PostgreSQL™ can sometimes exhaust various operating system resource limits, especially when multiple copies of the server are running on the same system, or in very large installations. This section explains the kernel resources used by PostgreSQL™ and the steps you can take to resolve problems related to kernel resource consumption.
Shared memory and semaphores are collectively referred to as
“System V
IPC” (together with message queues, which are not
relevant for PostgreSQL™). Except on
Windows
, where PostgreSQL™
provides its own replacement implementation of these facilities, these
facilities are required in order to run
PostgreSQL™.
The complete lack of these facilities is usually manifested by an Illegal system call error upon server start. In that case there is no alternative but to reconfigure your kernel. PostgreSQL™ won't work without them. This situation is rare, however, among modern operating systems.
When PostgreSQL™ exceeds one of the various hard
IPC limits, the server will refuse to start and
should leave an instructive error message describing the problem
and what to do about it. (See also the section called “Server Start-up Failures”.) The relevant kernel
parameters are named consistently across different systems; Table 17.1, “System V
IPC Parameters” gives an overview. The methods to set
them, however, vary. Suggestions for some platforms are given below.
Prior to PostgreSQL™ 9.3, the amount of System V shared memory required to start the server was much larger. If you are running an older version of the server, please consult the documentation for your server version.
Table 17.1. System V
IPC Parameters
Name | Description | Reasonable values |
---|---|---|
SHMMAX | Maximum size of shared memory segment (bytes) | at least 1kB (more if running many copies of the server) |
SHMMIN | Minimum size of shared memory segment (bytes) | 1 |
SHMALL | Total amount of shared memory available (bytes or pages) | if bytes, same as SHMMAX ; if pages, ceil(SHMMAX/PAGE_SIZE) |
SHMSEG | Maximum number of shared memory segments per process | only 1 segment is needed, but the default is much higher |
SHMMNI | Maximum number of shared memory segments system-wide | like SHMSEG plus room for other applications |
SEMMNI | Maximum number of semaphore identifiers (i.e., sets) | at least ceil((max_connections + autovacuum_max_workers + 4) / 16) |
SEMMNS | Maximum number of semaphores system-wide | ceil((max_connections + autovacuum_max_workers + 4) / 16) * 17 plus room for other applications |
SEMMSL | Maximum number of semaphores per set | at least 17 |
SEMMAP | Number of entries in semaphore map | see text |
SEMVMX | Maximum value of semaphore | at least 1000 (The default is often 32767; do not change unless necessary) |
PostgreSQL™ requires a few bytes of System V shared memory
(typically 48 bytes, on 64-bit platforms) for each copy of the server.
On most modern operating systems, this amount can easily be allocated.
However, if you are running many copies of the server, or if other
applications are also using System V shared memory, it may be necessary
to increase SHMMAX
, the maximum size in bytes of a shared
memory segment, or SHMALL
, the total amount of System V shared
memory system-wide. Note that SHMALL
is measured in pages
rather than bytes on many systems.
Less likely to cause problems is the minimum size for shared
memory segments (SHMMIN
), which should be at most
approximately 32 bytes for PostgreSQL™ (it is
usually just 1). The maximum number of segments system-wide
(SHMMNI
) or per-process (SHMSEG
) are unlikely
to cause a problem unless your system has them set to zero.
PostgreSQL™ uses one semaphore per allowed connection
(max_connections) and allowed autovacuum worker
process (autovacuum_max_workers), in sets of 16.
Each such set will
also contain a 17th semaphore which contains a “magic
number”, to detect collision with semaphore sets used by
other applications. The maximum number of semaphores in the system
is set by SEMMNS
, which consequently must be at least
as high as max_connections
plus
autovacuum_max_workers
, plus one extra for each 16
allowed connections plus workers (see the formula in Table 17.1, “System V
IPC Parameters”). The parameter SEMMNI
determines the limit on the number of semaphore sets that can
exist on the system at one time. Hence this parameter must be at
least ceil((max_connections + autovacuum_max_workers + 4) / 16)
.
