setting key "vm.max_map_count": Read-only file system

naisanza

Member
Aug 11, 2016
31
1
6
I'm running into the same issue as https://github.com/elastic/elasticsearch/issues/19458 when running Elasticsearch in Ubuntu 16.04 LXD

It was solved here: https://github.com/lxc/lxd/issues/2206#issuecomment-236393880

But I was hoping Proxmox to have dealt with all of these issues

What are your recommended steps forward?


Elasticsearch 5.0.0 Alpha5 bootstrap check failure:

Code:
Suppressed: java.lang.IllegalStateException: max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]
Unable to set vm.max_map_count key inside container:

Code:
root@Elasticsearch-500-alpha5:~# sysctl -w vm.max_map_count=262144
sysctl: setting key "vm.max_map_count": Read-only file system
 
Last edited:

Stefan Wienert

New Member
Feb 8, 2017
2
0
1
36
I fixed that issue by doing the sysctl write on the host node where proxmox is running. The running lxc container received the same kernel settings.
 

Stefan Wienert

New Member
Feb 8, 2017
2
0
1
36
I ran the sysctl command on the Proxmox host node:

sysctl -w vm.max_map_count=262144

All my containers then also had this setting (Don't remember if I had to restart container or not).

To survive a reboot, one also needs to change the setting in /etc/sysctl.conf, just append "vm.max_map_count=262144" to the file.
 

Blais

New Member
Mar 28, 2017
23
0
1
Thanks.

I found another solution, I done this below and it works.
Code:
cat /var/lib/lxc/LXC-ID/config
[...]
lxc.aa_profile = unconfined
lxc.mount.entry=/proc/sys/vm proc/sys/vm proc bind,rw 0 0
 

fabian

Proxmox Staff Member
Staff member
Jan 7, 2016
3,390
523
113
Thanks.

I found another solution, I done this below and it works.
Code:
cat /var/lib/lxc/LXC-ID/config
[...]
lxc.aa_profile = unconfined
lxc.mount.entry=/proc/sys/vm proc/sys/vm proc bind,rw 0 0
if you do this, people with access to your container can really mess up your whole system. don't disable security mechanisms if you don't know what you are doing.
 

Blais

New Member
Mar 28, 2017
23
0
1
Sure,

I done this temporary, just for that Elasticsearch configure itself correctly. When you stop and start a CT with pve web interface, this option disapear, fortunately, option is not persistent in this file.
 

mlanner

Member
Apr 1, 2009
184
1
18
Berkeley, CA
@Stefan Wienert I've tried setting the `max_map_count` on the host but it doesn't work. I've successfully done the same on Docker hosts in the past in order to run ELK. I'm running PVE5 now. Is this method still working for you?

@fabian Any ideas?
 

fabian

Proxmox Staff Member
Staff member
Jan 7, 2016
3,390
523
113
@Stefan Wienert I've tried setting the `max_map_count` on the host but it doesn't work. I've successfully done the same on Docker hosts in the past in order to run ELK. I'm running PVE5 now. Is this method still working for you?

@fabian Any ideas?

Code:
root@host:/ # sysctl  vm/max_map_count
vm.max_map_count = 65530
root@host:/ #  sysctl -w vm.max_map_count=262144
vm.max_map_count = 262144
root@host:/ #  sysctl vm/max_map_count
vm.max_map_count = 262144

root@host:/ # pct enter 123
root@ct:/# sysctl vm/max_map_count
vm.max_map_count = 262144
root@ct:/#
(unprivileged container with default AppArmor restrictions!)
 

mlanner

Member
Apr 1, 2009
184
1
18
Berkeley, CA
@fabian First, thanks for the quick response, Second, sorry, I should've been more clear in my question. I also get the correct output/settings, like what you showed in your example. What I should've asked is if there was anything in addition to that I need to do to get ELK 5.x running. As it is, Elasticsearch doesn't start in the container and with no useful logging to give me clues. I have no problem running Elasticsearch in a VM. However, due to resource constraints, overhead, speed and it being part of an on-demand build system, I greatly prefer containers to VMs.

On your comment about 'unprivileged container', I'm a bit confused about the default settings around 'unprivileged' containers in Proxmox, but I guess I'll open a separate topic for that.
 

fabian

Proxmox Staff Member
Staff member
Jan 7, 2016
3,390
523
113
@fabian First, thanks for the quick response, Second, sorry, I should've been more clear in my question. I also get the correct output/settings, like what you showed in your example. What I should've asked is if there was anything in addition to that I need to do to get ELK 5.x running. As it is, Elasticsearch doesn't start in the container and with no useful logging to give me clues. I have no problem running Elasticsearch in a VM. However, due to resource constraints, overhead, speed and it being part of an on-demand build system, I greatly prefer containers to VMs.

On your comment about 'unprivileged container', I'm a bit confused about the default settings around 'unprivileged' containers in Proxmox, but I guess I'll open a separate topic for that.
sorry, misunderstood you there. I have no experience with that piece of software whatsoever - maybe you can get some hints on how to get debug logging enabled from their documentation / support channels / ... ?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!