BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced
When memmax is forced using "-m", the per-process memory limit is enforced
using setrlimit(), but this value is not used to compute the automatic
maxconn limit. In addition, the per-process memory limit didn't consider
the fact that the shared SSL cache only needs to be accounted once.
The doc was also fixed to clearly state that "-m" is global and not per
process. It makes sense because people who use -m want to protect the
system's resources regardless of whatever appears in the configuration.
diff --git a/src/haproxy.c b/src/haproxy.c
index 5cd3379..21a5e12 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -581,7 +581,7 @@
#ifdef HAPROXY_MEMMAX
- global.rlimit_memmax = HAPROXY_MEMMAX;
+ global.rlimit_memmax_all = HAPROXY_MEMMAX;
#endif
tv_update_date(-1,-1);
@@ -729,7 +729,7 @@
switch (*flag) {
case 'C' : change_dir = *argv; break;
case 'n' : cfg_maxconn = atol(*argv); break;
- case 'm' : global.rlimit_memmax = atol(*argv); break;
+ case 'm' : global.rlimit_memmax_all = atol(*argv); break;
case 'N' : cfg_maxpconn = atol(*argv); break;
case 'L' : strncpy(localpeer, *argv, sizeof(localpeer) - 1); break;
case 'f' :
@@ -794,6 +794,22 @@
exit(1);
}
+ /* recompute the amount of per-process memory depending on nbproc and
+ * the shared SSL cache size (allowed to exist in all processes).
+ */
+ if (global.rlimit_memmax_all) {
+#if defined (USE_OPENSSL) && !defined(USE_PRIVATE_CACHE)
+ int64_t ssl_cache_bytes = global.tune.sslcachesize * 200LL;
+
+ global.rlimit_memmax =
+ ((((int64_t)global.rlimit_memmax_all * 1048576LL) -
+ ssl_cache_bytes) / global.nbproc +
+ ssl_cache_bytes + 1048575LL) / 1048576LL;
+#else
+ global.rlimit_memmax = global.rlimit_memmax_all / global.nbproc;
+#endif
+ }
+
#ifdef CONFIG_HAP_NS
err_code |= netns_init();
if (err_code & (ERR_ABORT|ERR_FATAL)) {
@@ -1645,7 +1661,7 @@
if (global.rlimit_memmax) {
limit.rlim_cur = limit.rlim_max =
- global.rlimit_memmax * 1048576ULL / global.nbproc;
+ global.rlimit_memmax * 1048576ULL;
#ifdef RLIMIT_AS
if (setrlimit(RLIMIT_AS, &limit) == -1) {
Warning("[%s.main()] Cannot fix MEM limit to %d megs.\n",