Skip to content

Commit

Permalink
[posts] new : lxd-server-settings-for-production
Browse files Browse the repository at this point in the history
  • Loading branch information
@kitcharoenp
kitcharoenp committed Aug 7, 2023
1 parent 7cc32f4 commit a21fa12
Show file tree
Hide file tree
Showing 3 changed files with 228 additions and 0 deletions.
14 changes: 14 additions & 0 deletions _posts/2023-07-27-btrfs-snapshots-and-restore.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
layout : post
title : "LXD Cluster"
categories : [ubuntu, lxd]
published : false
---


### Reference
* [btrfs](https://help.ubuntu.com/community/btrfs)

* [How To Create Snapshots And Restore Your Linux System Using Btrfs](https://www.unixmen.com/snapshots-and-restore-linux-system-using-btrfs/)

* [How to manage apt-btrfs-snapshot snapshots on Ubuntu](https://moritzmolch.com/blog/2506.html)
89 changes: 89 additions & 0 deletions _posts/2023-07-27-lxd-cluster.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
---
layout : post
title : "LXD Cluster"
categories : [ubuntu, lxd]
published : false
---




```
Error: Get "http://unix.socket/1.0": dial unix /var/snap/lxd/common/lxd/unix.socket: connect: connection refused
sudo apt install sqlite3
sudo sqlite3 /var/snap/lxd/common/lxd/database/local.db
sqlite> .tables
certificates config patches raft_nodes schema
sqlite> select * from schema
...> ;
1|42|1689933924
2|43|1690431075
sqlite> delete from schema where id =2;
sqlite> select * from schema;
1|42|1689933924
sqlite> select * from raft_nodes;
1|10.10.10.13:8443|0|server03
2|10.10.10.11:8443|1|server01
sqlite> delete from raft_nodes where id =2;
sqlite> select * from raft_nodes;
1|10.10.10.13:8443|0|server03
$ sudo snap start lxd
```

### Error: Error creating database: schema version '40' is more recent than expected '39'



### [Managing the LXD snap](https://discuss.linuxcontainers.org/t/managing-the-lxd-snap/8178)

LXD clusters must all run the same LXD version.

https://discuss.linuxcontainers.org/t/snap-fix-channel/9725

snap switch lxd --channel=latest/stable

sudo snap refresh lxd


sudo snap install lxd --channel=latest/stable

snap refresh lxd --channel=latest/stable

To manually trigger a refresh on a cluster member and ensure that all cluster members are refreshing using the same phasing cohort, and thus get the same version, use:


sudo journalctl -u snap.lxd.daemon.service -f -n200

Production server:

* Use the latest/stable channel if you need the latest features and can specify a frequent refresh window.
* Use a snap refresh --hold lxd if you want to avoid the automatic release upgrade and have time to do manage the refresh cycle manually to ensure you get updates.
* Use an $LTS/stable channel if you don’t need any of the features that were added since the last LTS release but still want bug fixes and security updates.
* Set a refresh window to match your system maintenance window.


### Reference
* [Unable to complete LXD cluster node rename](https://discuss.linuxcontainers.org/t/unable-to-complete-lxd-cluster-node-rename/14723)

* [Can't lxc list, no unix.socket connection refused](https://github.com/canonical/lxd/issues/5423)

* [[SOLVED] LXD 3.18 Stopped working: unix.socket: connect: connection refused](https://discuss.linuxcontainers.org/t/solved-lxd-3-18-stopped-working-unix-socket-connect-connection-refused/6201)

* [Wrong scheme version after upgrade](https://github.com/canonical/lxd/issues/3465)

* [LXD Failed Cluster Upgrade - unable to update some nodes ](https://discuss.linuxcontainers.org/t/lxd-failed-cluster-upgrade-unable-to-update-some-nodes/7509)
125 changes: 125 additions & 0 deletions _posts/2023-08-03-lxd-server-settings-for-production.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
---
layout : post
title : "Server settings for a LXD production setup"
categories : [ubuntu, lxd]
published : true
---

see a list of all your user’s limits on the system
```
$ ulimit -a
```


### `/etc/security/limits.conf`
add the following content:

```
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
# Server settings for a LXD production setup
#
# Maximum number of open files
* soft nofile 1048576
# Maximum number of open files
* hard nofile 1048576
# Maximum number of open files
root soft nofile 1048576
# Maximum number of open files
root hard nofile 1048576
# Maximum locked-in-memory address space (KB)
* soft memlock unlimited
# Maximum locked-in-memory address space (KB)
* hard memlock unlimited
# Maximum locked-in-memory address space (KB), only need with bpf syscall supervision
root soft memlock unlimited
# Maximum locked-in-memory address space (KB), only need with bpf syscall supervision
root hard memlock unlimited
```

* `*` denotes the rest of the system users
* `soft` or `hard` is the limit type
* `nofile` item is utilized for limiting


### `/etc/sysctl.conf`
add the following content:

```
#
# Server settings for a LXD production setup
#
# Maximum number of concurrent asynchronous I/O operations
# (you might need to increase this limit further if you have
# a lot of workloads that use the AIO subsystem, for example, MySQL)
# fs.aio-max-nr = 524288 # default recommend
fs.aio-max-nr = 1048576
# Upper limit on the number of events that can be queued to
# the corresponding inotify instance (see inotify)
fs.inotify.max_queued_events = 1048576
# Upper limit on the number of inotify instances that
# can be created per real user ID (see inotify)
fs.inotify.max_user_instances = 1048576
# Upper limit on the number of watches that can be
# created per real user ID (see inotify)
fs.inotify.max_user_watches = 1048576
# Whether to deny container access to the messages in the kernel
# ring buffer (note that this will also deny access to non-root users on the host system)
kernel.dmesg_restrict = 1
# Maximum size of the key ring that non-root users can use
kernel.keys.maxbytes = 2000000
# Maximum number of keys that a non-root user can use
# (the value should be higher than the number of instances)
kernel.keys.maxkeys = 2000
# Limit on the size of eBPF JIT allocations (on kernels < 5.15
# that are compiled with CONFIG_BPF_JIT_ALWAYS_ON=y,
# this value might limit the amount of instances that can be created)
net.core.bpf_jit_limit = 1000000000
# Maximum number of entries in the IPv4 ARP table
# (increase this value if you plan to create over 1024 instances -
# otherwise, you will get the error neighbour: ndisc_cache: neighbor
# table overflow! when the ARP table gets full and the instances
# cannot get a network configuration; see ip-sysctl)
net.ipv4.neigh.default.gc_thresh3 = 8192
# Maximum number of entries in IPv6 ARP table
# (increase this value if you plan to create over 1024 instances -
# otherwise, you will get the error neighbour: ndisc_cache:
# neighbor table overflow! when the ARP table gets full
# and the instances cannot get a network configuration; see ip-sysctl)
net.ipv6.neigh.default.gc_thresh3 = 8192
# Maximum number of memory map areas a process may have
# (memory map areas are used as a side-effect of calling malloc,
# directly by mmap and mprotect, and also when loading shared libraries)
vm.max_map_count = 262144
```


To activate the new setting, run the following command:
```shell
$ sudo sysctl -p /etc/sysctl.conf
```

### Reference
* [Server settings for a LXD production setup](https://documentation.ubuntu.com/lxd/en/latest/reference/server_settings/#server-settings)

0 comments on commit a21fa12

Please sign in to comment.