Merge pull request #5373 from Icinga/feature/rlimit-options

Make rlimits configurable by adding three variables: RLimitFiles, RLimitProcesses and RLimitStack

refs #5367

doc/17-language-reference.md

@@ -368,6 +368,8 @@ Global constants can be set using the `const` keyword:
 Once defined a constant can be accessed from any file. Constants cannot be changed
 once they are set.
 
+### <a id="icinga-constants"></a> Icinga 2 Specific Constants
+
 Icinga 2 provides a number of special global constants. Some of them can be overridden using the `--define` command line parameter:
 
 Variable            |Description
@@ -383,8 +385,6 @@ ObjectsPath         |**Read-write.** Contains the path of the Icinga 2 objects f
 PidPath             |**Read-write.** Contains the path of the Icinga 2 PID file. Defaults to RunDir + "/icinga2/icinga2.pid".
 Vars                |**Read-write.** Contains a dictionary with global custom attributes. Not set by default.
 NodeName            |**Read-write.** Contains the cluster node name. Set to the local hostname by default.
-EventEngine         |**Read-write.** The name of the socket event engine, can be "poll" or "epoll". The epoll interface is only supported on Linux.
-AttachDebugger      |**Read-write.** Whether to attach a debugger when Icinga 2 crashes. Defaults to false.
 RunAsUser           |**Read-write.** Defines the user the Icinga 2 daemon is running as. Used in the `init.conf` configuration file.
 RunAsGroup          |**Read-write.** Defines the group the Icinga 2 daemon is running as. Used in the `init.conf` configuration file.
 PlatformName        |**Read-only.** The name of the operating system, e.g. "Ubuntu".
@@ -395,6 +395,17 @@ BuildCompilerName   |**Read-only.** The name of the compiler Icinga was built wi
 BuildCompilerVersion|**Read-only.** The version of the compiler Icinga was built with, e.g. "7.3.0.7030031".
 BuildHostName       |**Read-only.** The name of the host Icinga was built on, e.g. "acheron".
 
+
+Advanced runtime constants. Please only use them if advised by support or developers.
+
+Variable            |Description
+--------------------|-------------------
+EventEngine         |**Read-write.** The name of the socket event engine, can be `poll` or `epoll`. The epoll interface is only supported on Linux.
+AttachDebugger      |**Read-write.** Whether to attach a debugger when Icinga 2 crashes. Defaults to `false`.
+RLimitFiles         |**Read-write.** Defines the resource limit for RLIMIT_NOFILE that should be set at start-up. Value cannot be set lower than the default `16 * 1024`. 0 disables the setting. Used in the `init.conf` configuration file.
+RLimitProcesses     |**Read-write.** Defines the resource limit for RLIMIT_NPROC that should be set at start-up. Value cannot be set lower than the default `16 * 1024`. 0 disables the setting. Used in the `init.conf` configuration file.
+RLimitStack         |**Read-write.** Defines the resource limit for RLIMIT_STACK that should be set at start-up. Value cannot be set lower than the default `256 * 1024`. 0 disables the setting. Used in the `init.conf` configuration file.
+
 ## <a id="apply"></a> Apply
 
 The `apply` keyword can be used to create new objects which are associated with

icinga-app/icinga.cpp

@@ -113,9 +113,6 @@ int Main(void)
 
 	Application::SetStartTime(Utility::GetTime());
 
-	if (!autocomplete)
-		Application::SetResourceLimits();
-
 	/* Set thread title. */
 	Utility::SetThreadName("Main Thread", false);
 
@@ -152,6 +149,11 @@ int Main(void)
 	Application::DeclareZonesDir(Application::GetSysconfDir() + "/icinga2/zones.d");
 	Application::DeclareRunAsUser(ICINGA_USER);
 	Application::DeclareRunAsGroup(ICINGA_GROUP);
+#ifdef __linux__
+	Application::DeclareRLimitFiles(Application::GetDefaultRLimitFiles());
+	Application::DeclareRLimitProcesses(Application::GetDefaultRLimitProcesses());
+	Application::DeclareRLimitStack(Application::GetDefaultRLimitStack());
+#endif /* __linux__ */
 	Application::DeclareConcurrency(boost::thread::hardware_concurrency());
 
 	ScriptGlobal::Set("AttachDebugger", false);
@@ -166,6 +168,28 @@ int Main(void)
 	ScriptGlobal::Set("BuildCompilerName", ICINGA_BUILD_COMPILER_NAME);
 	ScriptGlobal::Set("BuildCompilerVersion", ICINGA_BUILD_COMPILER_VERSION);
 
