Debian increase ulimit for Asterisk
Debian Increase ulimit for Asterisk: A Comprehensive Guide to Overcoming File Descriptor Limits
At revWhiteShadow, we understand the critical importance of a stable and robust Asterisk environment, especially when dealing with high call volumes or complex call flows. One of the most common, yet often perplexing, issues that can plague Asterisk deployments is the “Can’t create pipe!” error, frequently encountered in logs like bridge_channel.c. This error, as many system administrators have discovered, is a direct symptom of hitting the maximum number of open file descriptors that the Asterisk process is allowed to utilize. When Asterisk, a telephony server that constantly manages numerous connections, call channels, and internal processes, exhausts its available file descriptors, it inevitably leads to instability and, as you may have experienced, crashes.
This comprehensive guide from revWhiteShadow is meticulously crafted to not only address the root cause of this pervasive issue but to provide actionable, detailed steps that will help you increase ulimit for Asterisk on your Debian system, ensuring a more stable and reliable telephony platform. We will delve into the intricacies of system resource limits, explore the correct methods for configuration, and validate the applied changes to ensure your Asterisk instance can operate without the constraints of insufficient file descriptor allocation. Our aim is to provide content so thorough and accurate that it surpasses existing resources in helping you Debian increase ulimit for Asterisk.
Understanding the “Can’t Create Pipe!” Error and File Descriptors
Before we dive into the solutions, it’s crucial to grasp why this error occurs. In Linux systems, almost every interaction with the operating system involves file descriptors. These are essentially handles that the kernel uses to manage open files, network sockets, pipes, FIFOs, and other I/O resources. When Asterisk handles concurrent calls, it opens sockets for SIP and IAN, creates pipes for inter-process communication, and manages various other file-like resources. Each of these operations consumes a file descriptor.
The error message “bridge_channel.c: Can’t create pipe! Try increasing max file descriptors with ulimit -n” is a direct plea from Asterisk itself. It signifies that the process has attempted to create a new pipe, a mechanism for inter-process communication, but has been denied because it has reached its current allocation of available file descriptors. The ulimit -n command is the standard way to check and set these limits for a running process or a user session.
Why Default Limits are Insufficient for Asterisk
Modern Debian installations, like many Linux distributions, come with default ulimit settings that are generally conservative, designed for typical desktop or light server usage. For a demanding application like Asterisk, which is expected to handle potentially thousands of concurrent calls, these defaults are almost always inadequate. The default Max open files limit, often set to a mere 1024 for soft limit and 4096 for hard limit, is easily surpassed in busy Asterisk environments. This leads to the very problem you’re facing.
The Challenge: ulimit -n Reflecting Incorrectly for Asterisk Process
A common point of confusion, as you’ve accurately described, is when you modify /etc/security/limits.conf or related files, verify ulimit -n in your interactive shell reports the new, higher value (e.g., 150000), but inspecting the limits for the actual Asterisk process via /proc/<PID>/limits still shows the old, lower limits (e.g., 1024/4096). This discrepancy arises because changes made to /etc/security/limits.conf are typically applied to new login sessions or processes initiated after the configuration change. Processes that are already running, including services started by systemd or init.d scripts, often inherit the limits from their parent process at the time of their creation, and do not automatically re-read the system-wide configuration files.
This is a critical distinction that often trips up administrators. Simply editing limits.conf is only half the battle; the other half is ensuring that the Asterisk service itself is started in an environment that respects these new, elevated limits.
The Solution: Implementing Global and Service-Specific ulimit Settings
To effectively increase ulimit for Asterisk and ensure the changes are persistent and applied correctly to the Asterisk service, we need to employ a multi-pronged approach. This involves configuring system-wide defaults and then ensuring that the Asterisk service specifically inherits these higher limits.
Step 1: Modifying /etc/security/limits.conf and /etc/security/limits.d/*
The limits.conf file is the primary configuration file for user and session resource limits. The limits.d directory allows for modular configuration, where files within this directory are read in alphanumeric order. For comprehensive coverage, we will modify limits.conf directly or create a new file within limits.d.
Let’s ensure your configuration is robust. You’ve already correctly identified the format for adding entries:
domain type item value
- domain: This specifies the user or group to which the limit applies.
rootapplies to the root user, and*applies to all other users. - type: This can be
softorhard. A soft limit is the limit that the kernel enforces for the process. A hard limit is the maximum value that a non-privileged user can set for their soft limit. - item: This specifies the resource to be limited. For file descriptors, this is
nofile. - value: The numerical limit.
