Server configuration¶
The LXD server can be configured through a set of key/value configuration options.
You can configure a server option with the following command:
lxc config set <key> <value>
If the LXD server is part of a cluster, some of the options apply to the cluster, while others apply only to the local server, thus the cluster member.
Options marked with a global scope in the following tables are immediately applied to all cluster members.
Options with a local scope must be set on a per-member basis.
To do so, add the --target flag to the lxc config set command.
The key/value configuration is namespaced. The following options are available:
Core configuration¶
The following server options control the core daemon configuration:
Key |
Type |
Scope |
Default |
Description |
|---|---|---|---|---|
|
string |
local |
- |
Address to bind the BGP server to (BGP) |
|
string |
global |
- |
The BGP Autonomous System Number to use for the local server |
|
string |
local |
- |
A unique identifier for this BGP server (formatted as an IPv4 address) |
|
string |
local |
- |
Address to bind the |
|
string |
local |
- |
Address to bind the authoritative DNS server to (DNS) |
|
string |
local |
- |
Address to bind for the remote API (HTTPS) |
|
bool |
global |
- |
Whether to set the |
|
string |
global |
- |
|
|
string |
global |
- |
|
|
string |
global |
- |
|
|
string |
global |
- |
Comma-separated list of IP addresses of trusted servers to provide the client’s address through the proxy connection header |
|
string |
global |
- |
Address to bind the metrics server to (HTTPS) |
|
bool |
global |
|
Whether to enforce authentication on the metrics endpoint |
|
string |
global |
- |
HTTPS proxy to use, if any (falls back to |
|
string |
global |
- |
HTTP proxy to use, if any (falls back to |
|
string |
global |
- |
Hosts that don’t need the proxy (similar format to |
|
string |
global |
- |
Time after which a remote add token expires (defaults to no expiry) |
|
integer |
global |
|
Number of minutes to wait for running operations to complete before the LXD server shuts down |
|
bool |
global |
- |
Whether to automatically trust clients signed by the CA |
|
string |
global |
- |
Password to be provided by clients to set up a trust |
Candid and RBAC configuration¶
The following server options configure external user authentication, through Candid-based authentication or through Role Based Access Control (RBAC):
Key |
Type |
Scope |
Default |
Description |
|---|---|---|---|---|
|
string |
global |
- |
Public key of the Candid server (required for HTTP-only servers) |
|
string |
global |
- |
URL of the external authentication endpoint using Candid |
|
string |
global |
- |
Comma-separated list of allowed Candid domains (empty string means all domains are valid) |
|
integer |
global |
|
Candid macaroon expiry in seconds |
|
string |
global |
- |
Private key of the Candid agent as provided during RBAC registration |
|
string |
global |
- |
Public key of the Candid agent as provided during RBAC registration |
|
string |
global |
- |
URL of the Candid agent as provided during RBAC registration |
|
string |
global |
- |
User name of the Candid agent as provided during RBAC registration |
|
integer |
global |
- |
RBAC macaroon expiry in seconds |
|
string |
global |
- |
Public key of the RBAC server (required for HTTP-only servers) |
|
string |
global |
- |
URL of the external RBAC server |
Cluster configuration¶
The following server options control Clustering:
Key |
Type |
Scope |
Default |
Description |
|---|---|---|---|---|
|
string |
local |
- |
Address to use for clustering traffic |
|
integer |
global |
|
Minimal number of cluster members with a copy of a particular image (set to |
|
string |
global |
|
Time after which a cluster join token expires |
|
integer |
global |
|
Maximum number of cluster members that are assigned the database stand-by role (must be between |
|
integer |
global |
|
Maximum number of cluster members that are assigned the database voter role (must be an odd number >= |
|
integer |
global |
|
Number of seconds after which an unresponsive member is considered offline |
Images configuration¶
The following server options configure how to handle Images:
Key |
Type |
Scope |
Default |
Description |
|---|---|---|---|---|
|
bool |
global |
|
Whether to automatically update any image that LXD caches |
|
integer |
global |
|
Interval (in hours) at which to look for updates to cached images ( |
|
string |
global |
|
Compression algorithm to use for new images ( |
|
string |
- |
- |
Default architecture to use in a mixed-architecture cluster |
|
integer |
global |
|
Number of days after which an unused cached remote image is flushed |
Miscellaneous options¶
The following server options configure server-specific settings for Instances, MAAS integration, OVN integration, Backups and Storage:
Key |
Type |
Scope |
Default |
Description |
|---|---|---|---|---|
|
string |
global |
|
Compression algorithm to use for new images ( |
|
string |
global |
- |
API key to manage MAAS |
|
string |
global |
- |
URL of the MAAS server |
|
string |
local |
host name |
Name of this LXD host in MAAS |
|
string |
global |
|
OVS integration bridge to use for OVN networks |
|
string |
global |
|
OVN northbound database connection string |
|
string |
local |
- |
Volume to use to store the backup tarballs (syntax is |
|
string |
local |
- |
Volume to use to store the image tarballs (syntax is |