-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[posts] new : lxd-server-settings-for-production
- Loading branch information
1 parent
7cc32f4
commit a21fa12
Showing
3 changed files
with
228 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
--- | ||
layout : post | ||
title : "LXD Cluster" | ||
categories : [ubuntu, lxd] | ||
published : false | ||
--- | ||
|
||
|
||
### Reference | ||
* [btrfs](https://help.ubuntu.com/community/btrfs) | ||
|
||
* [How To Create Snapshots And Restore Your Linux System Using Btrfs](https://www.unixmen.com/snapshots-and-restore-linux-system-using-btrfs/) | ||
|
||
* [How to manage apt-btrfs-snapshot snapshots on Ubuntu](https://moritzmolch.com/blog/2506.html) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
--- | ||
layout : post | ||
title : "LXD Cluster" | ||
categories : [ubuntu, lxd] | ||
published : false | ||
--- | ||
|
||
|
||
|
||
|
||
``` | ||
Error: Get "http://unix.socket/1.0": dial unix /var/snap/lxd/common/lxd/unix.socket: connect: connection refused | ||
sudo apt install sqlite3 | ||
sudo sqlite3 /var/snap/lxd/common/lxd/database/local.db | ||
sqlite> .tables | ||
certificates config patches raft_nodes schema | ||
sqlite> select * from schema | ||
...> ; | ||
1|42|1689933924 | ||
2|43|1690431075 | ||
sqlite> delete from schema where id =2; | ||
sqlite> select * from schema; | ||
1|42|1689933924 | ||
sqlite> select * from raft_nodes; | ||
1|10.10.10.13:8443|0|server03 | ||
2|10.10.10.11:8443|1|server01 | ||
sqlite> delete from raft_nodes where id =2; | ||
sqlite> select * from raft_nodes; | ||
1|10.10.10.13:8443|0|server03 | ||
$ sudo snap start lxd | ||
``` | ||
|
||
### Error: Error creating database: schema version '40' is more recent than expected '39' | ||
|
||
|
||
|
||
### [Managing the LXD snap](https://discuss.linuxcontainers.org/t/managing-the-lxd-snap/8178) | ||
|
||
LXD clusters must all run the same LXD version. | ||
|
||
https://discuss.linuxcontainers.org/t/snap-fix-channel/9725 | ||
|
||
snap switch lxd --channel=latest/stable | ||
|
||
sudo snap refresh lxd | ||
|
||
|
||
sudo snap install lxd --channel=latest/stable | ||
|
||
snap refresh lxd --channel=latest/stable | ||
|
||
To manually trigger a refresh on a cluster member and ensure that all cluster members are refreshing using the same phasing cohort, and thus get the same version, use: | ||
|
||
|
||
sudo journalctl -u snap.lxd.daemon.service -f -n200 | ||
|
||
Production server: | ||
|
||
* Use the latest/stable channel if you need the latest features and can specify a frequent refresh window. | ||
* Use a snap refresh --hold lxd if you want to avoid the automatic release upgrade and have time to do manage the refresh cycle manually to ensure you get updates. | ||
* Use an $LTS/stable channel if you don’t need any of the features that were added since the last LTS release but still want bug fixes and security updates. | ||
* Set a refresh window to match your system maintenance window. | ||
|
||
|
||
### Reference | ||
* [Unable to complete LXD cluster node rename](https://discuss.linuxcontainers.org/t/unable-to-complete-lxd-cluster-node-rename/14723) | ||
|
||
* [Can't lxc list, no unix.socket connection refused](https://github.com/canonical/lxd/issues/5423) | ||
|
||
* [[SOLVED] LXD 3.18 Stopped working: unix.socket: connect: connection refused](https://discuss.linuxcontainers.org/t/solved-lxd-3-18-stopped-working-unix-socket-connect-connection-refused/6201) | ||
|
||
* [Wrong scheme version after upgrade](https://github.com/canonical/lxd/issues/3465) | ||
|
||
* [LXD Failed Cluster Upgrade - unable to update some nodes ](https://discuss.linuxcontainers.org/t/lxd-failed-cluster-upgrade-unable-to-update-some-nodes/7509) |
125 changes: 125 additions & 0 deletions
125
_posts/2023-08-03-lxd-server-settings-for-production.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
--- | ||
layout : post | ||
title : "Server settings for a LXD production setup" | ||
categories : [ubuntu, lxd] | ||
published : true | ||
--- | ||
|
||