Lowering the number
of allowed connections is a temporary workaround for failures,
which are usually confusingly worded “No space
left on device”, from the function semget
.
In some cases it might also be necessary to increase
SEMMAP
to be at least on the order of
SEMMNS
. This parameter defines the size of the semaphore
resource map, in which each contiguous block of available semaphores
needs an entry. When a semaphore set is freed it is either added to
an existing entry that is adjacent to the freed block or it is
registered under a new map entry. If the map is full, the freed
semaphores get lost (until reboot). Fragmentation of the semaphore
space could over time lead to fewer available semaphores than there
should be.
The SEMMSL
parameter, which determines how many
semaphores can be in a set, must be at least 17 for
PostgreSQL™.
Various other settings related to “semaphore undo”, such as
SEMMNU
and SEMUME
, do not affect
PostgreSQL™.
AIX
At least as of version 5.1, it should not be necessary to do
any special configuration for such parameters as
SHMMAX
, as it appears this is configured to
allow all memory to be used as shared memory. That is the
sort of configuration commonly used for other databases such
as DB/2.
It might, however, be necessary to modify the global
ulimit information in
/etc/security/limits
, as the default hard
limits for file sizes (fsize
) and numbers of
files (nofiles
) might be too low.
FreeBSD
The default settings can be changed using the sysctl or loader interfaces. The following parameters can be set using sysctl:
#
sysctl kern.ipc.shmall=32768
#
sysctl kern.ipc.shmmax=134217728
To make these settings persist over reboots, modify
/etc/sysctl.conf
.
These semaphore-related settings are read-only as far as
sysctl is concerned, but can be set in
/boot/loader.conf
:
kern.ipc.semmni=256 kern.ipc.semmns=512 kern.ipc.semmnu=256
After modifying these values a reboot is required for the new
settings to take effect.
(Note: FreeBSD does not use SEMMAP
. Older versions
would accept but ignore a setting for kern.ipc.semmap
;
newer versions reject it altogether.)
You might also want to configure your kernel to lock shared
memory into RAM and prevent it from being paged out to swap.
This can be accomplished using the sysctl
setting kern.ipc.shm_use_phys
.
If running in FreeBSD jails by enabling sysctl's
security.jail.sysvipc_allowed
, postmasters
running in different jails should be run by different operating system
users. This improves security because it prevents non-root users
from interfering with shared memory or semaphores in different jails,
and it allows the PostgreSQL IPC cleanup code to function properly.
(In FreeBSD 6.0 and later the IPC cleanup code does not properly detect
processes in other jails, preventing the running of postmasters on the
same port in different jails.)
FreeBSD
versions before 4.0 work like
OpenBSD
(see below).
NetBSD
In NetBSD
5.0 and later,
IPC parameters can be adjusted using sysctl,
for example:
$
sysctl -w kern.ipc.shmmax=16777216
To have these settings persist over reboots, modify
/etc/sysctl.conf
.
You might also want to configure your kernel to lock shared
memory into RAM and prevent it from being paged out to swap.
This can be accomplished using the sysctl
setting kern.ipc.shm_use_phys
.
NetBSD
versions before 5.0 work like
OpenBSD
(see below), except that
parameters should be set with the keyword options
not
option
.
OpenBSD
The options SYSVSHM
and SYSVSEM
need
to be enabled when the kernel is compiled. (They are by
default.) The maximum size of shared memory is determined by
the option SHMMAXPGS
(in pages). The following
shows an example of how to set the various parameters:
option SYSVSHM option SHMMAXPGS=4096 option SHMSEG=256 option SYSVSEM option SEMMNI=256 option SEMMNS=512 option SEMMNU=256 option SEMMAP=256
You might also want to configure your kernel to lock shared
memory into RAM and prevent it from being paged out to swap.
This can be accomplished using the sysctl
setting kern.ipc.shm_use_phys
.
HP-UX
The default settings tend to suffice for normal installations.
On HP-UX™ 10, the factory default for
SEMMNS
is 128, which might be too low for larger
database sites.
IPC parameters can be set in the System Administration Manager (SAM) under → . Choose when you're done.
