Says: “For users of the snap, those limits are automatically raised.”
But if I open the file /etc/security/limits.conf, everything is commented out.
I am trying to set the proper settings for LXD, hence I assume I need to configure the host OS.
Am I assuming correctly or these need to be changed in the containers too?
If on the host, are the automatically raised values found somewhere else?
I usually apply these settings at host level, the ulimits configurations and also the sysctl ones. They are probably raised inside the snap filesystem (not visible on host due to snap mount namespacing)
Regarding those values for containers, you don’t need to apply them for your containers automatically (and you won’t be able to do it from the inside of your containers), but you can tweak them on a per-container basis depending on your use-cases using LXD command-line.
The snap doesn’t alter your host /etc/security/limits.conf but it directly raises those limits itself through ulimit calls during startup.
Thank you @ruskofd. What would be the lxd command for tweaking those settings?
Thank you @stgraber. Is there any command we can use to verify LXD is successfully setting those parameters the way we like them and/or to modify the settings?
If I wanted to submit a more detailed explanation for the documentation, is there a simpler way to contribute a few lines of text than the official way?
You can check the limits for any Linux process by looking through
In the case of LXD, that means
cat /proc/$(cat /var/snap/lxd/common/lxd.pid)/limits
For sysctl, these are the options :
linux.sysctl.* in Instance options - LXD documentation (linuxcontainers.org)
lxc config <set/override> mycontainer linux.sysctl.net.ipv4.ip_forward=1
For ulimits, these are the options : Instance options - LXD documentation (linuxcontainers.org)
lxc config <set/override> mycontainer limits.kernel.nofile=65535
You can also use these in profiles.