+	String initconfig = Application::GetSysconfDir() + "/icinga2/init.conf";
+
+	if (Utility::PathExists(initconfig)) {
+		Expression *expression;
+		try {
+			expression = ConfigCompiler::CompileFile(initconfig);
+
+			ScriptFrame frame;
+			expression->Evaluate(frame);
+		} catch (const std::exception& ex) {
+			delete expression;
+
+			Log(LogCritical, "config", DiagnosticInformation(ex));
+			return EXIT_FAILURE;
+		}
+
+		delete expression;
+	}
+
+	if (!autocomplete)
+		Application::SetResourceLimits();
+
 	LogSeverity logLevel = Logger::GetConsoleLogSeverity();
 	Logger::SetConsoleLogSeverity(LogWarning);
 
@@ -209,25 +233,6 @@ int Main(void)
 		return EXIT_FAILURE;
 	}
 
-	String initconfig = Application::GetSysconfDir() + "/icinga2/init.conf";
-
-	if (Utility::PathExists(initconfig)) {
-		Expression *expression;
-		try {
-			expression = ConfigCompiler::CompileFile(initconfig);
-
-			ScriptFrame frame;
-			expression->Evaluate(frame);
-		} catch (const std::exception& ex) {
-			delete expression;
-
-			Log(LogCritical, "config", DiagnosticInformation(ex));
-			return EXIT_FAILURE;
-		}
-
-		delete expression;
-	}
-
 #ifndef _WIN32
 	if (vm.count("color")) {
 		Console::SetType(std::cout, Console_VT100);

lib/base/application.cpp

@@ -180,7 +180,16 @@ void Application::SetResourceLimits(void)
 	rlimit rl;
 
 #	ifdef RLIMIT_NOFILE
-	rl.rlim_cur = 16 * 1024;
+	rlim_t fileLimit = GetRLimitFiles();
+
+	if (fileLimit != 0) {
+		if (fileLimit < GetDefaultRLimitFiles()) {
+			Log(LogWarning, "Application")
+			    << "The user-specified value for RLimitFiles cannot be smaller than the default value (" << GetDefaultRLimitFiles() << "). Using the default value instead.";
+			fileLimit = GetDefaultRLimitFiles();
+		}
+
+		rl.rlim_cur = fileLimit;
 		rl.rlim_max = rl.rlim_cur;
 
 		if (setrlimit(RLIMIT_NOFILE, &rl) < 0)
@@ -188,9 +197,19 @@ void Application::SetResourceLimits(void)
 #	else /* RLIMIT_NOFILE */
 		Log(LogNotice, "Application", "System does not support adjusting the resource limit for open file handles (RLIMIT_NOFILE)");
 #	endif /* RLIMIT_NOFILE */
+	}
 
 #	ifdef RLIMIT_NPROC
-	rl.rlim_cur = 16 * 1024;
+	rlim_t processLimit = GetRLimitProcesses();
+
+	if (processLimit != 0) {
+		if (processLimit < GetDefaultRLimitProcesses()) {
+			Log(LogWarning, "Application")
+			    << "The user-specified value for RLimitProcesses cannot be smaller than the default value (" << GetDefaultRLimitProcesses() << "). Using the default value instead.";
+			processLimit = GetDefaultRLimitProcesses();
+		}
+
+		rl.rlim_cur = processLimit;
 		rl.rlim_max = rl.rlim_cur;
 
 		if (setrlimit(RLIMIT_NPROC, &rl) < 0)
@@ -198,6 +217,7 @@ void Application::SetResourceLimits(void)
 #	else /* RLIMIT_NPROC */
 		Log(LogNotice, "Application", "System does not support adjusting the resource limit for number of processes (RLIMIT_NPROC)");
 #	endif /* RLIMIT_NPROC */
+	}
 
 #	ifdef RLIMIT_STACK
 	int argc = Application::GetArgC();
@@ -216,8 +236,19 @@ void Application::SetResourceLimits(void)
 		rl.rlim_max = RLIM_INFINITY;
 	}
 
