I'm trying to increase the open file descriptors limit for a transient scope (enable_e0d20b64-6e48-4e38-a718-6ae53745eddb.scope), but I'm not able to.
Here's the hierarchy of the slice and scope units:
├─azure.slice
│ ├─waagent.service
│ │ ├─18305 /usr/bin/python -u /usr/sbin/waagent -daemon
│ │ ├─27946 python -u bin/WALinuxAgent-2.9.0.4-py2.7.egg -run-exthandlers
│ │ ├─28127 /bin/bash /var/lib/waagent/Microsoft.ManagedServices.ApplicationHealthLinux-1.0.5/bin/applicationhealth-shim enable
│ │ ├─28129 tee -ia /var/log/azure/applicationhealth-extension/handler.log
│ │ └─28144 /var/lib/waagent/Microsoft.ManagedServices.ApplicationHealthLinux-1.0.5/bin/applicationhealth-extension enable
│ └─azure-vmextensions.slice
│ └─azure-vmextensions-Microsoft.Azure.Monitoring.DependencyAgent.DependencyAgentLinux_9.10.13.19190.slice
│ └─enable_e0d20b64-6e48-4e38-a718-6ae53745eddb.scope
│ ├─18431 /bin/sh /opt/microsoft/dependency-agent/bin/microsoft-dependency-agent-manager
│ └─18515 /opt/microsoft/dependency-agent/bin/microsoft-dependency-agent
I have tried adding an override at 'azure.slice', but it doesn't look slices support the LimitNOFILE directive.
$ systemctl cat azure.slice
# /usr/lib/systemd/system/azure.slice
[Unit]
Description=Slice for Azure VM Agent and Extensions
DefaultDependencies=no
Before=slices.target
# /etc/systemd/system/azure.slice.d/override.conf
[Slice]
LimitNOFILE=4096
Error
Jan 04 17:14:48 mq01.####.onmicrosoft.com systemd[1]: [/etc/systemd/system/azure.slice.d/override.conf:2] Unknown lvalue 'LimitNOFILE' in section 'Slice'
systemctl cat azure.slice
# /usr/lib/systemd/system/azure.slice
[Unit]
Description=Slice for Azure VM Agent and Extensions
DefaultDependencies=no
Before=slices.target
# /etc/systemd/system/azure.slice.d/override.conf
[Service]
LimitNOFILE=4096
Error
Jan 04 17:23:03 mq01.####.onmicrosoft.com systemd[1]: [/etc/systemd/system/azure.slice.d/override.conf:1] Unknown section 'Service'. Ignoring.
systemd.resource-control doesn't show anything that would be applicable to what I need.
Open file limits are a per-process rlimit, not a cgroup option, so they cannot be set at slice level.
Unlike transient services, a transient scope is usually created with existing processes (i.e. ones that were spawned directly by some other service or app), so you should instead raise LimitNOFILE= on the parent – which I'm assuming is waagent.service – and the new limit will be inherited by all of its child processes, regardless of their later placement in the cgroup tree.