Linux
The default maximum segment size is 32 MB, and the
default maximum total size is 2097152
pages. A page is almost always 4096 bytes except in unusual
kernel configurations with “huge pages”
(use getconf PAGE_SIZE
to verify).
The shared memory size settings can be changed via the sysctl interface. For example, to allow 16 GB:
$
sysctl -w kernel.shmmax=17179869184
$
sysctl -w kernel.shmall=4194304
In addition these settings can be preserved between reboots in
the file /etc/sysctl.conf
. Doing that is
highly recommended.
Ancient distributions might not have the sysctl program,
but equivalent changes can be made by manipulating the
/proc
file system:
$
echo 17179869184 >/proc/sys/kernel/shmmax
$
echo 4194304 >/proc/sys/kernel/shmall
The remaining defaults are quite generously sized, and usually do not require changes.
OS X
The recommended method for configuring shared memory in OS X
is to create a file named /etc/sysctl.conf
,
containing variable assignments such as:
kern.sysv.shmmax=4194304 kern.sysv.shmmin=1 kern.sysv.shmmni=32 kern.sysv.shmseg=8 kern.sysv.shmall=1024
Note that in some OS X versions,
all five shared-memory parameters must be set in
/etc/sysctl.conf
, else the values will be ignored.
Beware that recent releases of OS X ignore attempts to set
SHMMAX
to a value that isn't an exact multiple of 4096.
SHMALL
is measured in 4 kB pages on this platform.
In older OS X versions, you will need to reboot to have changes in the
shared memory parameters take effect. As of 10.5 it is possible to
change all but SHMMNI
on the fly, using
sysctl. But it's still best to set up your preferred
values via /etc/sysctl.conf
, so that the values will be
kept across reboots.
The file /etc/sysctl.conf
is only honored in OS X
10.3.9 and later. If you are running a previous 10.3.x release,
you must edit the file /etc/rc
and change the values in the following commands:
sysctl -w kern.sysv.shmmax sysctl -w kern.sysv.shmmin sysctl -w kern.sysv.shmmni sysctl -w kern.sysv.shmseg sysctl -w kern.sysv.shmall
Note that
/etc/rc
is usually overwritten by OS X system updates,
so you should expect to have to redo these edits after each update.
In OS X 10.2 and earlier, instead edit these commands in the file
/System/Library/StartupItems/SystemTuning/SystemTuning
.
SCO OpenServer
In the default configuration, only 512 kB of shared memory per
segment is allowed. To increase the setting, first change to the
directory /etc/conf/cf.d
. To display the current value of
SHMMAX
, run:
./configure -y SHMMAX
To set a new value for SHMMAX
, run:
./configure SHMMAX=value
where value
is the new value you want to use
(in bytes). After setting SHMMAX
, rebuild the kernel:
./link_unix
and reboot.
Solaris
2.6 to 2.9 (Solaris
6 to Solaris 9)
The relevant settings can be changed in
/etc/system
, for example:
set shmsys:shminfo_shmmax=0x2000000 set shmsys:shminfo_shmmin=1 set shmsys:shminfo_shmmni=256 set shmsys:shminfo_shmseg=256 set semsys:seminfo_semmap=256 set semsys:seminfo_semmni=512 set semsys:seminfo_semmns=512 set semsys:seminfo_semmsl=32
You need to reboot for the changes to take effect. See also http://sunsite.uakom.sk/sunworldonline/swol-09-1997/swol-09-insidesolaris.html for information on shared memory under older versions of Solaris.
Solaris
2.10 (Solaris
10) and later, OpenSolaris
In Solaris 10 and later, and OpenSolaris, the default shared memory and
semaphore settings are good enough for most
PostgreSQL™ applications. Solaris now defaults
to a SHMMAX
of one-quarter of system RAM.
To further adjust this setting, use a project setting associated
with the postgres
user. For example, run the
following as root
:
projadd -c "PostgreSQL DB User" -K "project.max-shm-memory=(privileged,8GB,deny)" -U postgres -G postgres user.postgres
This command adds the user.postgres
project and
sets the shared memory maximum for the postgres
user to 8GB, and takes effect the next time that user logs
in, or when you restart PostgreSQL™ (not reload).
