D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
thread-self
/
root
/
proc
/
thread-self
/
root
/
lib
/
systemd
/
system
/
Filename :
ssa-agent.service
back
Copy
[Unit] Description=PHP Cloudlinux SSA Agent Service After=network.target ssa-agent.socket Requires=ssa-agent.socket [Service] Type=simple Restart=on-failure RestartSec=3 TimeoutSec=120s LimitNOFILE=65535 # Headroom above ThreadPoolExecutor max_workers=50 (py/ssa/agent.py) # plus helper threads and any short-lived xray children landing in the # same cgroup. Memory ceiling stays enforced via MemoryMax/MemoryHigh. TasksMax=512 MemoryMax=1G MemoryHigh=768M # Pin the BLAS / OpenMP backend behind numpy to a single thread. The daily # routine's only BLAS call is np.corrcoef() on two 24-element vectors # (decision_maker.py get_correlation, autotracer.py pass_by_density), so # threading buys nothing — but an unpinned OpenBLAS spawns one worker per # CPU on first use (dozens on shared-hosting boxes), which inflated the # cgroup task count toward the old TasksMax=100 ceiling and added per-thread # stack + glibc-arena memory against MemoryMax=1G. One thread is both # correct and faster here (CLPRO-3118). Environment=OPENBLAS_NUM_THREADS=1 Environment=OMP_NUM_THREADS=1 NoNewPrivileges=yes CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_CHOWN CAP_SETUID CAP_SETGID ProtectSystem=strict # /var/cagefs exists only when the optional cagefs package is installed. # Under ProtectSystem=strict every ReadWritePaths entry is bind-mounted into # the service namespace, and a missing path aborts namespace setup, crash- # looping the unit with 226/NAMESPACE. The '-' prefix skips the entry when # the path is absent. ReadWritePaths=/var/lve /var/log/clos_ssa /opt/alt /usr/share/clos_ssa /home -/var/cagefs PrivateTmp=yes RestrictNamespaces=yes RestrictSUIDSGID=yes PrivateDevices=yes ProtectControlGroups=yes ExecStart=/usr/sbin/cloudlinux-ssa-agent [Install] WantedBy=multi-user.target