @tamth I only wanted to mention that your ulimit definition in solution 2 has no effect in the docker container. AWS does not support the definition of an property ulimit in "AWSEBDockerrunVersion": "1" – user1791139 Jan 19 '21 at 21:01