From 50d786e60c1399ab4b1d9141b20f59e7d394ad9a Mon Sep 17 00:00:00 2001 From: David Garcia Date: Mon, 30 Mar 2020 14:49:40 +0200 Subject: [PATCH] Add production setup to LXD This are the recommendations for LXD production setup: https://github.com/lxc/lxd/blob/master/doc/production-setup.md - Install LXD snap: the snap that already takes care of /etc/security/limits.conf - Use ZFS storage driver: It is much faster than "dir" - Apply sysctl recommended values Change-Id: Id3c83a34cd853155e795ff117520911514b19107 Signed-off-by: David Garcia --- installers/60-lxd-production.conf | 25 ++++++++++++++++++ installers/full_install_osm.sh | 24 ++++++++++------- installers/lxd-preseed.conf | 44 +++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 9 deletions(-) create mode 100644 installers/60-lxd-production.conf create mode 100644 installers/lxd-preseed.conf diff --git a/installers/60-lxd-production.conf b/installers/60-lxd-production.conf new file mode 100644 index 00000000..1d1194fd --- /dev/null +++ b/installers/60-lxd-production.conf @@ -0,0 +1,25 @@ +# Copyright 2020 Canonical Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Sysctl values for LXD in production +fs.inotify.max_queued_events=1048576 +fs.inotify.max_user_instances=1048576 +fs.inotify.max_user_watches=1048576 +vm.max_map_count=262144 +kernel.dmesg_restrict=1 +net.ipv4.neigh.default.gc_thresh3=8192 +net.ipv6.neigh.default.gc_thresh3=8192 +net.core.bpf_jit_limit=3000000000 +kernel.keys.maxkeys=2000 +kernel.keys.maxbytes=2000000 diff --git a/installers/full_install_osm.sh b/installers/full_install_osm.sh index d40782f8..9e4132ca 100755 --- a/installers/full_install_osm.sh +++ b/installers/full_install_osm.sh @@ -229,15 +229,21 @@ function FATAL(){ } function install_lxd() { - sudo apt-get update - sudo apt-get install -y lxd - newgrp lxd - lxd init --auto - lxd waitready - lxc network create lxdbr0 ipv4.address=auto ipv4.nat=true ipv6.address=none ipv6.nat=false + # Apply sysctl production values for optimal performance + sudo cp /usr/share/osm-devops/installers/60-lxd-production.conf /etc/sysctl.d/60-lxd-production.conf + sudo sysctl --system + + # Install LXD snap + sudo apt-get remove --purge -y liblxc1 lxc-common lxcfs lxd lxd-client + sudo snap install lxd --channel=3.0/stable + + # Configure LXD + sudo usermod -a -G lxd `whoami` + cat /usr/share/osm-devops/installers/lxd-preseed.conf | sg lxd -c "lxd init --preseed" + sg lxd -c "lxd waitready" DEFAULT_INTERFACE=$(route -n | awk '$1~/^0.0.0.0/ {print $8}') DEFAULT_MTU=$(ip addr show $DEFAULT_INTERFACE | perl -ne 'if (/mtu\s(\d+)/) {print $1;}') - lxc profile device set default eth0 mtu $DEFAULT_MTU + sg lxd -c "lxc profile device set default eth0 mtu $DEFAULT_MTU" #sudo systemctl stop lxd-bridge #sudo systemctl --system daemon-reload #sudo systemctl enable lxd-bridge @@ -356,7 +362,6 @@ function install_docker_compose() { function install_juju() { echo "Installing juju" sudo snap install juju --classic - [ -z "$INSTALL_NOLXD" ] && sudo dpkg-reconfigure -p medium lxd [[ ":$PATH": != *":/snap/bin:"* ]] && PATH="/snap/bin:${PATH}" echo "Finished installation of juju" return 0 @@ -870,7 +875,7 @@ function install_lightweight() { # if no host is passed in, we need to install lxd/juju, unless explicilty asked not to if [ -z "$OSM_VCA_HOST" ] && [ -z "$INSTALL_NOLXD" ]; then - need_packages_lw="lxd snapd" + need_packages_lw="snapd" echo -e "Checking required packages: $need_packages_lw" dpkg -l $need_packages_lw &>/dev/null \ || ! echo -e "One or several required packages are not installed. Updating apt cache requires root privileges." \ @@ -880,6 +885,7 @@ function install_lightweight() { || ! echo -e "Installing $need_packages_lw requires root privileges." \ || sudo apt-get install -y $need_packages_lw \ || FATAL "failed to install $need_packages_lw" + install_lxd fi track prereqok diff --git a/installers/lxd-preseed.conf b/installers/lxd-preseed.conf new file mode 100644 index 00000000..82ed8dc4 --- /dev/null +++ b/installers/lxd-preseed.conf @@ -0,0 +1,44 @@ +# Copyright 2020 Canonical Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +config: {} +networks: +- config: + ipv4.address: auto + ipv6.address: none + description: "" + managed: false + name: lxdbr0 + type: "" +storage_pools: +- config: + size: 100GB + description: "" + name: default + driver: zfs +profiles: +- config: {} + description: "" + devices: + eth0: + name: eth0 + nictype: bridged + parent: lxdbr0 + type: nic + root: + path: / + pool: default + type: disk + name: default +cluster: null -- 2.25.1