Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

SLES 12 SP2 Issues with Domino running with Systemd

Daniel Nashed – 24 July 2017 10:01:20
There is a new feature introduced in SLES 12 SP2 which could lead to issues with larger Domino or Traveler servers.

The default nproc size is still set to 7400. So in most cases this tunable does still not need to be set in your Domino service file.


But there is a new security feature introduced in SLES 12 SP2 which will cause processes fail to start or not able to span more threads.


The error you might see is the following:


Jul 20 11:02:41 dom-srv kernel: cgroup: fork rejected by pids controller in /system.slice/domino.service

The new feature limits processes by default to use more than 512 threads.


Here is the relevant extract from SLES 12 SP2 readme:


-- snip --


2.3.2 Support for PIDs cgroup Controller #

The version of systemd shipped in SLES 12 SP2 uses the PIDs cgroup controller. This provides some per-service fork() bomb protection, leading to a safer system.
However, under certain circumstances you may notice regressions. The limits have already been raised above the upstream default values to avoid this but the risk remains.
If you notice regressions, you can change a number of TasksMax settings.

To control the default TasksMax= setting for services and scopes running on the system, use the system.conf setting DefaultTasksMax=. This setting defaults to 512, which means services that are not explicitly configured otherwise will only be able to create 512 processes or threads at maximum.

For thread- or process-heavy services, you may need to set a higher TasksMax value. In such cases, set TasksMax directly in the specific unit files. Either choose a numeric value or even infinity.
Similarly, you can limit the total number of processes or tasks each user can own concurrently. To do so, use the logind.conf setting UserTasksMax (the default is 12288).
nspawn containers now also have a TasksMax value set, with a default of 16384.


-- snip --

The best solution for Domino is to increase the limit directly in the domino.service file.

In addition to this new setting I also updated the config file with an updated value for LimitNPROC= 8000 in addition to the new setting TasksMax= 8000.

8000 Threads should be sufficient for all Domino server environments.


So in case you are running a larger scale environment with SLES 12 SP2 you really should check those settings in  your service file!


-- Daniel



-- snip --


[Unit]

Description=IBM Domino Server (notes)

After=syslog.target network.target


[Service]

Type=forking

User=notes

LimitNOFILE=60000

LimitNPROC= 8000

TasksMax= 8000

PIDFile=/local/notesdata/domino.pid

ExecStart=/opt/ibm/domino/rc_domino_script start

ExecStop=/opt/ibm/domino/rc_domino_script stop

TimeoutSec=100

TimeoutStopSec=300

KillMode=none

RemainAfterExit=no

#Environment=LANG=en_US.UTF-8

#Environment=LANG=de_DE.UTF-8


[Install]

WantedBy=multi-user.target

-- snip --

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]