Linux: Setting memlock when using encrypted database

• When encryption at rest is enabled, RavenDB uses the libsodium library to lock certain memory regions in order to prevent plaintext data from being swapped to disk.
  Linux imposes a per-process limit on how much memory the process can lock (memlock).
  If this limit is too low, RavenDB cannot open the encrypted database and throws an InsufficientMemoryException.

• The exception message includes the exact prlimit command needed to raise the limit, with the required size in bytes already filled in.

• In this article:

  • Raising the limit for a running process
  • Setting the limit persistently

Raising the limit for a running process

Run the command shown in the exception message, replacing <pid> with the RavenDB process ID
and <size-in-bytes> with the value from the error:

sudo prlimit --pid <pid> --memlock=<size-in-bytes>

This takes effect immediately but does not persist across restarts.

Setting the limit persistently

Add the following to /etc/security/limits.conf:

* soft     memlock         unlimited
* hard     memlock         unlimited

Log out and back in (or restart the service) for the change to take effect.
Verify the new limit with:

ulimit -l

If RavenDB runs as a systemd service, set the memory lock limit in the service unit file instead of limits.conf:

[Service]
LimitMEMLOCK=infinity