Question on setting limits on processes within LXD container

https://trino.io/docs/current/installation/deployment.html

according to this software, Trino, instructions… I need to set something in /etc/security/limits.conf

if I set this within and LXD container… is it required I also set it at the host level?? I use juju so was going to edit the containers file but thinking it might require me to fiddle with the host level?

trino soft nofile 131072
trino hard nofile 131072

If you need this to lower the current limit, then you can just do it inside of the container and it will be fine.

if you need it to be higher than what a container gets by default, then you’d need to first bump the matching limits.kernel.* key in LXD before being able to set limits inside of the container through /etc/security/limits.conf

1 Like

awesome… I had a hunch there was something going on here and I need to come checkin with LXD…

in my host the security file is totally commented out , but when i search for limits.kernel.* nothing came up

$ find / -name 'limits.kernel.*' 2>/dev/null
$ 

EDIT:

another question, I am attempting to install a .deb file and saw this warning… seems to have otherwise installed…

: Download is performed unsandboxed as root as file '/home/ubuntu/trino/zulu17.36.17-ca-jdk17.0.4.1-linux_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

I guess I will continue and if I hit some odd behavior I’ll double back… THANK YOU!

That’s most likely because the uid/gid of _apt is outside of what’s made available to containers.
Not something to really worry about. If it was causing failures, it’s something you could try to tweak through raw.idmap.

1 Like