ulimits, cgroups, and Resource Limits

Why Limits Fail in Production

• Unbounded file descriptors → accept() fails, client timeouts.
• Memory growth → OOM killer loops, cascading restarts.
• CPU contention → latency spikes, brownouts.

ulimits: Inspect and Set

ulimit -a
cat /proc/<PID>/limits | sed -n '1,25p'

systemd Resource Controls

# /etc/systemd/system/myservice.service.d/limits.conf
[Service]
LimitNOFILE=65535
MemoryMax=1G
CPUQuota=200%

cgroups: Quick Checks

systemctl show myservice -p MemoryCurrent -p MemoryMax -p CPUUsageNSec
cat /sys/fs/cgroup/memory.current 2>/dev/null || true

OOM Troubleshooting (Runbook)

• Confirm OOM events and victim process.
• Reduce concurrency / requests temporarily.
• Raise limits only with justification and monitoring.

dmesg -T | grep -i oom | tail -50
journalctl -k --since '-2h' | grep -i 'Out of memory' | tail

Failure Modes

• Limit too low: frequent restarts; increase with guardrails.
• Limit too high: host pressure; noisy neighbor impact.
• No limit: unpredictable incidents; set defaults per service class.