[lxc-devel] [lxd/master] Recommend to increase the value of aio-max-nr for production use
freeekanayaka on Github
lxc-bot at linuxcontainers.org
Wed May 20 14:32:49 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 375 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200520/ba5effa7/attachment.bin>
-------------- next part --------------
From 208ad6f73d60d0b679e753cd0c007c75fff7e4ca Mon Sep 17 00:00:00 2001
From: Free Ekanayaka <free.ekanayaka at canonical.com>
Date: Wed, 20 May 2020 15:31:43 +0100
Subject: [PATCH] Recommend to increase the value of aio-max-nr for production
use
Signed-off-by: Free Ekanayaka <free.ekanayaka at canonical.com>
---
doc/production-setup.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/doc/production-setup.md b/doc/production-setup.md
index 37e78c4276..624800868b 100644
--- a/doc/production-setup.md
+++ b/doc/production-setup.md
@@ -46,6 +46,7 @@ net.ipv6.neigh.default.gc\_thresh3 | 8192 | 1024 | This is the maxim
net.core.bpf_jit_limit | 3000000000 | 264241152 | This is a limit on the size of eBPF JIT allocations which is usually set to PAGE_SIZE * 40000. When your kernel is compiled with `CONFIG_BPF_JIT_ALWAYS_ON=y` then `/proc/sys/net/core/bpf_jit_enable` is set to `1` and can't be changed. On such kernels the eBPF JIT compiler will treat failure to JIT compile a bpf program such as a `seccomp` filter as fatal when it would continue on another kernel. On such kernels the limit for eBPF jitted programs needs to be increased siginficantly.
kernel.keys.maxkeys | 2000 | 200 | This is the maximum number of keys a non-root user can use, should be higher than the number of containers
kernel.keys.maxbytes | 2000000 | 20000 | This is the maximum size of the keyring non-root users can use
+fs.aio-max-nr | 524288 | 65536 | This is the maximum number of concurrent async I/O operations. You might need to increase it further if you have a lot of workloads that use the AIO subsystem (e.g. MySQL)
Then, reboot the server.
More information about the lxc-devel
mailing list