The above assumes that PostgreSQL™ is run by
the postgres
user in the postgres
group. No server reboot is required.
Other recommended kernel setting changes for database servers which will have a large number of connections are:
project.max-shm-ids=(priv,32768,deny) project.max-sem-ids=(priv,4096,deny) project.max-msg-ids=(priv,4096,deny)
Additionally, if you are running PostgreSQL™
inside a zone, you may need to raise the zone resource usage
limits as well. See "Chapter2: Projects and Tasks" in the
System Administrator's Guide for more
information on projects
and prctl.
UnixWare
On UnixWare™ 7, the maximum size for shared
memory segments is 512 kB in the default configuration.
To display the current value of SHMMAX
, run:
/etc/conf/bin/idtune -g SHMMAX
which displays the current, default, minimum, and maximum
values. To set a new value for SHMMAX
,
run:
/etc/conf/bin/idtune SHMMAX value
where value
is the new value you want to use
(in bytes). After setting SHMMAX
, rebuild the
kernel:
/etc/conf/bin/idbuild -B
and reboot.
Unix-like operating systems enforce various kinds of resource limits
that might interfere with the operation of your
PostgreSQL™ server. Of particular
importance are limits on the number of processes per user, the
number of open files per process, and the amount of memory available
to each process. Each of these have a “hard” and a
“soft” limit. The soft limit is what actually counts
but it can be changed by the user up to the hard limit. The hard
limit can only be changed by the root user. The system call
setrlimit
is responsible for setting these
parameters. The shell's built-in command ulimit
(Bourne shells) or limit (csh) is
used to control the resource limits from the command line. On
BSD-derived systems the file /etc/login.conf
controls the various resource limits set during login. See the
operating system documentation for details. The relevant
parameters are maxproc
,
openfiles
, and datasize
. For
example:
default:\ ... :datasize-cur=256M:\ :maxproc-cur=256:\ :openfiles-cur=256:\ ...
(-cur
is the soft limit. Append
-max
to set the hard limit.)
Kernels can also have system-wide limits on some resources.
On Linux™
/proc/sys/fs/file-max
determines the
maximum number of open files that the kernel will support. It can
be changed by writing a different number into the file or by
adding an assignment in /etc/sysctl.conf
.
The maximum limit of files per process is fixed at the time the
kernel is compiled; see
/usr/src/linux/Documentation/proc.txt
for
more information.
The PostgreSQL™ server uses one process per connection so you should provide for at least as many processes as allowed connections, in addition to what you need for the rest of your system. This is usually not a problem but if you run several servers on one machine things might get tight.
The factory default limit on open files is often set to “socially friendly” values that allow many users to coexist on a machine without using an inappropriate fraction of the system resources. If you run many servers on a machine this is perhaps what you want, but on dedicated servers you might want to raise this limit.
On the other side of the coin, some systems allow individual processes to open large numbers of files; if more than a few processes do so then the system-wide limit can easily be exceeded. If you find this happening, and you do not want to alter the system-wide limit, you can set PostgreSQL™'s max_files_per_process configuration parameter to limit the consumption of open files.
In Linux 2.4 and later, the default virtual memory behavior is not optimal for PostgreSQL™. Because of the way that the kernel implements memory overcommit, the kernel might terminate the PostgreSQL™ postmaster (the master server process) if the memory demands of either PostgreSQL™ or another process cause the system to run out of virtual memory.
If this happens, you will see a kernel message that looks like this (consult your system documentation and configuration on where to look for such a message):
Out of Memory: Killed process 12345 (postgres).
This indicates that the postgres
process
has been terminated due to memory pressure.
Although existing database connections will continue to function
normally, no new connections will be accepted. To recover,
PostgreSQL™ will need to be restarted.
One way to avoid this problem is to run PostgreSQL™ on a machine where you can be sure that other processes will not run the machine out of memory. If memory is tight, increasing the swap space of the operating system can help avoid the problem, because the out-of-memory (OOM) killer is invoked only when physical memory and swap space are exhausted.
