Currently, our /etc/security/limits.conf has the following entry:
smuser - nofile 8192
However, when we see how many file descriptors the policy server is using (using the 'smpolicysrv -stats' command),
we see the following:
Server 'Stats' command received[6776/139631865247488][Fri Mar 22 2019 15:30:01][CServer.cpp:4840][INFO][sm-Server-01990] ===================================================================================[6776/139631865247488][Fri Mar 22 2019 15:30:01][CServer.cpp:4841][INFO][sm-Server-02000] System Statistics[6776/139631865247488][Fri Mar 22 2019 15:30:01][CServer.cpp:4847][INFO][sm-Server-02010] Available file descriptors: 4096
The policy server reports 4096 and not 8192
This is happening in Red Hat 7 with policy server R12.8SP2.
In Red Hat 6 with policy server 12.6, we did not see this behavior. We would see the full usage of 8192.
Has anyone seen this behavior? Any ideas?
Does your smuser have anything in the profile which might be overriding the /etc/security/limits.conf?
The problem was that in Red Hat 7, in the /etc/systemd/system policy server .service file, you have to add the following line under [Service]
Then subsequently run the 'systemctl daemon-reload'
Otherwise, the policy server does not pick up the right available file descriptors from the OS and defaults to an insufficient value.
I don't think so. This started as a barebones Red Hat 7 box with the added new R12.8SP02 Policy Server. Not sure where a value would supersede the one in the limits.conf file. If I do the 'ulimit -n' command as smuser, I see the correct 8192 value.