This page describes changes that should be made to the configuration of the system where you are running an Oasis Node instance.
File Descriptor Limit
Make sure that the user under which you are running your Oasis Node has a high-enough file descriptor limit as the databases can have many files open and running out of file descriptors can lead to the node stopping unexpectedly.
You can check the file descriptor limit by running the following as the same user that will run Oasis Node:
If this number is lower than 102400 you should consider increasing it by updating your system configuration. You can configure temporary limits by running:
ulimit -n 102400
Note that this limit only applies to any processes started from the same shell after the command was executed. If you want to make the change permanent, you have the following options.
System-wide Resource Limits Configuration File
root, create a file in
/etc/security/limits.d/99-oasis-node.conf with content similar to the following example:
* soft nofile 102400
* hard nofile 1048576
You can replace
* with the name of the user that is running the Oasis Node in case you only want to change the limits for that particular user.
In order for the changes to take effect a system restart may be required.
Systemd Service Configuration
In case you are running your Oasis Node process via systemd, you can add the following directive under the
If you are running Oasis Node via Docker you can pass the following option to
docker run in order to increase the limit to desired values:
Running Oasis Services with Non-root System User
Beginning with Oasis Core 22.1.x release series it is
no longer allowed to run Oasis Node (i.e. the
as root (effective user ID of 0).
Running network accessible services as the root user is extremely bad for
system security as a general rule. While it would be "ok" if we could drop
syscall.AllThreadsSyscall does not work if the binary uses
Nothing in Oasis Node will ever require elevated privileges.
Attempting to run the
oasis-node process as the root user will now terminate
immediately on startup.
While there may be specific circumstances where it is safe to run network services with the effective user ID set to 0, the overwhelming majority of cases where this is done is a misconfiguration.
Changing Your Setup to Run Oasis Services with Non-root System User
In these examples, we change the setup to run Oasis Services (e.g. Oasis Node)
with a non-root system user named
These instructions also assume that the node's datadir is
Adjust these as appropriate to your setup.
- Create the
As root, run:
adduser --system oasis --shell /usr/sbin/nologin
As root, run:
useradd -r -s /usr/sbin/nologin
Add the following task to your playbook:
- name: Create oasis user
comment: Oasis Services user
oasis user's Shell to
/usr/sbin/nologin prevents (accidentally)
logging-in as this user.
Stop your Oasis Node.
Transfer ownership of the datadir to the
chown -R oasis /serverdir/node
See Invalid Permissions troubleshooting guide for more information.
- Update how you run Oasis Node:
User directive to the Oasis service's systemd unit file:
Below can be found a simple systemd unit file for
oasis-node that can be used
as a starting point.
ExecStart=/serverdir/bin/oasis-node --config /serverdir/etc/config.yml
USER instruction to your Oasis service's Dockerfile:
Wrap the invocation in a
chpst -u oasis oasis-node ...
- Start your Oasis Node.