database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00
Code Activity

Add rudimentary section about controlling kernel's file and process limits.

Browse Source
This commit is contained in:
Peter Eisentraut
2001-01-08 21:01:54 +00:00
parent 745f0c21e5
commit 005ad6cdd6
1 changed files with 104 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
doc/src/sgml/runtime.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.45 2000/12/30 15:03:09 petere Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.46 2001/01/08 21:01:54 petere Exp $
--> -->
<Chapter Id="runtime"> <Chapter Id="runtime">
@ -1536,7 +1536,8 @@ options "SEMMNU=120"
<varlistentry> <varlistentry>
<term>FreeBSD</> <term>FreeBSD</term>
<term>OpenBSD</term>
<listitem> <listitem>
<para> <para>
The options <varname>SYSVSHM</> and <varname>SYSVSEM</> need The options <varname>SYSVSHM</> and <varname>SYSVSEM</> need
@ -1545,14 +1546,14 @@ options "SEMMNU=120"
the option <varname>SHMMAXPGS</> (in pages). The following the option <varname>SHMMAXPGS</> (in pages). The following
shows an example of how to set the various parameters: shows an example of how to set the various parameters:
<programlisting> <programlisting>
options SYSVSHM options SYSVSHM
options SHMMAXPGS=4096 options SHMMAXPGS=4096
options SHMSEG=256 options SHMSEG=256
options SYSVSEM options SYSVSEM
options SEMMNI=256 options SEMMNI=256
options SEMMNS=512 options SEMMNS=512
options SEMMNU=256 options SEMMNU=256
options SEMMAP=256 options SEMMAP=256
</programlisting> </programlisting>
</para> </para>
@ -1711,24 +1712,82 @@ set semsys:seminfo_semmsl=32
</variablelist> </variablelist>
<note>
<para>
If your platform is not listed here, please consider
contributing some information.
</para>
</note>
</para> </para>
</sect2> </sect2>
<!--
Other fun things to write about one day: <sect2>
* number of processes per user and system-wide (soft/hard limit) <title>Resource Limits</title>
* open files/inodes per user and system-wide (soft/hard limit)
(Think about this both ways: Increasing it to allow Postgres to <para>
open more files, and decreasing it to prevent Postgres from taking Unix-like operating systems enforce various kinds of resource
up all file descriptors.) limits that might interfere with the operation of your
* stack and data segment size, plain-old memory limit <productname>Postgres</productname> server. Of importance are
--> especially the limits on the number of processes per user, the
number of open files per process, and the amount of memory
available to a process. Each of these have a <quote>hard</quote>
and a <quote>soft</quote> limit. The soft limit is what actually
counts but it can be changed by the user up to the hard limit.
The hard limit can only be changed by the root user. The system
call <function>setrlimit</function> is responsible for setting
these parameters. The shell the built-in command
<command>ulimit</command> (Bourne shells) or
<command>limit</command> (csh) is used to control the resource
limits from the command line. On BSD-derived systems the file
<filename>/etc/login.conf</filename> controls what values the
various resource limits are set to upon login. See
<citerefentry><refentrytitle>login.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details. The relevant
parameters are <varname>maxproc</varname>,
<varname>openfiles</varname>, and <varname>datasize</varname>.
For example:
<programlisting>
default:\
...
:datasize-cur=256M:\
:maxproc-cur=256:\
:openfiles-cur=256:\
...
</programlisting>
(<literal>-cur</literal> is the soft limit. Append
<literal>-max</literal> to set the hard limit.)
</para>
<para>
Kernels generally also have an implementation-dependent
system-wide limit on some resources.
<simplelist>
<member>
On <productname>Linux</productname>
<filename>/proc/sys/fs/file-max</filename> determines the
maximum number of files that the kernel will allocate. It can
be changed by writing a different number into the file or by
adding an assignment in <filename>/etc/sysctl.conf</filename>.
The maximum limit of files per process is fixed at the time the
kernel is compiled; see
<filename>/usr/src/linux/Documentation/proc.txt</filename> for
more information.
