Server settings for a LXD production setup¶
To allow your LXD server to run a large number of instances, configure the following settings to avoid hitting server limits.
The Value
column contains the suggested value for each parameter.
/etc/security/limits.conf
¶
Note
For users of the snap, those limits are automatically raised.
Domain |
Type |
Item |
Value |
Default |
Description |
---|---|---|---|---|---|
|
soft |
|
|
unset |
Maximum number of open files |
|
hard |
|
|
unset |
Maximum number of open files |
|
soft |
|
|
unset |
Maximum number of open files |
|
hard |
|
|
unset |
Maximum number of open files |
|
soft |
|
|
unset |
Maximum locked-in-memory address space (KB) |
|
hard |
|
|
unset |
Maximum locked-in-memory address space (KB) |
|
soft |
|
|
unset |
Maximum locked-in-memory address space (KB), only need with |
|
hard |
|
|
unset |
Maximum locked-in-memory address space (KB), only need with |
/etc/sysctl.conf
¶
Note
Reboot the server after changing any of these parameters.
Parameter |
Value |
Default |
Description |
---|---|---|---|
|
|
|
Maximum number of concurrent asynchronous I/O operations (you might need to increase this limit further if you have a lot of workloads that use the AIO subsystem, for example, MySQL) |
|
|
|
Upper limit on the number of events that can be queued to the corresponding |
|
|
|
Upper limit on the number of |
|
|
|
Upper limit on the number of watches that can be created per real user ID (see |
|
|
|
Whether to deny container access to the messages in the kernel ring buffer (note that this will also deny access to non-root users on the host system) |
|
|
|
Maximum size of the key ring that non-root users can use |
|
|
|
Maximum number of keys that a non-root user can use (the value should be higher than the number of instances) |
|
|
varies |
Limit on the size of eBPF JIT allocations (on kernels < 5.15 that are compiled with |
|
|
|
Maximum number of entries in the IPv4 ARP table (increase this value if you plan to create over 1024 instances - otherwise, you will get the error |
|
|
|
Maximum number of entries in IPv6 ARP table (increase this value if you plan to create over 1024 instances - otherwise, you will get the error |
|
|
|
Maximum number of memory map areas a process may have (memory map areas are used as a side-effect of calling |