一个logstash引发的连环案,关于logstash提示:Reached open files limit: 4095, set by the 'max_open_files' op
Posted leocorn
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了一个logstash引发的连环案,关于logstash提示:Reached open files limit: 4095, set by the 'max_open_files' op相关的知识,希望对你有一定的参考价值。
不多说,直接上问题。版本logstash-2.4.0,启动后提示错误:
!!! Please upgrade your java version, the current version \'1.7.0_45-mockbuild_2013_10_22_03_37-b00\' may cause problems. We recommend a minimum version of 1.7.0_51 {:timestamp=>"2018-11-02T17:46:20.823000+0800", :message=>"Pipeline main started"} !!! Please upgrade your java version, the current version \'1.7.0_45-mockbuild_2013_10_22_03_37-b00\' may cause problems. We recommend a minimum version of 1.7.0_51 {:timestamp=>"2018-11-02T17:46:25.727000+0800", :message=>"Pipeline main started"} {:timestamp=>"2018-11-02T17:47:10.274000+0800", :message=>"Reached open files limit: 4095, set by the \'max_open_files\' option or default, files yet to open: 375248", :level=>:warn} {:timestamp=>"2018-11-02T17:47:15.429000+0800", :message=>"Reached open files limit: 4095, set by the \'max_open_files\' option or default, files yet to open: 375248", :level=>:warn} {:timestamp=>"2018-11-02T17:47:39.819000+0800", :message=>"Reached open files limit: 4095, set by the \'max_open_files\' option or default, files yet to open: 375248", :level=>:warn}
先说一下项目环境,由于项目需要,申请了8台主机,1台web应用主机(app),3台项目服务器负载均衡、每台搭载logstash处理操作日志(后面用gate1、gate2、gate3、gate4),3台日志存储服务器(es、redis集群,用es1、es2、es3代替)。
因为项目服务器上的大量操作日志,需要通过logstash进行处理送入es,看到这个问题就想到修改limit文件,于是对各个集群主机进行limit配置文件不断的配置,重启logstash,问题依旧存在。记录一下解决问题过程中遇到的各种坑。
#血案一
根据logstash抛出的问题,首先想到修改配置,初次了解logstash,应该修改哪些主机的配置呢,首先ulimit -a看了一下搭载logstash的负载均衡服务器,发现配置都已经修改过,并且配置到最大
[linkage@dandianwg-gate3 bin]$ ulimit -a core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 193095 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 65535 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) unlimited cpu time (seconds, -t) unlimited max user processes (-u) 65535 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
#很明显抛出错误的不是logstash主机,那么查看es集群的3台主机,果然配置很低
[linkage@dandianwg-es1 ~]$ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 128456 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 1024 cpu time (seconds, -t) unlimited max user processes (-u) 1024 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
#开始对es集群的主机进行修改配置vi /etc/security/limits.conf 、vi /etc/security/limits.d/90-nproc.conf,把各项指标都调到65535
[root@dandianwg-es1 ~]$ vi /etc/security/limits.conf # End of file * soft nproc 65535 * hard nproc 65535 * soft nofile 65535 * hard nofile 65535 [root@dandianwg-es1 ~]$ [root@dandianwg-es1 ~]$vi /etc/security/limits.d/90-nproc.conf # Default limit for number of user\'s processes to prevent # accidental fork bombs. # See rhbz #432903 for reasoning. * soft nproc 65535 root soft nproc 65535
#血案二
root用户登录es集群主机ulimit -a查看配置生效,切换到普通查看配置生效居然没生效,open files依然1024(这个问题让人摸不着头脑,各种配置调试、百度,偶然发现一篇文章提到和ssh有关)
中途请教了一个大师,将文件/etc/security/limits.d/90-nproc.conf中的配置全部配成unlimited,结果不可预料的事情发生了(root没有登录权限了,普通用户可以登录并且无法切换到root,最后请网络管理部门通过单用户模式进入还原了配置,单用户模式我也不懂,类似windows的虚拟机吧)。