+	rlim_t stackLimit;
+
+	stackLimit = GetRLimitStack();
+
+	if (stackLimit != 0) {
+		if (stackLimit < GetDefaultRLimitStack()) {
+			Log(LogWarning, "Application")
+			    << "The user-specified value for RLimitStack cannot be smaller than the default value (" << GetDefaultRLimitStack() << "). Using the default value instead.";
+			stackLimit = GetDefaultRLimitStack();
+		}
+
 		if (set_stack_rlimit)
-		rl.rlim_cur = 256 * 1024;
+			rl.rlim_cur = stackLimit;
 		else
 			rl.rlim_cur = rl.rlim_max;
 
@@ -251,6 +282,7 @@ void Application::SetResourceLimits(void)
 #	else /* RLIMIT_STACK */
 		Log(LogNotice, "Application", "System does not support adjusting the resource limit for stack size (RLIMIT_STACK)");
 #	endif /* RLIMIT_STACK */
+	}
 #endif /* __linux__ */
 }
 
@@ -1331,6 +1363,95 @@ String Application::GetRunAsGroup(void)
 	return ScriptGlobal::Get("RunAsGroup");
 }
 
+/**
+ * Sets the name of the group.
+ *
+ * @param path The new group name.
+ */
+void Application::DeclareRunAsGroup(const String& group)
+{
+	if (!ScriptGlobal::Exists("RunAsGroup"))
+		ScriptGlobal::Set("RunAsGroup", group);
+}
+
+/**
+ * Retrieves the file rlimit.
+ *
+ * @returns The limit.
+ */
+int Application::GetRLimitFiles(void)
+{
+	return ScriptGlobal::Get("RLimitFiles");
+}
+
+int Application::GetDefaultRLimitFiles(void)
+{
+	return 16 * 1024;
+}
+
+/**
+ * Sets the file rlimit.
+ *
+ * @param path The new file rlimit.
+ */
+void Application::DeclareRLimitFiles(int limit)
+{
+	if (!ScriptGlobal::Exists("RLimitFiles"))
+		ScriptGlobal::Set("RLimitFiles", limit);
+}
+
+/**
+ * Retrieves the process rlimit.
+ *
+ * @returns The limit.
+ */
+int Application::GetRLimitProcesses(void)
+{
+	return ScriptGlobal::Get("RLimitProcesses");
+}
+
+int Application::GetDefaultRLimitProcesses(void)
+{
+	return 16 * 1024;
+}
+
+/**
+ * Sets the process rlimit.
+ *
+ * @param path The new process rlimit.
+ */
+void Application::DeclareRLimitProcesses(int limit)
+{
+	if (!ScriptGlobal::Exists("RLimitProcesses"))
+		ScriptGlobal::Set("RLimitProcesses", limit);
+}
+
+/**
+ * Retrieves the stack rlimit.
+ *
+ * @returns The limit.
+ */
+int Application::GetRLimitStack(void)
+{
+	return ScriptGlobal::Get("RLimitStack");
+}
+
+int Application::GetDefaultRLimitStack(void)
+{
+	return 256 * 1024;
+}
+
+/**
+ * Sets the stack rlimit.
+ *
+ * @param path The new stack rlimit.
+ */
+void Application::DeclareRLimitStack(int limit)
+{
+	if (!ScriptGlobal::Exists("RLimitStack"))
+		ScriptGlobal::Set("RLimitStack", limit);
+}
+
 /**
  * Sets the concurrency level.
  *
@@ -1353,17 +1474,6 @@ int Application::GetConcurrency(void)
 	return ScriptGlobal::Get("Concurrency", &defaultConcurrency);
 }
 
-/**
- * Sets the name of the group.
- *
- * @param path The new group name.
- */
-void Application::DeclareRunAsGroup(const String& group)
-{
-	if (!ScriptGlobal::Exists("RunAsGroup"))
-		ScriptGlobal::Set("RunAsGroup", group);
-}
-
 /**
  * Returns the global thread pool.
  *

lib/base/application.hpp

@@ -126,6 +126,18 @@ public:
 	static String GetRunAsGroup(void);
 	static void DeclareRunAsGroup(const String& group);
 
+	static int GetRLimitFiles(void);
+	static int GetDefaultRLimitFiles(void);
+	static void DeclareRLimitFiles(int limit);
+
+	static int GetRLimitProcesses(void);
+	static int GetDefaultRLimitProcesses(void);
+	static void DeclareRLimitProcesses(int limit);
+
+	static int GetRLimitStack(void);
+	static int GetDefaultRLimitStack(void);
+	static void DeclareRLimitStack(int limit);
+
 	static int GetConcurrency(void);
 	static void DeclareConcurrency(int ncpus);