Scenario
Vault logs are showing an error like the following:
2020-11-14T09:21:52.814-0500 [DEBUG] core.cluster-listener: non-timeout error accepting on cluster port: error="accept tcp 127.0.0.2:8201: accept4: too many open files"
Cause
This error can arise when the Vault service unit it configured with a low LimitNOFILE; this setting restricts the number of open file descriptors the Vault service can have open at once.
You can test what the service is currently configured with the following:
systemctl show vault | grep ^LimitNOFILE
Solution
You can increase the limit in the Vault service’s unit file. This can be done by either directly editing the unit file (typically located under /usr/lib/systemd/system/vault.service or /etc/systemd/system/vault.service), or by adding a drop-in unit configuration file. Usually, the unit file is installed by the Vault package, and any subsequent updates to that package may over-write any changes made to the unit file. To avoid this, a drop-in unit file is recommend:
- Create a directory /etc/systemd/system/vault.service.d
- Create a file in that directory named /etc/systemd/system/vault.service.d/00-limitnofile.service
- Add the following to that file:
[Service]
LimitNOFILE=65536 - Reload the service configuration:
systemctl daemon-reload
- Restart the Vault service:
systemctl restart vault