Recommendation for Comprehensive Coverage:
It is best practice to define these limits both for the root user (in case Asterisk is run as root, though this is generally discouraged for security reasons) and for all users (*). Furthermore, using a specific file within /etc/security/limits.d/ can help organize these settings and ensure they are applied correctly.
Create or edit a file, for instance, /etc/security/limits.d/99-asterisk.conf, with the following content:
# /etc/security/limits.d/99-asterisk.conf
# Provided by revWhiteShadow for Asterisk ulimit tuning
# Increase the maximum number of open files for all users
* soft nofile 150000
* hard nofile 150000
# Increase the maximum number of open files specifically for the root user
# (if Asterisk is run as root, though running as a dedicated user is preferred)
root soft nofile 150000
root hard nofile 150000
# You may also want to increase other relevant limits if necessary,
# though nofile is the primary concern for the "Can't create pipe!" error.
# For example, max processes (nproc) might be relevant for very busy systems.
# * soft nproc 65535
# * hard nproc 65535
Explanation of the Chosen Values:
- We’ve set both
softandhardlimits to150000. This is a significant increase from the default 1024/4096 and should comfortably accommodate a large number of concurrent calls. The hard limit ensures that even if a process tries to exceed this, it can’t, and the soft limit is the active enforcement. - Using
*ensures that these limits apply broadly, androotis included for thoroughness. - The prefix
99-in the filename/etc/security/limits.d/99-asterisk.confis chosen to ensure this configuration is read after any default configurations that might be present in files with lower numerical prefixes, guaranteeing our overrides take precedence.
Step 2: Ensuring the Asterisk Service Inherits the New Limits (The Crucial Part)
As mentioned, simply modifying limits.conf does not automatically apply the new limits to already running services or services managed by systemd. For systems using systemd (which is standard on Debian 8 and later), we need to configure the service unit file for Asterisk.
Locating the Asterisk Service File
First, we need to find the systemd service file for Asterisk. It’s typically located in /lib/systemd/system/ or /etc/systemd/system/. The exact name might be asterisk.service, asterisk.service.d/override.conf, or similar.
You can usually find it by running:
systemctl status asterisk
This will show you the active unit file path.
Creating an Override for the Service Unit
The recommended way to modify systemd service files is by creating an override file. This prevents your changes from being overwritten during package upgrades and keeps customizations separate from the default unit definition.
Create a directory for the override:
sudo mkdir -p /etc/systemd/system/asterisk.service.d/(Replace
asterisk.servicewith the actual service file name if it’s different).Create an override configuration file:
sudo nano /etc/systemd/system/asterisk.service.d/override.conf(Again, adjust
override.confif needed).Add the following content to
override.conf:# /etc/systemd/system/asterisk.service.d/override.conf # Provided by revWhiteShadow to increase ulimit for Asterisk service [Service] # The LimitNOFILE directive sets the open file descriptor limit for the service. # This is the key to ensuring Asterisk inherits the correct limits. LimitNOFILE=150000 LimitNOFILESoft=150000 # Explicitly set soft limit as well for clarity and compatibilityExplanation of
LimitNOFILE: TheLimitNOFILEdirective within the[Service]section of asystemdunit file directly sets the hard and soft limits for the number of open file descriptors for processes managed by that service. By settingLimitNOFILE=150000, we are instructingsystemdto enforce a limit of 150000 open files for the Asterisk process. SettingLimitNOFILESoftcan also be beneficial for explicit clarity.
Reloading systemd and Restarting Asterisk
After making these changes, you must inform systemd about the modifications and then restart the Asterisk service.
Reload systemd daemon:
sudo systemctl daemon-reloadThis command re-reads all unit files and makes
systemdaware of the new configuration.Restart the Asterisk service:
sudo systemctl restart asteriskThis will stop the current Asterisk process and start a new one, which will now be launched with the
LimitNOFILEsetting applied bysystemd.
Step 3: Verifying the New Limits for the Asterisk Process
Now comes the critical verification step. You need to confirm that the Asterisk process itself is running with the elevated limits.
