Server configuration¶

The LXD server can be configured through a set of key/value configuration options.

The key/value configuration is namespaced. The following options are available:

Core configuration
ACME configuration
OpenID Connect configuration
Cluster configuration
Images configuration
Loki configuration
Miscellaneous options

See How to configure the LXD server for instructions on how to set the configuration options.

Note

Options marked with a global scope are immediately applied to all cluster members. Options with a local scope must be set on a per-member basis.

Core configuration¶

The following server options control the core daemon configuration:

⤋⤊

core.bgp_address

Address to bind the BGP server to

core.bgp_asn

BGP Autonomous System Number for the local server

core.bgp_routerid

A unique identifier for the BGP server

core.debug_address

Address to bind the pprof debug server to (HTTP)

core.dns_address

Address to bind the authoritative DNS server to

core.https_address

Address to bind for the remote API (HTTPS)

core.https_allowed_credentials

Whether to set Access-Control-Allow-Credentials

core.https_allowed_headers

Access-Control-Allow-Headers HTTP header value

core.https_allowed_methods

Access-Control-Allow-Methods HTTP header value

core.https_allowed_origin

Access-Control-Allow-Origin HTTP header value

core.https_trusted_proxy

Trusted servers to provide the client’s address

core.metrics_address

Address to bind the metrics server to (HTTPS)

core.metrics_authentication

Whether to enforce authentication on the metrics endpoint

core.proxy_http

HTTP proxy to use

core.proxy_https

HTTPS proxy to use

core.proxy_ignore_hosts

Hosts that don’t need the proxy

core.remote_token_expiry

Time after which a remote add token expires

core.shutdown_timeout

How long to wait before shutdown

core.storage_buckets_address

Address to bind the storage object server to (HTTPS)

core.syslog_socket

Whether to enable the syslog unixgram socket listener

core.trust_ca_certificates

Whether to automatically trust clients signed by the CA

ACME configuration¶

The following server options control the ACME configuration:

⤋⤊

acme.agree_tos

Agree to ACME terms of service

acme.ca_url

URL to the directory resource of the ACME service

acme.domain

Domain for which the certificate is issued

acme.email

Email address used for the account registration

OpenID Connect configuration¶

The following server options configure external user authentication through OpenID Connect authentication:

⤋⤊

oidc.audience

Expected audience value for the application

oidc.client.id

OpenID Connect client ID

oidc.groups.claim

A claim used for mapping identity provider groups to LXD groups.

oidc.issuer

OpenID Connect Discovery URL for the provider

oidc.scopes

Space-separated list of OpenID Connect scopes

Cluster configuration¶

The following server options control Clustering:

⤋⤊

cluster.healing_threshold

Threshold when to evacuate an offline cluster member

cluster.https_address

Address to use for clustering traffic

cluster.images_minimal_replica

Number of cluster members that replicate an image

cluster.join_token_expiry

Time after which a cluster join token expires

cluster.max_standby

Number of database stand-by members

cluster.max_voters

Number of database voter members

cluster.offline_threshold

Threshold when an unresponsive member is considered offline

Images configuration¶

The following server options configure how to handle Images:

⤋⤊

images.auto_update_cached

Whether to automatically update cached images

images.auto_update_interval

Interval at which to look for updates to cached images

images.compression_algorithm

Compression algorithm to use for new images

images.default_architecture

Default architecture to use in a mixed-architecture cluster

images.remote_cache_expiry

When an unused cached remote image is flushed

Loki configuration¶

The following server options configure the external log aggregation system:

⤋⤊

loki.api.ca_cert

CA certificate for the Loki server

loki.api.url

URL to the Loki server

loki.auth.password

Password used for Loki authentication

loki.auth.username

User name used for Loki authentication

loki.instance

Name to use as the instance field in Loki events.

loki.labels

Labels for a Loki log entry

loki.loglevel

Minimum log level to send to the Loki server

loki.types

Events to send to the Loki server

Miscellaneous options¶

The following server options configure server-specific settings for Instances, MAAS integration, OVN integration, Backups and Storage:

⤋⤊

backups.compression_algorithm

Compression algorithm to use for backups

instances.migration.stateful

Whether to set migration.stateful to true for the instances

instances.nic.host_name

How to set the host name for a NIC

instances.placement.scriptlet

Instance placement scriptlet for automatic instance placement

maas.api.key

API key to manage MAAS

maas.api.url

URL of the MAAS server

maas.machine

Name of this LXD host in MAAS

network.ovn.ca_cert

OVN SSL certificate authority

network.ovn.client_cert

OVN SSL client certificate

network.ovn.client_key

OVN SSL client key

network.ovn.integration_bridge

OVS integration bridge to use for OVN networks

network.ovn.northbound_connection

OVN northbound database connection string

storage.backups_volume

Volume to use to store backup tarballs

storage.images_volume

Volume to use to store the image tarballs

Key:	`core.https_allowed_credentials`
Type:	bool
Default:	`false`
Scope:	global

Key:	`core.metrics_authentication`
Type:	bool
Default:	`true`
Scope:	global

Key:	`core.remote_token_expiry`
Type:	string
Default:	no expiry
Scope:	global

Key:	`core.shutdown_timeout`
Type:	integer
Default:	`5`
Scope:	global

Key:	`core.syslog_socket`
Type:	bool
Default:	`false`
Scope:	local

Server configuration¶

Core configuration¶

ACME configuration¶

OpenID Connect configuration¶

Cluster configuration¶

Images configuration¶

Loki configuration¶

Miscellaneous options¶

Related topics¶