Add worker_rlimit_nofiles as a configurable option.

2014-07-31 09:14:03 +02:00 · 2014-07-31 09:14:03 +02:00 · 22e1e1c425
parent 26d4d5d63b
commit 22e1e1c425
4 changed files with 35 additions and 1 deletions
--- a/conf/kore.conf.example
+++ b/conf/kore.conf.example
@ -17,6 +17,9 @@ workers		4
 # You might have to tweak this number based on your hardware.
 #worker_max_connections		250

+# Limit of maximum open files per worker.
+#worker_rlimit_nofiles		1024
+
 # Store the main process its pid in this file.
 #pidfile	/var/run/kore.pid

--- a/includes/kore.h
+++ b/includes/kore.h
@ -318,6 +318,7 @@ extern u_int64_t		spdy_idle_time;
 extern u_int16_t		cpu_count;
 extern u_int8_t			worker_count;
 extern u_int64_t		kore_cb_interval;
+extern u_int32_t		worker_rlimit_nofiles;
 extern u_int32_t		worker_max_connections;
 extern u_int32_t		worker_active_connections;
 extern void			(*kore_cb)(void);
--- a/src/config.c
+++ b/src/config.c
@ -42,6 +42,7 @@ static int		configure_pidfile(char **);
 static int		configure_accesslog(char **);
 static int		configure_certfile(char **);
 static int		configure_certkey(char **);
+static int		configure_rlimit_nofiles(char **);
 static int		configure_max_connections(char **);
 static int		configure_ssl_cipher(char **);
 static int		configure_ssl_dhparam(char **);
@ -89,6 +90,7 @@ static struct {
 	{ "runas",			configure_runas },
 	{ "workers",			configure_workers },
 	{ "worker_max_connections",	configure_max_connections },
+	{ "worker_rlimit_nofiles",	configure_rlimit_nofiles },
 	{ "pidfile",			configure_pidfile },
 	{ "accesslog",			configure_accesslog },
 	{ "certfile",			configure_certfile },
@ -135,7 +137,7 @@ kore_parse_config(void)
 		fatal("no '%s' symbol found for kore_cb", kore_cb_name);
 	if (LIST_EMPTY(&listeners))
 		fatal("no listeners defined");
-	if (chroot_path == NULL)
+	if (skip_chroot != 0 && chroot_path == NULL)
 		fatal("missing a chroot path");
 	if (runas_user == NULL)
 		fatal("missing a username to run as");
@ -542,6 +544,23 @@ configure_max_connections(char **argv)
 	return (KORE_RESULT_OK);
 }

+static int
+configure_rlimit_nofiles(char **argv)
+{
+	int		err;
+
+	if (argv[1] == NULL)
+		return (KORE_RESULT_ERROR);
+
+	worker_rlimit_nofiles = kore_strtonum(argv[1], 10, 1, UINT_MAX, &err);
+	if (err != KORE_RESULT_OK) {
+		printf("bad value for worker_rlimit_nofiles: %s\n", argv[1]);
+		return (KORE_RESULT_ERROR);
+	}
+
+	return (KORE_RESULT_OK);
+}
+
 static int
 configure_kore_cb(char **argv)
 {
--- a/src/worker.c
+++ b/src/worker.c
@ -17,6 +17,8 @@
 #include <sys/types.h>
 #include <sys/shm.h>
 #include <sys/wait.h>
+#include <sys/time.h>
+#include <sys/resource.h>

 #include <grp.h>
 #include <pwd.h>
@ -62,6 +64,7 @@ static struct wlock			*accept_lock;

 extern volatile sig_atomic_t	sig_recv;
 struct kore_worker		*worker = NULL;
+u_int32_t			worker_rlimit_nofiles = 1024;
 u_int32_t			worker_max_connections = 250;
 u_int32_t			worker_active_connections = 0;

@ -173,6 +176,7 @@ kore_worker_dispatch_signal(int sig)
 void
 kore_worker_entry(struct kore_worker *kw)
 {
+	struct rlimit		rl;
 	char			buf[16];
 	struct connection	*c, *cnext;
 	int			quit, had_lock;
@ -199,6 +203,13 @@ kore_worker_entry(struct kore_worker *kw)
 			fatal("unable to drop privileges");
 	}

+	rl.rlim_cur = worker_rlimit_nofiles;
+	rl.rlim_max = worker_rlimit_nofiles;
+	if (setrlimit(RLIMIT_NOFILE, &rl) == -1) {
+		kore_log(LOG_ERR, "setrlimit(RLIMIT_NOFILE, %d): %s",
+		    worker_rlimit_nofiles, errno_s);
+	}
+
 	(void)snprintf(buf, sizeof(buf), "kore [wrk %d]", kw->id);
 	kore_platform_proctitle(buf);
 	kore_platform_worker_setcpu(kw);