commit 22e1e1c425df1e23a25a21fb9c14f5d30bb9d8ca
parent 26d4d5d63b83cb9044ae72d0f3ea1e323cebfc39
Author: Joris Vink <joris@coders.se>
Date: Thu, 31 Jul 2014 09:14:03 +0200
Add worker_rlimit_nofiles as a configurable option.
Diffstat:
4 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/conf/kore.conf.example b/conf/kore.conf.example
@@ -17,6 +17,9 @@ workers 4
# You might have to tweak this number based on your hardware.
#worker_max_connections 250
+# Limit of maximum open files per worker.
+#worker_rlimit_nofiles 1024
+
# Store the main process its pid in this file.
#pidfile /var/run/kore.pid
diff --git a/includes/kore.h b/includes/kore.h
@@ -318,6 +318,7 @@ extern u_int64_t spdy_idle_time;
extern u_int16_t cpu_count;
extern u_int8_t worker_count;
extern u_int64_t kore_cb_interval;
+extern u_int32_t worker_rlimit_nofiles;
extern u_int32_t worker_max_connections;
extern u_int32_t worker_active_connections;
extern void (*kore_cb)(void);
diff --git a/src/config.c b/src/config.c
@@ -42,6 +42,7 @@ static int configure_pidfile(char **);
static int configure_accesslog(char **);
static int configure_certfile(char **);
static int configure_certkey(char **);
+static int configure_rlimit_nofiles(char **);
static int configure_max_connections(char **);
static int configure_ssl_cipher(char **);
static int configure_ssl_dhparam(char **);
@@ -89,6 +90,7 @@ static struct {
{ "runas", configure_runas },
{ "workers", configure_workers },
{ "worker_max_connections", configure_max_connections },
+ { "worker_rlimit_nofiles", configure_rlimit_nofiles },
{ "pidfile", configure_pidfile },
{ "accesslog", configure_accesslog },
{ "certfile", configure_certfile },
@@ -135,7 +137,7 @@ kore_parse_config(void)
fatal("no '%s' symbol found for kore_cb", kore_cb_name);
if (LIST_EMPTY(&listeners))
fatal("no listeners defined");
- if (chroot_path == NULL)
+ if (skip_chroot != 0 && chroot_path == NULL)
fatal("missing a chroot path");
if (runas_user == NULL)
fatal("missing a username to run as");
@@ -543,6 +545,23 @@ configure_max_connections(char **argv)
}
static int
+configure_rlimit_nofiles(char **argv)
+{
+ int err;
+
+ if (argv[1] == NULL)
+ return (KORE_RESULT_ERROR);
+
+ worker_rlimit_nofiles = kore_strtonum(argv[1], 10, 1, UINT_MAX, &err);
+ if (err != KORE_RESULT_OK) {
+ printf("bad value for worker_rlimit_nofiles: %s\n", argv[1]);
+ return (KORE_RESULT_ERROR);
+ }
+
+ return (KORE_RESULT_OK);
+}
+
+static int
configure_kore_cb(char **argv)
{
if (argv[1] == NULL)
diff --git a/src/worker.c b/src/worker.c
@@ -17,6 +17,8 @@
#include <sys/types.h>
#include <sys/shm.h>
#include <sys/wait.h>
+#include <sys/time.h>
+#include <sys/resource.h>
#include <grp.h>
#include <pwd.h>
@@ -62,6 +64,7 @@ static struct wlock *accept_lock;
extern volatile sig_atomic_t sig_recv;
struct kore_worker *worker = NULL;
+u_int32_t worker_rlimit_nofiles = 1024;
u_int32_t worker_max_connections = 250;
u_int32_t worker_active_connections = 0;
@@ -173,6 +176,7 @@ kore_worker_dispatch_signal(int sig)
void
kore_worker_entry(struct kore_worker *kw)
{
+ struct rlimit rl;
char buf[16];
struct connection *c, *cnext;
int quit, had_lock;
@@ -199,6 +203,13 @@ kore_worker_entry(struct kore_worker *kw)
fatal("unable to drop privileges");
}
+ rl.rlim_cur = worker_rlimit_nofiles;
+ rl.rlim_max = worker_rlimit_nofiles;
+ if (setrlimit(RLIMIT_NOFILE, &rl) == -1) {
+ kore_log(LOG_ERR, "setrlimit(RLIMIT_NOFILE, %d): %s",
+ worker_rlimit_nofiles, errno_s);
+ }
+
(void)snprintf(buf, sizeof(buf), "kore [wrk %d]", kw->id);
kore_platform_proctitle(buf);
kore_platform_worker_setcpu(kw);
