Layer7 API Gateway: How to increase the maximum file open limit when receiving a "Too many open files"

book

Article ID: 42893

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

Transactions may fail to process and you will notice an error of  "Too many open files" in the API Gateway log. 

Cause

The current maximum file open limit has been reached in the operating system. This typically means the usage of the SSG service has reached past what the OS is going to allow the SSG service to use by default - in other words, the appliance is no longer adequate for the current usage of the service.

Environment

This applies to all versions of API Gateway as this is more of an OS configuration matter.

Resolution

To address the "Too many open files" errors, the following steps should be completed:

  1. A file should exist called 99-ssg-appliance.conf inside of /etc/security/limits.d/ (create it if it does not exist)
  2. Ensure the contents of that file are as follows:
    # Layer 7 Limits (SSG-8322)
    # gateway user value based on /proc/sys/kernel/pid_max
    *               hard    maxlogins    10
    *               hard    core    0
    *               soft    nproc   5120
    *               hard    nproc   16384
    *               soft    nofile  4096
    *               hard    nofile  63536
    gateway         soft    nproc   31768
    gateway         hard    nproc   31768
    # End Layer 7 Limits
  3. Make sure the permissions are 644 on the above file with this command: chmod 644 /etc/security/limits.d/99-ssg-appliance.conf
  4. Restart the entire node (not just the SSG service) after the new file has been created or updated with the values from step 2 above as this file is only read during the operating system (RHEL) startup process.

Additional Information

  • If Keep-Alive is used, then KB000076808 may help you to diagnose the root cause of these errors