SAPTechno

Note 1771258 - Linux: User and system resource limits

Header
Version / Date 3 / 2013-08-07
Priority Recommendations/additional info
Category Installation information
Primary Component BC-OP-LNX Linux
Secondary Components

Summary
Symptom
  • SAP system may stop when OS resource limits (e.g. file handles, allowed memory) have been reached.
  • You may want to manually configure the stack size, number of file handles, enable core dumps or set other OS limits for your SAP system.
  • SAP processes like disp+work which were started through the SAPHostAgent and sapstartsrv service do not utilize resource limits which were configured in /etc/security/limits.conf

Other terms

Linux, operating system limits, OS limits, process resource limits, ulimit, limit, core file, limits.conf, SAPHostAgent, file descriptors, stack size, environment variables, SAPHOSTAGENT, sapstartsrv

Reason and Prerequisites

To ensure stable operation of SAP applications on the Linux operating system it is necessary that process resource limits are properly configured.

Solution

Configuration on Linux systems can be done by editing the contents of the file /etc/security/limits.conf or (on newer Linux distributions) by adding a new file in the directory /etc/security/limits.d/.
For details please read the manpage by running "man limits.conf" on your system.

These configuration files configure system-wide settings for specific users and groups.
When logging in as a specific user or by using the webservices of SAPHostAgent, those values will get automatically active through the Linux PAM authorization framework.

Recommended values by SAP in /etc/security/limits.conf or in a file in the /etc/security/limits.d directory:
@sapsys - nofile 32800
@dba    - nofile 32800

Note: The "@" sign matches a group. If you want to change specific users, e.g. sidadm, you simply write "sidadm - nofile 65535".

Modifications to the limit files require a logout for the setting to take effect for newly started programs.
After re-login you may run the following command to check your current resource limits:
bash -c "ulimit -a"

SAPHostagent, sapstartsrv and process resource limits

Most important: Please update at least to SAP Kernel 720 PL 400, which is the first version which uses the PAM authentication framework and parses the limits.conf configuration files while starting SAP systems. Earlier SAP kernel versions and patchlevels were started with the default Linux resource limits as they were provided to the root-user during bootup. A manual modification to those initial limits is not possible.

According to SAP note 1437105 you may globally configure the datasize, number of file descriptors and stacksize in the /usr/sap/sapservices configuration file.
Values in the /etc/security/limits.conf file will take precedence over values from the /usr/sap/sapservices file.

SAP recommendations with regard to resource limits and environment variables

In order to provide a stable framework in which SAP systems may be either started on the shell, via webservice or in HA scenario, the following recommendations ensure that all settings will get active in all scenarios:

  • Resource limits:
    • Upgrade to SAP Kernel 720 PL 400 or higher.
    • resource limits should be defined in the Linux specific configuration files only, either in a new file in /etc/security/limits.d/ or in /etc/security/limits.conf.
    • It's possible to define initial values for the datasize, number of filedescriptors and the stacksize in the /usr/sap/sapservices file as a global setting for all users and groups. Nevertheless this is not recommended here, since those values will be overwritten by the limits defined in the /etc/security/limits.conf file.
    • Do not add resource limits in shell init files like .bashrc, .kshrc or .cshrc. Only SAP systems started on on a command shell would benefit from those settings.
  • Environment variables:
    • Allways add environment variables to the .cshrc and .bashrc init script files of the specific user.

Affected Releases
Software Component Release From Release To Release And subsequent
KRNL32NUC7.107.207.20
KRNL32NUC7.20EXT7.20EXT7.20EXT
KRNL32NUC7.217.217.21
KRNL32NUC7.21EXT7.21EXT7.21EXT
KRNL32UC7.107.207.20
KRNL32UC7.20EXT7.20EXT7.20EXT
KRNL32UC7.217.217.21
KRNL32UC7.21EXT7.21EXT7.21EXT
KRNL64NUC7.107.207.20
KRNL64NUC7.20EXT7.20EXT7.20EXT
KRNL64NUC7.217.217.21
KRNL64NUC7.21EXT7.21EXT7.21EXT
KRNL64NUC7.387.387.38
KRNL64NUC7.407.407.40
KRNL64UC7.107.207.20
KRNL64UC7.20EXT7.20EXT7.20EXT
KRNL64UC7.217.217.21
KRNL64UC7.21EXT7.21EXT7.21EXT
KRNL64UC7.387.387.38
KRNL64UC7.407.407.40
KERNEL727.207.21X
KERNEL7.387.387.38X
KERNEL7.407.407.40X

Related Notes
1437105Operating system limits for SAP instances
1301712
1163337Generating core dumps on Linux
171356SAP software on Linux: General information