This time is going to be a Linux tip, that it could be useful.
It can happen you want to limit the amount of memory a Linux service can utilize, to be precise its maximum memory.
For instance, here we are assuming we want the nginx HTTP proxy and web server to not occupy more than 1024 MB or 1 GB. It is just an example, you can limit it to 2 GB if you want. Anyway how can we do that?
We can simply add a specific option in the service script and reload systemd along with nginx.
First of all we are going to show the default maximum memory nginx can use, of course if available in the system:
cat /sys/fs/cgroup/memory/system.slice/nginx.service/memory.limit_in_bytes
9223372036854771712
As you can see the value (in bytes) is basically like unlimited, so we need to reduce it drastically, to 1 GB as mentioned.
Now with the command below, we can create the backup file /lib/systemd/system/nginx.service.org, and insert the line option MemoryMax=1G just after [Service].
sed -i.org ‘/^\[Service\]/a MemoryMax=1G’ “/lib/systemd/system/nginx.service”
Then we need to reload the systemd daemon and restart the service
systemctl daemon-reload && systemctl restart nginx
And then we can verify the new value:
# cat /sys/fs/cgroup/memory/system.slice/nginx.service/memory.limit_in_bytes
1073741824
If we choose a memory value very low or if our process goes out of memory it will be killed by the kernel as in this log example:
— Unit nginx.service has begun starting up.
Aug 03 12:45:58 nabuchadnezzar8 kernel: nginx invoked oom-killer: gfp_mask=0x14000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0
Aug 03 12:45:58 nabuchadnezzar8 kernel: nginx cpuset=/ mems_allowed=0
Aug 03 12:45:58 nabuchadnezzar8 kernel: CPU: 2 PID: 9015 Comm: nginx Tainted: G OE 4.15.0-20-generic #21-Ubuntu
Aug 03 12:45:58 nabuchadnezzar8 kernel: Hardware name: Dell Inc. Latitude E7240/05PTPV, BIOS A21 05/08/2017
Aug 03 12:45:58 nabuchadnezzar8 kernel: Call Trace:
Aug 03 12:45:58 nabuchadnezzar8 kernel: dump_stack+0x63/0x8b
Aug 03 12:45:58 nabuchadnezzar8 kernel: dump_header+0x71/0x285
Aug 03 12:45:58 nabuchadnezzar8 kernel: oom_kill_process+0x220/0x440
Aug 03 12:45:58 nabuchadnezzar8 kernel: out_of_memory+0x2d1/0x4f0
Aug 03 12:45:58 nabuchadnezzar8 kernel: mem_cgroup_out_of_memory+0x4b/0x80
Aug 03 12:45:58 nabuchadnezzar8 kernel: mem_cgroup_oom_synchronize+0x2e8/0x320
Aug 03 12:45:58 nabuchadnezzar8 kernel: ? mem_cgroup_css_online+0x40/0x40
Aug 03 12:45:58 nabuchadnezzar8 kernel: pagefault_out_of_memory+0x36/0x7b
Aug 03 12:45:58 nabuchadnezzar8 kernel: mm_fault_error+0x90/0x180
Aug 03 12:45:58 nabuchadnezzar8 kernel: __do_page_fault+0x4a5/0x4d0
Aug 03 12:45:58 nabuchadnezzar8 kernel: do_page_fault+0x2e/0xe0
Aug 03 12:45:58 nabuchadnezzar8 kernel: ? page_fault+0x2f/0x50
Aug 03 12:45:58 nabuchadnezzar8 kernel: page_fault+0x45/0x50
Aug 03 12:45:58 nabuchadnezzar8 kernel: RIP: 0033:0x7f8ccf1a92c2
Aug 03 12:45:58 nabuchadnezzar8 kernel: RSP: 002b:00007ffffd66e530 EFLAGS: 00010206
Aug 03 12:45:58 nabuchadnezzar8 kernel: RAX: 00007f8ccc75ad18 RBX: 000055592b93ee50 RCX: 000000009fd0d5d6
Aug 03 12:45:58 nabuchadnezzar8 kernel: RDX: 0044000020800801 RSI: 00000000000000c5 RDI: 000000009fd0d5d6
Aug 03 12:45:58 nabuchadnezzar8 kernel: RBP: 0000000000000004 R08: 00007f8ccc75e610 R09: 000055592b93e2c8
Aug 03 12:45:58 nabuchadnezzar8 kernel: R10: 0000000000000018 R11: 0000000000000000 R12: 000055592b931858
Aug 03 12:45:58 nabuchadnezzar8 kernel: R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Aug 03 12:45:58 nabuchadnezzar8 kernel: Task in /system.slice/nginx.service killed as a result of limit of /system.slice/nginx.service
Aug 03 12:45:58 nabuchadnezzar8 kernel: memory: usage 488kB, limit 488kB, failcnt 1824
Aug 03 12:45:58 nabuchadnezzar8 kernel: memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
Aug 03 12:45:58 nabuchadnezzar8 kernel: kmem: usage 356kB, limit 9007199254740988kB, failcnt 0
Aug 03 12:45:58 nabuchadnezzar8 kernel: Memory cgroup stats for /system.slice/nginx.service: cache:0KB rss:132KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeba
Aug 03 12:45:58 nabuchadnezzar8 kernel: [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name
Aug 03 12:45:58 nabuchadnezzar8 kernel: [ 9015] 0 9015 20645 1461 192512 218 0 nginx
Aug 03 12:45:58 nabuchadnezzar8 kernel: Memory cgroup out of memory: Kill process 9015 (nginx) score 0 or sacrifice child
Aug 03 12:45:58 nabuchadnezzar8 kernel: Killed process 9015 (nginx) total-vm:82580kB, anon-rss:0kB, file-rss:5844kB, shmem-rss:0kB
lines 1257-1292/1306 99%
For a list of systemd resource control directives you can visit the relative official documentation.