If PostgreSQL™ itself is the cause of the
system running out of memory, you can avoid the problem by changing
your configuration. In some cases, it may help to lower memory-related
configuration parameters, particularly
shared_buffers
and work_mem
. In
other cases, the problem may be caused by allowing too many connections
to the database server itself. In many cases, it may be better to reduce
max_connections
and instead make use of external connection-pooling software.
On Linux 2.6 and later, it is possible to modify the kernel's behavior so that it will not “overcommit” memory. Although this setting will not prevent the OOM killer from being invoked altogether, it will lower the chances significantly and will therefore lead to more robust system behavior. This is done by selecting strict overcommit mode via sysctl:
sysctl -w vm.overcommit_memory=2
or placing an equivalent entry in /etc/sysctl.conf
.
You might also wish to modify the related setting
vm.overcommit_ratio
. For details see the kernel documentation
file Documentation/vm/overcommit-accounting
.
Another approach, which can be used with or without altering
vm.overcommit_memory
, is to set the process-specific
oom_score_adj
value for the postmaster process to
-1000
, thereby guaranteeing it will not be targeted by the OOM
killer. The simplest way to do this is to execute
echo -1000 > /proc/self/oom_score_adj
in the postmaster's startup script just before invoking the postmaster.
Note that this action must be done as root, or it will have no effect;
so a root-owned startup script is the easiest place to do it. If you
do this, you may also wish to build PostgreSQL™
with -DLINUX_OOM_SCORE_ADJ=0
added to CPPFLAGS
.
That will cause postmaster child processes to run with the normal
oom_score_adj
value of zero, so that the OOM killer can still
target them at need.
Older Linux kernels do not offer /proc/self/oom_score_adj
,
but may have a previous version of the same functionality called
/proc/self/oom_adj
. This works the same except the disable
value is -17
not -1000
. The corresponding
build flag for PostgreSQL™ is
-DLINUX_OOM_ADJ=0
.
Some vendors' Linux 2.4 kernels are reported to have early versions
of the 2.6 overcommit sysctl parameter. However, setting
vm.overcommit_memory
to 2
on a 2.4 kernel that does not have the relevant code will make
things worse, not better. It is recommended that you inspect
the actual kernel source code (see the function
vm_enough_memory
in the file mm/mmap.c
)
to verify what is supported in your kernel before you try this in a 2.4
installation. The presence of the overcommit-accounting
documentation file should not be taken as evidence that the
feature is there. If in any doubt, consult a kernel expert or your
kernel vendor.
Using huge pages reduces overhead when using large contiguous chunks of
memory, like PostgreSQL™ does. To enable this
feature in PostgreSQL™ you need a kernel
with CONFIG_HUGETLBFS=y
and
CONFIG_HUGETLB_PAGE=y
. You also have to tune the system
setting vm.nr_hugepages
. To estimate the number of
necessary huge pages start PostgreSQL™ without
huge pages enabled and check the VmPeak
value from the
proc file system:
$head -1 /path/to/data/directory/postmaster.pid
4170 $grep ^VmPeak /proc/4170/status
VmPeak: 6490428 kB
6490428
/ 2048
(PAGE_SIZE
is 2MB
in this case) are
roughly 3169.154
huge pages, so you will need at
least 3170
huge pages:
$ sysctl -w vm.nr_hugepages=3170
Sometimes the kernel is not able to allocate the desired number of huge
pages, so it might be necessary to repeat that command or to reboot. Don't
forget to add an entry to /etc/sysctl.conf
to persist
this setting through reboots.
The default behavior for huge pages in
PostgreSQL™ is to use them when possible and
to fallback to normal pages when failing. To enforce the use of huge
pages, you can set
huge_pages
to on
. Note that in this case
PostgreSQL™ will fail to start if not enough huge
pages are available.
For a detailed description of the Linux™ huge pages feature have a look at https://www.kernel.org/doc/Documentation/vm/hugetlbpage.txt.