Find the Process ID (PID) of Asterisk: You can do this using
pgreporps:pgrep asteriskThis will output the PID(s) of running Asterisk processes. Let’s assume the PID is
12345for the examples below.Inspect the
/proc/<PID>/limitsfile: Now, examine the limits for the specific Asterisk process:cat /proc/12345/limitsYou should now see output similar to this, with the
Max open filesreflecting your new, higher limits:Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 8388608 unlimited bytes Max core file size 0 unlimited bytes Max resident set unlimited unlimited bytes Max processes 31945 31945 processes Max open files 150000 150000 files <-- This is what we want to see Max locked memory 65536 65536 bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 31945 31945 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited usCheck Asterisk’s
ulimit -noutput from within Asterisk CLI (if applicable): If you can access the Asterisk CLI, you might be able to get a sense of its perceived limits. However, the most definitive check is always/proc/<PID>/limits.
If you still see the old limits:
- Double-check the service name: Ensure you correctly identified the
asterisk.servicefile and are using its exact name in the override directory. - Check
systemctl status asteriskagain: Look for any errors during the restart. - Verify
daemon-reloadwas successful: Make sure there were no syntax errors in your override file. - Check for other systemd configurations: In rare cases, other unit files might be involved in the startup chain, though for a standard Asterisk install, the
asterisk.serviceoverride should be sufficient.
Additional Considerations and Best Practices
While increasing nofile limits is the primary solution, several other factors contribute to a stable Asterisk deployment.
Running Asterisk as a Dedicated User
For security and better resource management, it is strongly recommended to run Asterisk under a dedicated, non-privileged user (e.g., asterisk or asterisk-user) rather than as root. If you are running Asterisk as a dedicated user, you might need to adjust your limits.d configuration to target that specific user instead of, or in addition to, root and *.
Example for a dedicated asterisk user:
# /etc/security/limits.d/99-asterisk.conf
asterisk soft nofile 150000
asterisk hard nofile 150000
And in your systemd override:
[Service]
User=asterisk
Group=asterisk
LimitNOFILE=150000
LimitNOFILESoft=150000
Ensure the User and Group directives in the systemd service file match the user Asterisk is configured to run as.
System-Wide Kernel Limits
While ulimit controls process-specific limits, there are also system-wide kernel parameters that can affect resource availability. The most relevant one here is fs.file-max, which defines the maximum number of file handles that the kernel can allocate system-wide.
You can check this value with:
sysctl fs.file-max
To permanently set it, edit /etc/sysctl.conf or create a file in /etc/sysctl.d/ (e.g., /etc/sysctl.d/99-filemax.conf) with the following line:
fs.file-max = 200000
(We set it slightly higher than the per-process limit to allow for system overhead).
Then apply the change immediately:
sudo sysctl -p
While fs.file-max is crucial for overall system stability, the ulimit or LimitNOFILE setting is what directly governs the limit for individual processes like Asterisk.
Monitoring and Tuning
Even after applying these changes, continuous monitoring is key. Use tools like atop, htop, or sar to observe file descriptor usage. If you find that Asterisk is still nearing its limits, you might need to investigate specific call patterns or modules that are consuming an unusual number of file descriptors.
lsof -p <PID>: This command lists all open files for a given process ID. It can be incredibly useful for diagnosing which parts of Asterisk are using the most file descriptors.
Debian 8 Specifics
While the methods described are largely distribution-agnostic for modern systemd-based systems, it’s worth noting that Debian 8 “Jessie” was indeed one of the first Debian releases to widely adopt systemd. Therefore, the systemd override method is the most appropriate and reliable way to manage service limits on this version. Older systems might have relied on init.d scripts and different methods of setting environment variables, but for Debian 8, systemd is the way forward.
Conclusion
By systematically addressing the ulimit settings through both the general resource configuration (/etc/security/limits.d/) and the specific service configuration via systemd overrides, you can effectively increase ulimit for Asterisk on your Debian system. This approach ensures that the Asterisk process starts with the necessary file descriptor allocations, preventing the common “Can’t create pipe!” errors and significantly enhancing the stability and reliability of your telephony infrastructure.
At revWhiteShadow, we are committed to providing the in-depth, actionable guidance necessary to overcome complex system administration challenges. Implementing these steps will equip your Asterisk deployment with the capacity to handle greater loads, ensuring seamless operation and preventing the frustrating downtime associated with file descriptor exhaustion. This comprehensive strategy is designed to help you outrank any introductory or incomplete guides, providing a definitive solution for your Debian increase ulimit for Asterisk needs.