[PATCH] services: tor: Raise file descriptor ulimit.

OpenSubmitted by Tobias Geerinckx-Rice.
Details
2 participants
  • Ludovic Courtès
  • Tobias Geerinckx-Rice
Owner
unassigned
Severity
normal
T
T
Tobias Geerinckx-Rice wrote on 21 Oct 13:56 +0200
(address . guix-patches@gnu.org)
20211021115622.826-1-me@tobias.gr
* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n beforelaunching Tor.---
Guix,
I got a kind mail from an authorised Torperson[0] that one of my nodes was running low on efdees. Sure enough, it was the Guix one.
This patch does the job, but boy, would I like to know if there's a better way to do it.
Kind regards,
T G-R
[0]: Yes, I did bite their official-looking badge to make sure it wasn't just someone trying to ingratiate themselves with incompetent relay operators.
gnu/services/networking.scm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
Toggle diff (48 lines)diff --git a/gnu/services/networking.scm b/gnu/services/networking.scmindex e19add927d..13150cb98e 100644--- a/gnu/services/networking.scm+++ b/gnu/services/networking.scm@@ -948,34 +948,40 @@ (define (tor-shepherd-service config) (($ <tor-configuration> tor) (let ((torrc (tor-configuration->torrc config))) (with-imported-modules (source-module-closure '((gnu build shepherd) (gnu system file-systems))) (list (shepherd-service (provision '(tor)) ;; Tor needs at least one network interface to be up, hence the ;; dependency on 'loopback'. (requirement '(user-processes loopback syslogd)) (modules '((gnu build shepherd) (gnu system file-systems))) + ;; The file descriptor ulimit must be raised in the+ ;; environment from which the daemon is launched; see+ ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING+ ;; The exact number is somewhat arbitrary but taken from+ ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40 (start #~(make-forkexec-constructor/container (list #$(file-append bash "/bin/bash") "-c" (string-append "ulimit -n 32768; exec "- #$(file-append tor "/bin/tor") " -f " #$torrc))+ #$(file-append tor "/bin/tor")+ " -f " #$torrc)) #:log-file "/var/log/tor.log" #:mappings (list (file-system-mapping (source "/var/lib/tor") (target source) (writable? #t)) (file-system-mapping (source "/dev/log") ;for syslog (target source)) (file-system-mapping (source "/var/run/tor") (target source) (writable? #t))) #:pid-file "/var/run/tor/tor.pid")) (stop #~(make-kill-destructor))-- 2.33.0
T
T
Tobias Geerinckx-Rice wrote on 21 Oct 14:01 +0200
[PATCH v2] services: tor: Raise file descriptor ulimit.
(address . 51315@debbugs.gnu.org)
20211021120103.3891-1-me@tobias.gr
* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n beforelaunching Tor.---
♪ …one of these days I'll send the right bleedin' patch… ♪
gnu/services/networking.scm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)
Toggle diff (74 lines)diff --git a/gnu/services/networking.scm b/gnu/services/networking.scmindex 7e310b70ec..5a8852f262 100644--- a/gnu/services/networking.scm+++ b/gnu/services/networking.scm@@ -1,24 +1,24 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016, 2018, 2020 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 John Darrington <jmd@gnu.org> ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>-;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>+;;; Copyright © 2018, 2021 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com> ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net> ;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de> ;;; Copyright © 2019, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com> ;;; Copyright © 2019 Sou Bunnbu <iyzsong@member.fsf.org> ;;; Copyright © 2019 Alex Griffin <a@ajgrf.com> ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re> ;;; Copyright © 2021 Oleg Pykhalov <go.wigust@gmail.com> ;;; Copyright © 2021 Christine Lemmer-Webber <cwebber@dustycloud.org> ;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be> ;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net> ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it@@ -948,32 +948,40 @@ (define (tor-shepherd-service config) (($ <tor-configuration> tor) (let ((torrc (tor-configuration->torrc config))) (with-imported-modules (source-module-closure '((gnu build shepherd) (gnu system file-systems))) (list (shepherd-service (provision '(tor)) ;; Tor needs at least one network interface to be up, hence the ;; dependency on 'loopback'. (requirement '(user-processes loopback syslogd)) (modules '((gnu build shepherd) (gnu system file-systems))) + ;; The file descriptor ulimit must be raised in the+ ;; environment from which the daemon is launched; see+ ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING+ ;; The exact number is somewhat arbitrary but taken from+ ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40 (start #~(make-forkexec-constructor/container- (list #$(file-append tor "/bin/tor") "-f" #$torrc)+ (list #$(file-append bash "/bin/bash") "-c"+ (string-append "ulimit -n 32768; exec "+ #$(file-append tor "/bin/tor")+ " -f " #$torrc)) #:log-file "/var/log/tor.log" #:mappings (list (file-system-mapping (source "/var/lib/tor") (target source) (writable? #t)) (file-system-mapping (source "/dev/log") ;for syslog (target source)) (file-system-mapping (source "/var/run/tor") (target source) (writable? #t))) #:pid-file "/var/run/tor/tor.pid")) (stop #~(make-kill-destructor))-- 2.33.0
L
L
Ludovic Courtès wrote on 28 Oct 20:43 +0200
Re: bug#51315: [PATCH] services: tor: Raise file descriptor ulimit.
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 51315@debbugs.gnu.org)
878ryd56td.fsf_-_@gnu.org
Hello!
Tobias Geerinckx-Rice <me@tobias.gr> skribis:
Toggle quote (12 lines)> + ;; The file descriptor ulimit must be raised in the> + ;; environment from which the daemon is launched; see> + ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING> + ;; The exact number is somewhat arbitrary but taken from> + ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40> (start #~(make-forkexec-constructor/container> - (list #$(file-append tor "/bin/tor") "-f" #$torrc)> + (list #$(file-append bash "/bin/bash") "-c"> + (string-append "ulimit -n 32768; exec "> + #$(file-append tor "/bin/tor")> + " -f " #$torrc))
Instead of going through Bash, what about something like:
(lambda _ (let ((pid (fork+exec-command/container …))) (container-excursion* pid (lambda () (setrlimit 'nofile 32768 32768))) pid))
?
Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 51315@debbugs.gnu.org