[linkage@dandianwg-es1 ~]$ cat /etc/security/limits.d/90-nproc.conf # Default limit for number of user\'s processes to prevent # accidental fork bombs. # See rhbz #432903 for reasoning. * soft nproc unlimited root soft nproc unlimited
#首先查看了一番当前系统环境,发现ssl、ssh版本都很低,于是开始升级ssh(由于es集群3个主机系统都是克隆安装,所以3个主机系统一模一样)
[linkage@dandianwg-app bin]$ ssh -V OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 [linkage@dandianwg-app bin]$ openssl version -a OpenSSL 1.0.1s 1 Mar 2016 built on: Wed Aug 17 15:42:37 2016 platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/usr/local/ssl"
#将zlib、ssl、ssh都升级了一遍,重启服务(版本分别升级到zlib-1.2.11、openssl-1.0.2p、openssh-7.9p1,升级步骤不说了,网上一大堆)
以下是升级脚本:
tar -xvf openssh-7.9p1.tar.gz tar -xvf openssl-1.0.2p.tar.gz tar -xvf zlib-1.2.11.tar.gz cd /export/home/tools/zlib-1.2.11 ./configure --prefix=/usr make -j4 && make install cd /export/home/tools/openssl-1.0.2p ./config --prefix=/usr --shared zlib make -j4 && make install cd /export/home/tools/openssh-7.9
./configure --prefix=/usr --with-pam --with-zlib --with-md5-passwords --without-openssl-header-check
make && make install sed -i \'s/SSHD=\\/usr\\/local\\/sbin\\/sshd/SSHD=\\/usr\\/sbin\\/sshd/g\' /etc/init.d/sshd service sshd restart
#第三坑 由于是源码安装,安装成功之后查看版本也正常,(不管普通用户还是root,通通没有登录权限)
[linkage@dandianwg-gate2 bin]$ ssh 192.168.54.17 The authenticity of host \'192.168.54.17 (192.168.54.17)\' can\'t be established. RSA key fingerprint is b8:f3:61:35:51:2e:34:22:d5:b4:96:b9:e9:a4:cc:f5. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added \'192.168.54.17\' (RSA) to the list of known hosts. linkage@192.168.54.17\'s password: Permission denied, please try again. linkage@192.168.54.17\'s password: Permission denied, please try again. linkage@192.168.54.17\'s password: Permission denied (publickey,password,keyboard-interactive).
解决方案:导致问题的原因是由于安装新版ssh时指定了新目录--prefix=/usr,/etc/init.d/sshd的配置文件(这里只需要覆盖安装,并且不需要修改/etc/init.d/sshd就正常了)
./configure --prefix=/usr --with-pam --with-zlib --with-md5-passwords --without-openssl-header-check
cd /export/home/tools/openssh-7.9 ./configure --prefix=/usr --with-pam --with-zlib --with-md5-passwords --without-openssl-header-check make && make install sed -i \'s/SSHD=\\/usr\\/local\\/sbin\\/sshd/SSHD=\\/usr\\/sbin\\/sshd/g\' /etc/init.d/sshd service sshd restart 修改脚本如下: cd /export/home/tools/openssh-7.9 ./configure --with-ssl-dir=/usr/local/ssl --with-openssl-includes=/usr/local/ssl/include/openssl --with-openssl-libraries=/usr/local/ssl/lib make && make install //将之前安装替换的配置还原 sed -i \'s/SSHD=\\/usr\\/sbin\\/sshd/SSHD=\\/usr\\/local\\/sbin\\/sshd/g\' /etc/init.d/sshd service sshd restart
#ssh升级后,通过普通用户和root登录测试,发现open files生效,(经过一些列的波折,搞定了修改open files普通用户不生效的问题)
#回到正题,解决logstash抛异常的问题,其实经过上面的填坑已经把这个异常的问题解决了,为什么logstash还在抛open files的异常???
原因分析:我们知道logstash可以根据业务需要配置多进程,我这里就配置了两个进程文件,一个用于文件入库es(logstash.conf),一个用于日志审计(tcp.conf,在app主机(其中一台web服务器)上有一个tcp协议接口单独处理文件的程序。
所以上面我们经过一系列的填坑,把es集群的ulimit 配置搞定了,其实真正的异常则是从app主机上抛出来的,只需要将app主机上的limit配置最大化。
经过以上的填坑,收获颇多,对linux和logstash都有了进一步的了解,一个研发在运维上的经验分享(本人是linux盲人,欢迎大神指评)。
2019-03-22记录:在几个月前经过以上一系列问题处理,现在依然出现logstash的报错Reached open files limit: 4095, set by the \'max_open_files\' option or default
现补充最终解决方案,logstash处理文件目录下,堆积大量文件,删除之后搞定.
以上是关于一个logstash引发的连环案,关于logstash提示:Reached open files limit: 4095, set by the 'max_open_files' op的主要内容,如果未能解决你的问题,请参考以下文章