I’m aware of this issue, and unfortunately I found no workaround.
I stumbled upon this trying to run the CHT on a EC2 AWS instance, and after failing to find a workaround, I ended up making a no-ulimit couchdb image.
The internet says:
A regular (non‑root) process can lower its own soft limit, but it can’t raise the soft limit above the hard limit, nor can it raise the hard limit at all. Only root—or a process with the CAP_SYS_RESOURCE capability—can do that.
I suppose that you would have to somehow add CAP_SYS_RESOURCE to the docker process. I also tried to add the capability to the docker service in the docker-compose file, and that did not work either.
Thanks for the reply @rajeevtapadia , and thank you for joining the Dev Hour call and asking this question. I believe this is a really tricky issue to bump into with seemingly no solution, just highly technical rabbit holes and futile tries with no results. It was very frustrating for me when I encountered this.
It’s unfortunate there is no workaround, except “try on another machine”. I believe that we should document this limitation in a way that makes sense for people who are not intimately acquainted with OS ↔ VM ↔ Docker deep permissions logic.
So the problem is caused by the following line in couchdb/docker-entrypoint.sh
su -c "ulimit -n 100000 && exec $@" couchdb
Remove the ulimit part of this line
su -c "exec $@" couchdb
and then run ulimit -n 100000 on the host OS.
After this rebuild the couchdb docker image by running
cd couchdb
docker build . -t custom-couchdb-image
Then change the image name in docker-componse.yaml which is located in ~/cht-docker (if you followed documentation)
After the change docker-compose.yaml should look like
Now just follow the usual process to start development server.
cd ~/cht-docker
COUCHDB_USER=medic COUCHDB_PASSWORD=password docker compose -f docker-compose.yml -f couchdb-override.yml up -d
And these three npm commands in three different terminals
cd ~/cht-core
npm run build-dev-watch
npm run dev-api
npm run dev-sentinel
PS:
I am not sure when side effect might be there because of removing ulimit command from docker-entrypoint.sh but I think we are setting the limit directly in host OS so it should not cause any problems.
Also thanks to @apoorvapendse for helping me to debug this problem.
@diana - what do you think about making an obscure .env/compose flag that skips the ulimit call inside the container? This is a workaround that will still require rebuilding the image, for sure. However, it would be used only in development (documented it clearly) and would unblock future users who are stuck like @rajeevtapadia is and prevent every affected local dev from needing to rebuild the image.
I would vote a combo of 1 and 3! Continue to fail hard but add a more description method telling them now to not have the call be made via the env var.