see a list of all your user’s limits on the system | ||
``` | ||
$ ulimit -a | ||
``` | ||
|
||
|
||
### `/etc/security/limits.conf` | ||
add the following content: | ||
|
||
``` | ||
#Each line describes a limit for a user in the form: | ||
# | ||
#<domain> <type> <item> <value> | ||
# | ||
# Server settings for a LXD production setup | ||
# | ||
# Maximum number of open files | ||
* soft nofile 1048576 | ||
# Maximum number of open files | ||
* hard nofile 1048576 | ||
# Maximum number of open files | ||
root soft nofile 1048576 | ||
# Maximum number of open files | ||
root hard nofile 1048576 | ||
# Maximum locked-in-memory address space (KB) | ||
* soft memlock unlimited | ||
# Maximum locked-in-memory address space (KB) | ||
* hard memlock unlimited | ||
# Maximum locked-in-memory address space (KB), only need with bpf syscall supervision | ||
root soft memlock unlimited | ||
# Maximum locked-in-memory address space (KB), only need with bpf syscall supervision | ||
root hard memlock unlimited | ||
``` | ||
|
||
* `*` denotes the rest of the system users | ||
* `soft` or `hard` is the limit type | ||
* `nofile` item is utilized for limiting | ||
|
||
|
||
### `/etc/sysctl.conf` | ||
add the following content: | ||
|
||
``` | ||
# | ||
# Server settings for a LXD production setup | ||
# | ||
# Maximum number of concurrent asynchronous I/O operations | ||
# (you might need to increase this limit further if you have | ||
# a lot of workloads that use the AIO subsystem, for example, MySQL) | ||
# fs.aio-max-nr = 524288 # default recommend | ||
fs.aio-max-nr = 1048576 | ||
# Upper limit on the number of events that can be queued to | ||
# the corresponding inotify instance (see inotify) | ||
fs.inotify.max_queued_events = 1048576 | ||
# Upper limit on the number of inotify instances that | ||
# can be created per real user ID (see inotify) | ||
fs.inotify.max_user_instances = 1048576 | ||
# Upper limit on the number of watches that can be | ||
# created per real user ID (see inotify) | ||
fs.inotify.max_user_watches = 1048576 | ||
# Whether to deny container access to the messages in the kernel | ||
# ring buffer (note that this will also deny access to non-root users on the host system) | ||
kernel.dmesg_restrict = 1 | ||
# Maximum size of the key ring that non-root users can use | ||
kernel.keys.maxbytes = 2000000 | ||
# Maximum number of keys that a non-root user can use | ||
# (the value should be higher than the number of instances) | ||
kernel.keys.maxkeys = 2000 | ||
# Limit on the size of eBPF JIT allocations (on kernels < 5.15 | ||
# that are compiled with CONFIG_BPF_JIT_ALWAYS_ON=y, | ||
# this value might limit the amount of instances that can be created) | ||
net.core.bpf_jit_limit = 1000000000 | ||
# Maximum number of entries in the IPv4 ARP table | ||
# (increase this value if you plan to create over 1024 instances - | ||
# otherwise, you will get the error neighbour: ndisc_cache: neighbor | ||
# table overflow! when the ARP table gets full and the instances | ||
# cannot get a network configuration; see ip-sysctl) | ||
net.ipv4.neigh.default.gc_thresh3 = 8192 | ||
# Maximum number of entries in IPv6 ARP table | ||
# (increase this value if you plan to create over 1024 instances - | ||
# otherwise, you will get the error neighbour: ndisc_cache: | ||
# neighbor table overflow! when the ARP table gets full | ||
# and the instances cannot get a network configuration; see ip-sysctl) | ||
net.ipv6.neigh.default.gc_thresh3 = 8192 | ||
# Maximum number of memory map areas a process may have | ||
# (memory map areas are used as a side-effect of calling malloc, | ||
# directly by mmap and mprotect, and also when loading shared libraries) | ||
vm.max_map_count = 262144 | ||
``` | ||
|
||
|
||
To activate the new setting, run the following command: | ||
```shell | ||
$ sudo sysctl -p /etc/sysctl.conf | ||
``` | ||
|
||
### Reference | ||
* [Server settings for a LXD production setup](https://documentation.ubuntu.com/lxd/en/latest/reference/server_settings/#server-settings) |