On Thu, Jan 5, 2017 at 10:07 AM, Peter Faiman <peterfai...@gmail.com> wrote:
> Hmm. The default number of files is 128 for daemons, but it's strange
> you'd hit that JUST starting up.
>
> Can you try starting relayd with -v -d to see if it logs anything of
> interest?
>
# /usr/sbin/relayd -vvv -d
startup
init_filter: filter init done
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
init_tables: created 1 tables
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
hce_notify_done: 192.168.2.0 (tcp connect ok)
host 192.168.2.0, check tcp (0ms,tcp connect ok), state unknown -> up,
availability 100.00%
hce_notify_done: 192.168.2.1 (tcp connect failed)
host 192.168.2.1, check tcp (1ms,tcp connect failed), state unknown ->
down, availability 0.00%
pfe_dispatch_hce: state 1 for host 1 192.168.2.0
pfe_dispatch_hce: state -1 for host 2 192.168.2.1
table Example.com: 1 added, 0 deleted, 0 changed, 0 killed
Also, take a look at the interesting difference between these two...
# /etc/rc.d/relayd start
relayd(failed)
# /usr/sbin/relayd
# ps uax | grep rel
_relayd 82300 0.0 0.3 1140 1964 ?? Sp 11:37AM 0:00.00 relayd:
hce (
_relayd 60360 0.0 0.3 1144 2028 ?? Sp 11:37AM 0:00.00 relayd:
pfe (
root 32087 0.0 0.3 1456 2300 ?? Ss 11:37AM 0:00.00
/usr/sbin/rel
_relayd 40535 0.0 0.2 1072 1800 ?? Sp 11:37AM 0:00.00 relayd:
ca (r
_relayd 15864 0.0 0.2 1208 1900 ?? Sp 11:37AM 0:00.00 relayd:
relay
_relayd 15159 0.0 0.2 1208 1900 ?? Sp 11:37AM 0:00.00 relayd:
relay
_relayd 7514 0.0 0.3 1208 2004 ?? Sp 11:37AM 0:00.00 relayd:
relay
_relayd 23861 0.0 0.2 1072 1676 ?? Sp 11:37AM 0:00.00 relayd:
ca (r
_relayd 16117 0.0 0.2 1072 1680 ?? Sp 11:37AM 0:00.00 relayd:
ca (r
root 61405 0.0 0.1 336 1128 p0 S+p 11:37AM 0:00.00 grep rel
> Can you binary search ulimits until you find the lowest it will start with?
>
I increased ulimit with rational intervals 'til it finally started...
> Reading the source it looks like socket pairs are created between all the
> relayd processes, i.e. n^2 * 2 ish file descriptors, which could exceed 128
> pretty fast. Are you running with a non-default prefork setting?
>
Nope.
My full relayd.conf is in the thread below.
>
> Peter
>
> On Jan 5, 2017, at 09:12, Kevin <spy...@gmail.com> wrote:
>
> Nope. I was hoping for another solution, especially given that:
>
> 1. the only thing runnings on this machine are pf and relayd
> 2. there's zero traffic going to it at present
> 3. there's only one site being load balanced
>
> it seems like it shouldn't be necessary.
>
> I'm open to it, if that's the only choice, but it strikes me as outside of
> the bounds of normal operation.
>
> On Thu, Jan 5, 2017 at 9:07 AM, Peter Faiman <peterfai...@gmail.com>
> wrote:
>
>> Have you modified your open file limits in /etc/login.conf? Especially in
>> the daemon section?
>>
>> Peter
>>
>> > On Jan 5, 2017, at 08:50, Kevin <spy...@gmail.com> wrote:
>> >
>> >> On Tue, Jan 3, 2017 at 1:16 PM, Kevin <spy...@gmail.com> wrote:
>> >>
>> >> Hey gang,
>> >>
>> >> So I'm putting a new firewall in place and have run into issues with
>> >> getting relayd to start using:
>> >>
>> >> # /etc/rc.d/relayd start
>> >>
>> >> When I try starting it like that inevitably I get:
>> >>
>> >> relayd(failed)
>> >>
>> >> checking the log files tells me:
>> >>
>> >> relayd: socketpair: Too many open files
>> >>
>> >> Having trolled through pages of SERPs, I can't find an answer;
>> however, in
>> >> the interest of science, if I do this:
>> >>
>> >> # ulimit -n 512
>> >> # /usr/sbin/relayd
>> >>
>> >> it starts perfectly.
>> >>
>> >> Anyone care to give me a quick strike with the clue stick, please?
>> >>
>> >> Oh yah, here's my relayd.conf
>> >>
>> >> # Example.com
>> >> # 145.176.20.136
>> >> exm_chi01="192.168.2.0"
>> >> exm_chi02="192.168.2.1"
>> >>
>> >> table <Example.com> { $exm_chi01, $exm_chi02 }
>> >>
>> >> #=========#
>> >> # Servers #
>> >> #=========#
>> >> redirect "Example.com" {
>> >> listen on 145.176.20.162 port 80 interface vio0
>> >> pftag RELAYD-Example.com
>> >> forward to <Example.com> check tcp
>> >> }
>> >>
>> >>
>> >> For what it's worth, I'm using a hosts file to point example.com to
>> my IP
>> >> for the time being, as I can't pull the real sites down and move them
>> 'til
>> >> this is working.
>> >>
>> >> Also of interest: pf seems to be working as advertised, as does relayd
>> >> when it's started with the ulimit cranked up.
>> >>
>> >>
>> >> Thanks,
>> >> Kevin
>> >>
>> >
>> >
>> >
>> > Unless there's word to the contrary, and as much as it's not officially
>> the
>> > right thing to do, it seems the only real choice for me here is to run
>> > relayd with ulimit sufficiently cranked, eh?
