Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1thz4f-009Zl6-9M
	for pgsql-hackers@arkaria.postgresql.org; Tue, 11 Feb 2025 22:49:49 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1thz3f-001YTP-8v
	for pgsql-hackers@arkaria.postgresql.org; Tue, 11 Feb 2025 22:48:47 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tomas@vondra.me>)
	id 1thz3e-001YTH-VI
	for pgsql-hackers@lists.postgresql.org; Tue, 11 Feb 2025 22:48:47 +0000
Received: from relay5-d.mail.gandi.net ([2001:4b98:dc4:8::225])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tomas@vondra.me>)
	id 1thz3c-000IpF-31
	for pgsql-hackers@postgresql.org;
	Tue, 11 Feb 2025 22:48:46 +0000
Received: by mail.gandi.net (Postfix) with ESMTPSA id 675DA4326B;
	Tue, 11 Feb 2025 22:48:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vondra.me; s=gm1;
	t=1739314121;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Lc4s6F+/L8ln07OV+dlXVPpDRog3h+ydcAcMu692oZs=;
	b=abgvwntqLA3uVq0m/obNmeUJYXuWzFyHKC9wYWqDcvY8O3jUM0kat8dX9lNJhYeLugwX6g
	e01cFOyN3h6JdhsF0BIWL0TzDtMV9Fuwx+w6kGNzlDX76rOznJSGMdceUUQscYBOA88u3L
	Vnhs3cL1LHr6uh7RXqKMaxWpIMhVZSriVuJWPdAiVUE1bzZUlVokgqCG9q7AUbHcbCJpI5
	TsBOwv+npWsphGLHEOMnxbsohaYkb7GGZn6ESoVdsEM3vosy+iFUxHMaP9HE0dzl1d3zjl
	bLUNM5bCqsZnbconHeT0EEa49WASJa23P4K26XX6xDj0eVcSH1EfPt0wvHTtTw==
Message-ID: <c2b5298f-93f3-4b25-a7d5-13e209f4e7b5@vondra.me>
Date: Tue, 11 Feb 2025 23:48:38 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Bump soft open file limit (RLIMIT_NOFILE) to hard limit on
 startup
To: Andres Freund <andres@anarazel.de>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Jelte Fennema-Nio <postgres@jeltef.nl>,
 PostgreSQL-development <pgsql-hackers@postgresql.org>
References: <CAGECzQQh6VSy3KG4pN1d=h9J=D1rStFCMR+t7yh_Kwj-g87aLQ@mail.gmail.com>
 <3203865.1739301613@sss.pgh.pa.us>
 <94798ef1-0f13-416a-983a-88447e434a7f@vondra.me>
 <7u7dbn6s2i6bf3hjzkbqaexj2bpoblqxwbkffbetl4rjv6dcom@s2uickjc5z53>
Content-Language: en-US
From: Tomas Vondra <tomas@vondra.me>
In-Reply-To: <7u7dbn6s2i6bf3hjzkbqaexj2bpoblqxwbkffbetl4rjv6dcom@s2uickjc5z53>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-GND-State: clean
X-GND-Score: -100
X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdegvddvgecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfitefpfffkpdcuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkfffgggfuffvvehfhfgjtgfgsehtjeertddtvdejnecuhfhrohhmpefvohhmrghsucggohhnughrrgcuoehtohhmrghssehvohhnughrrgdrmhgvqeenucggtffrrghtthgvrhhnpedtffekgfeuteduueeifffftefhjedtvdffhfdtleelgeejveelveefjeeiteffgeenucffohhmrghinhepuggvsghirghnrdhnvghtnecukfhppeekiedrgeelrddvfeeirdduleefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepkeeirdegledrvdefiedrudelfedphhgvlhhopegluddtrddufeejrddtrddvngdpmhgrihhlfhhrohhmpehtohhmrghssehvohhnughrrgdrmhgvpdhnsggprhgtphhtthhopeegpdhrtghpthhtoheprghnughrvghssegrnhgrrhgriigvlhdruggvpdhrtghpthhtohepthhglhesshhsshdrphhghhdrphgrrdhushdprhgtphhtthhopehpohhsthhgrhgvshesjhgvlhhtvghfrdhnlhdprhgtphhtthhopehpghhsqhhlqdhhrggtkhgvrhhssehpohhsthhgrhgvshhqlhdrohhrgh
X-GND-Sasl: tomas@vondra.me
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/c2b5298f-93f3-4b25-a7d5-13e209f4e7b5%40vondra.me>
Precedence: bulk



On 2/11/25 22:14, Andres Freund wrote:
> Hi,
> 
> On 2025-02-11 21:04:25 +0100, Tomas Vondra wrote:
>> I agree the defaults may be pretty low for current systems, but do we
>> want to get into the business of picking a value and overriding whatever
>> value is set by the sysadmin? I don't think a high hard limit should be
>> seen as an implicit permission to just set is as the soft limit.
> 
> As documented in the links sent by Jelte, that's *explicitly* the reasoning
> for the difference between default soft and hard limits. For safety programs
> should opt in into using higher FD limits, rather than being opted into it.
> 

OK, I guess I was mistaken in how I understood the hard/soft limits.

> 
>> Imagine you're a sysadmin / DBA who picks a low soft limit (for whatever
>> reason - there may be other stuff running on the system, ...). And then
>> postgres starts and just feels like bumping the soft limit. Sure, the
>> sysadmin can lower the hard limit and then we'll respect that, but I don't
>> recall any other tool requiring this approach, and it would definitely be
>> quite surprising to me.
> 
> https://codesearch.debian.net/search?q=setrlimit&literal=1
> 
> In a quick skim I found that at least gimp, openjdk, libreoffice, gcc, samba,
> dbus increase the soft limit to something closer to the hard limit. And that
> was at page 62 out of 1269.
> 

Ack

> 
> 
>> I did run into bottlenecks due to "too few file descriptors" during a
>> recent experiments with partitioning, which made it pretty trivial to
>> get into a situation when we start trashing the VfdCache. I have a
>> half-written draft of a blog post about that somewhere.
>>
>> But my conclusion was that it's damn difficult to even realize that's
>> happening, especially if you don't have access to the OS / perf, etc. So my
>> takeaway was we should improve that first, so that people have a chance to
>> realize they have this issue, and can do the tuning. The improvements I
>> thought about were:
> 
> Hm, that seems something orthogonal to me. I'm on board with that suggestion,
> but I don't see why that should stop us from having code to adjust the rlimit.
> 

Right, it is somewhat orthogonal.

I was mentioning that mostly in the context of tuning the parameters we
already have (because how would you know you you have this problem /
what would be a good value to set). I'm not demanding that we do nothing
until the monitoring bits get implemented, but being able to monitor
this seems pretty useful even if we adjust the soft limit based on some
heuristic.

> 
> My suggestion would be to redefine max_files_per_process as the number of
> files we try to be able to open in backends. I.e. set_max_safe_fds() would
> first count the number of already open fds (since those will largely be
> inherited by child processes) and then check if we can open up to
> max_files_per_process files in addition. Adjusting the RLIMIT_NOFILE if
> necessary.
> 
> That way we don't increase the number of FDs we use in the default
> configuration drastically, but increasing the number only requires a config
> change, it doesn't require also figuring out how to increase the settings in
> whatever starts postgres. Which, e.g. in cloud environments, typically won't
> be possible.
> 

Seems reasonable, +1 to this. But that just makes the monitoring bits
more important, because how would you know you need to increase the GUC?


regards

-- 
Tomas Vondra