</member>
</simplelist>
</para>
<para>
The <productname>Postgres</productname> server uses one process
per connection so you should provide for at least as many processes
as allowed connections, in addition to what you need for the rest
of your system. This is usually not a problem but if you run
several servers on one machine things might get tight.
</para>
<para>
The factory default limit on open files is often set to
<quote>socially friendly</quote> values that allow many users to
coexist on a machine without using an inappropriate fraction of
the system resources. If you run many servers on a machine this
is perhaps what you want, but on dedicated servers you may want to
raise this limit.
</para>
</sect2>
</sect1> </sect1>
@ -1819,19 +1878,18 @@ set semsys:seminfo_semmsl=32
can be started with the argument <option>-l</> (ell) to enable can be started with the argument <option>-l</> (ell) to enable
SSL connections. When starting in SSL mode, the postmaster will look SSL connections. When starting in SSL mode, the postmaster will look
for the files <filename>server.key</> and <filename>server.crt</> in for the files <filename>server.key</> and <filename>server.crt</> in
the data directory (pointed to by <envar>PGDATA</envar>). the data directory. These files should contain the server private key
These files should contain the server private key
and certificate respectively. These files must be set up correctly and certificate respectively. These files must be set up correctly
before an SSL-enabled server can start. If the private key is protected before an SSL-enabled server can start. If the private key is protected
with a passphrase, the postmaster will prompt for the passphrase and will with a passphrase, the postmaster will prompt for the passphrase and will
not start until it has been provided. not start until it has been entered.
</para> </para>
<para> <para>
The postmaster will listen for both standard and SSL connections The postmaster will listen for both standard and SSL connections
on the same TCP/IP port, and will negotiate with any connecting on the same TCP/IP port, and will negotiate with any connecting
client whether or not to use SSL. client whether or not to use SSL.
See <xref linkend="client-authentication"> See <xref linkend="client-authentication">
about how to force on the server side the use of SSL for certain about how to force on the server side the use of SSL for certain
connections. connections.
</para> </para>
@ -1843,27 +1901,27 @@ set semsys:seminfo_semmsl=32
by a CA (either one of the global CAs or a local one) should be used in by a CA (either one of the global CAs or a local one) should be used in
production so the client can verify the servers identity. To create production so the client can verify the servers identity. To create
a quick self-signed certificate, use the following OpenSSL command: a quick self-signed certificate, use the following OpenSSL command:
<programlisting> <programlisting>
openssl req -new -text -out cert.req openssl req -new -text -out cert.req
</programlisting> </programlisting>
Fill out the information that openssl asks for. Make sure that you enter Fill out the information that openssl asks for. Make sure that you enter
the local host name as Common Name; the challenge password can be the local host name as Common Name; the challenge password can be
left blank. The script will generate a key that is passphrase protected; left blank. The script will generate a key that is passphrase protected;
it will not accept a pass phrase that is less than four characters long. it will not accept a pass phrase that is less than four characters long.
To remove the passphrase (as you must if you want automatic start-up of To remove the passphrase (as you must if you want automatic start-up of
the postmaster), run the commands the postmaster), run the commands
<programlisting> <programlisting>
mv privkey.pem cert.pem.pw mv privkey.pem cert.pem.pw
openssl rsa -in cert.pem.pw -out cert.pem openssl rsa -in cert.pem.pw -out cert.pem
</programlisting> </programlisting>
Enter the old passphrase to unlock the existing key. Now do Enter the old passphrase to unlock the existing key. Now do
<programlisting> <programlisting>
openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
cp cert.pem $PGDATA/server.key cp cert.pem <replaceable>$PGDATA</replaceable>/server.key
cp cert.cert $PGDATA/server.crt cp cert.cert <replaceable>$PGDATA</replaceable>/server.crt
</programlisting> </programlisting>
to turn the certificate into a self-signed certificate and to copy the to turn the certificate into a self-signed certificate and to copy the
key and certificate to where the postmaster will look for them. key and certificate to where the postmaster will look for them.
</para> </para>
</sect1> </sect1>