How to configure network throughput limit per container instead of changing the profile?

rosmul · July 11, 2018, 6:52pm

I am following Stephane Graber’s tutorial series and I want to limit the throughput for eth0 on one container.

The example in the tutorial is by altering the profile: https://stgraber.org/2016/03/26/lxd-2-0-resource-control-412/ (under Network I/O).

How can I do it for that container only without modifying a profile? What I’ve tried:

$ lxc config device set above-basilisk eth0 limits.ingress 25mbit
error: The device doesn't exist

It does exist though:

$ lxc config show above-basilisk --expanded
architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 16.04 LTS amd64 (release) (20180703)
  image.label: release
  image.os: ubuntu
  image.release: xenial
  image.serial: "20180703"
  image.version: "16.04"
  volatile.base_image: f2228450779fee27020d6024af587379b8f51062c32a335327f2b028c924bfa1
  volatile.eth0.hwaddr: 00:16:3e:b2:b9:78
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.power: RUNNING
devices:
  eth0:
    nictype: bridged
    parent: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

Why am I unable to configure it then?

adosztal · July 14, 2018, 11:29am

Looks strange indeed. I can reproduce it on my box, though I can add the limit when editing the container with lxc config edit. (The only difference is that I set it for eth1.)

This is how it looks after that:

adosztal@lxd1:~$ lxc config show test
[...]
devices:
  eth1:
    limits.ingress: 25mbit
    name: eth1
    nictype: bridged
    parent: lxdbr0
    type: nic
[...]

Furthermore, I can’t even remove this setting from the CLI (but can be done with lxc config edit as well):

adosztal@lxd1:~$ lxc config device remove test eth1 limits.ingress 25mbit
Error: The device doesn't exist

I’m running version 3.0.1 on Ubuntu Bionic Server.

stgraber · July 17, 2018, 9:04pm

The device exists as part of a profile your container has, not as part of the container itself.
If running a recent version of LXD you may have the lxc config override command that will do the right thing for you.

Otherwise, you need to override the device by adding one with lxc config device add with the same name and same properties + the property you’re adding.

Same goes with lxc config device remove, you can’t remove a device which isn’t directly owned by the container. To prevent the container from inheriting it, you can do lxc config device add CONTAINER DEVICE none which will effectively add an empty device on top to mask it.