Add rudimentary section about controlling kernel's file and process limits.

005ad6cd · Peter Eisentraut · 745f0c21 · 005ad6cd
Commit 005ad6cd authored Jan 08, 2001 by Peter Eisentraut
Show whitespace changes
Inline Side-by-side

Showing with 104 additions and 46 deletions

doc/src/sgml/runtime.sgml doc/src/sgml/runtime.sgml +104 -46

No files found.
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.45 2000/12/30 15:03:09 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.46 2001/01/08 21:01:54 petere Exp $
 -->
 <Chapter Id="runtime">
@@ -1536,7 +1536,8 @@ options "SEMMNU=120"
     <varlistentry>
-      <term>FreeBSD</>
+      <term>FreeBSD</term>
+      <term>OpenBSD</term>
      <listitem>
       <para>
        The options <varname>SYSVSHM</> and <varname>SYSVSEM</> need
@@ -1711,24 +1712,82 @@ set semsys:seminfo_semmsl=32
    </variablelist>
-    <note>
+   </para>
+  </sect2>
+  <sect2>
+   <title>Resource Limits</title>
+   <para>
+    Unix-like operating systems enforce various kinds of resource
+    limits that might interfere with the operation of your
+    <productname>Postgres</productname> server.  Of importance are
+    especially the limits on the number of processes per user, the
+    number of open files per process, and the amount of memory
+    available to a process.  Each of these have a <quote>hard</quote>
+    and a <quote>soft</quote> limit.  The soft limit is what actually
+    counts but it can be changed by the user up to the hard limit.
+    The hard limit can only be changed by the root user.  The system
+    call <function>setrlimit</function> is responsible for setting
+    these parameters.  The shell the built-in command
+    <command>ulimit</command> (Bourne shells) or
+    <command>limit</command> (csh) is used to control the resource
+    limits from the command line.  On BSD-derived systems the file
+    <filename>/etc/login.conf</filename> controls what values the
+    various resource limits are set to upon login.  See
+    <citerefentry><refentrytitle>login.conf</refentrytitle>
+    <manvolnum>5</manvolnum></citerefentry> for details.  The relevant
+    parameters are <varname>maxproc</varname>,
+    <varname>openfiles</varname>, and <varname>datasize</varname>.
+    For example:
+<programlisting>
+default:\
+...
+        :datasize-cur=256M:\
+        :maxproc-cur=256:\
+        :openfiles-cur=256:\
+...
+</programlisting>
+    (<literal>-cur</literal> is the soft limit.  Append
+    <literal>-max</literal> to set the hard limit.)
+   </para>
   <para>
-      If your platform is not listed here, please consider
+    Kernels generally also have an implementation-dependent
-      contributing some information.
+    system-wide limit on some resources.
+    <simplelist>
+     <member>
+      On <productname>Linux</productname>
+      <filename>/proc/sys/fs/file-max</filename> determines the
+      maximum number of files that the kernel will allocate.  It can
+      be changed by writing a different number into the file or by
+      adding an assignment in <filename>/etc/sysctl.conf</filename>.
+      The maximum limit of files per process is fixed at the time the
+      kernel is compiled; see
+      <filename>/usr/src/linux/Documentation/proc.txt</filename> for
+      more information.
+     </member>
+    </simplelist>
   </para>
-    </note>
+   <para>
+    The <productname>Postgres</productname> server uses one process
+    per connection so you should provide for at least as many processes
+    as allowed connections, in addition to what you need for the rest
+    of your system.  This is usually not a problem but if you run
+    several servers on one machine things might get tight.
   </para>
-  </sect2>
-<!--
+   <para>
- Other fun things to write about one day:
+    The factory default limit on open files is often set to
- * number of processes per user and system-wide (soft/hard limit)
+    <quote>socially friendly</quote> values that allow many users to
- * open files/inodes per user and system-wide (soft/hard limit)
+    coexist on a machine without using an inappropriate fraction of
-   (Think about this both ways: Increasing it to allow Postgres to
+    the system resources.  If you run many servers on a machine this
-   open more files, and decreasing it to prevent Postgres from taking
+    is perhaps what you want, but on dedicated servers you may want to
-   up all file descriptors.)
+    raise this limit.
- * stack and data segment size, plain-old memory limit
+   </para>
--> 
+  </sect2>
 </sect1>
@@ -1819,12 +1878,11 @@ set semsys:seminfo_semmsl=32
   can be started with the argument <option>-l</> (ell) to enable
   SSL connections. When starting in SSL mode, the postmaster will look
   for the files <filename>server.key</> and <filename>server.crt</> in
-   the data directory (pointed to by <envar>PGDATA</envar>).
+   the data directory.  These files should contain the server private key
-    These files should contain the server private key
   and certificate respectively. These files must be set up correctly
   before an SSL-enabled server can start. If the private key is protected
   with a passphrase, the postmaster will prompt for the passphrase and will
-   not start until it has been provided.
+   not start until it has been entered.
  </para>
  <para>
@@ -1843,25 +1901,25 @@ set semsys:seminfo_semmsl=32
   by a CA (either one of the global CAs or a local one) should be used in 
   production so the client can verify the servers identity. To create
   a quick self-signed certificate, use the following OpenSSL command:
-    <programlisting>
+<programlisting>
-     openssl req -new -text -out cert.req
+openssl req -new -text -out cert.req
-    </programlisting>
+</programlisting>
   Fill out the information that openssl asks for. Make sure that you enter
   the local host name as Common Name; the challenge password can be
   left blank. The script will generate a key that is passphrase protected;
   it will not accept a pass phrase that is less than four characters long.
   To remove the passphrase (as you must if you want automatic start-up of
   the postmaster), run the commands
-    <programlisting>
+<programlisting>
-     mv privkey.pem cert.pem.pw
+mv privkey.pem cert.pem.pw
-     openssl rsa -in cert.pem.pw -out cert.pem 
+openssl rsa -in cert.pem.pw -out cert.pem 
-    </programlisting>
+</programlisting>
   Enter the old passphrase to unlock the existing key. Now do
-    <programlisting>
+<programlisting>
-     openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
+openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
-     cp cert.pem $PGDATA/server.key
+cp cert.pem <replaceable>$PGDATA</replaceable>/server.key
-     cp cert.cert $PGDATA/server.crt
+cp cert.cert <replaceable>$PGDATA</replaceable>/server.crt
-    </programlisting>
+</programlisting>
   to turn the certificate into a self-signed certificate and to copy the
   key and certificate to where the postmaster will look for them.
  </para>