Dear Gert, thx. We also studied the situation from point of view of usage of resources. We beliefe, not to have run into a real resource problem, since we are far away fromthe different max-values, such as eg. max open files, max file-descriptor, max i-nodes per partition. We still can not imagine, why we saw "TOO MAN Y OPEN..." and what was the root cause.
Anyway, pls find below the result of "$ ulimit -a" of that machine 3 OpenVpn Processes are running on, whereas there is no "nofile" -line to find: - 172-16-128-100 ~]$ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 29678 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 655350 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 1024 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited Normally, this value might be read out by using: less /proc/sys/fs/file-max 1527073 # Defintion of max open files less /proc/sys/fs/file-nr 3680 0 1527073 # Read out value of current situation We are unsure, if a file would be locked and O-VPN would try to write to it, whether in this situation we also would see as well " TOO MAN Y OPEN..." ??? regards Arno From: Gert Doering <g...@greenie.muc.de> To: arno.oderm...@ch.schindler.com, Cc: Gert Doering <g...@greenie.muc.de>, Eric Crist <ecr...@secure-computing.net>, Jan Just Keijser <janj...@nikhef.nl>, openvpn-devel@lists.sourceforge.net List-Post: openvpn-devel@lists.sourceforge.net Date: 24.07.2014 20:13 Subject: Re: [Openvpn-devel] Openvpn 2.3.2: "Could not create temporary file" ....Too many open files Hi, On Thu, Jul 24, 2014 at 05:22:37PM +0200, arno.oderm...@ch.schindler.com wrote: > I did the first part: > > NO, we are not using any Plugins, only client -connects scripts Mmmh, ok. > lsof -n | wc -l 4405 That doesn't tell much, except "the total number of open files in the system is 4405". > lsof -p 25211 > openvpn1.txt > lsof -p 25232 > openvpn2.txt > lsof -p 25252 > openvpn3.txt > > It looks like, we got much more then just some lines: > > openvpn3.txt openvpn2.txt openvpn1.txt If you look at the files (in attachment), you'll see that the large bulk of it is "TCP" - so your openvpn processes are using up the amount of file descriptors the system is willing to give them for TCP connects, as every TCP client needs to have it's own socket. If you run "ulimit -a" from the same environment where you start the OpenVPN processes, you'll see a line that looks like this: $ ulimit -a ... nofile (-n) 1024 that's the maximum number of file descriptors - subtract some 20-odd, and you have ~1000 left for about 1000 clients. $ ulimit -n 2000 can usually be used to raise that limit to 2000 (if run as root, in the same shell that starts openvpn later)... I'm not a Fedora expert, so maybe they have some other limitations, or ways to control the limits. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de [attachment "attpc7ko.dat" deleted by Arno Odermatt/R&D/SCH/SCHINDLER] ****************************************************** Notice: The information contained in this message is intended only for use of the individual(s) named above and may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this message you are hereby notified that you must not use, disseminate , copy it in any form or take any action in reliance of it. If you have received this message in error please delete it and any copies of it and notify the sender immediately. *******************************************************
