setting key "vm.max_map_count": Read-only file system

naisanza

Member
Aug 11, 2016
31
1
6
I'm running into the same issue as https://github.com/elastic/elasticsearch/issues/19458 when running Elasticsearch in Ubuntu 16.04 LXD

It was solved here: https://github.com/lxc/lxd/issues/2206#issuecomment-236393880

But I was hoping Proxmox to have dealt with all of these issues

What are your recommended steps forward?


Elasticsearch 5.0.0 Alpha5 bootstrap check failure:

Code:
Suppressed: java.lang.IllegalStateException: max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]

Unable to set vm.max_map_count key inside container:

Code:
root@Elasticsearch-500-alpha5:~# sysctl -w vm.max_map_count=262144
sysctl: setting key "vm.max_map_count": Read-only file system
 
Last edited:
I fixed that issue by doing the sysctl write on the host node where proxmox is running. The running lxc container received the same kernel settings.
 
I ran the sysctl command on the Proxmox host node:

sysctl -w vm.max_map_count=262144

All my containers then also had this setting (Don't remember if I had to restart container or not).

To survive a reboot, one also needs to change the setting in /etc/sysctl.conf, just append "vm.max_map_count=262144" to the file.
 
Thanks.

I found another solution, I done this below and it works.
Code:
cat /var/lib/lxc/LXC-ID/config
[...]
lxc.aa_profile = unconfined
lxc.mount.entry=/proc/sys/vm proc/sys/vm proc bind,rw 0 0
 
Thanks.

I found another solution, I done this below and it works.
Code:
cat /var/lib/lxc/LXC-ID/config
[...]
lxc.aa_profile = unconfined
lxc.mount.entry=/proc/sys/vm proc/sys/vm proc bind,rw 0 0

if you do this, people with access to your container can really mess up your whole system. don't disable security mechanisms if you don't know what you are doing.
 
Sure,

I done this temporary, just for that Elasticsearch configure itself correctly. When you stop and start a CT with pve web interface, this option disapear, fortunately, option is not persistent in this file.
 
@Stefan Wienert I've tried setting the `max_map_count` on the host but it doesn't work. I've successfully done the same on Docker hosts in the past in order to run ELK. I'm running PVE5 now. Is this method still working for you?

@fabian Any ideas?
 
@Stefan Wienert I've tried setting the `max_map_count` on the host but it doesn't work. I've successfully done the same on Docker hosts in the past in order to run ELK. I'm running PVE5 now. Is this method still working for you?

@fabian Any ideas?


Code:
root@host:/ # sysctl  vm/max_map_count
vm.max_map_count = 65530
root@host:/ #  sysctl -w vm.max_map_count=262144
vm.max_map_count = 262144
root@host:/ #  sysctl vm/max_map_count
vm.max_map_count = 262144

root@host:/ # pct enter 123
root@ct:/# sysctl vm/max_map_count
vm.max_map_count = 262144
root@ct:/#

(unprivileged container with default AppArmor restrictions!)
 
@fabian First, thanks for the quick response, Second, sorry, I should've been more clear in my question. I also get the correct output/settings, like what you showed in your example. What I should've asked is if there was anything in addition to that I need to do to get ELK 5.x running. As it is, Elasticsearch doesn't start in the container and with no useful logging to give me clues. I have no problem running Elasticsearch in a VM. However, due to resource constraints, overhead, speed and it being part of an on-demand build system, I greatly prefer containers to VMs.

On your comment about 'unprivileged container', I'm a bit confused about the default settings around 'unprivileged' containers in Proxmox, but I guess I'll open a separate topic for that.
 
@fabian First, thanks for the quick response, Second, sorry, I should've been more clear in my question. I also get the correct output/settings, like what you showed in your example. What I should've asked is if there was anything in addition to that I need to do to get ELK 5.x running. As it is, Elasticsearch doesn't start in the container and with no useful logging to give me clues. I have no problem running Elasticsearch in a VM. However, due to resource constraints, overhead, speed and it being part of an on-demand build system, I greatly prefer containers to VMs.

On your comment about 'unprivileged container', I'm a bit confused about the default settings around 'unprivileged' containers in Proxmox, but I guess I'll open a separate topic for that.

sorry, misunderstood you there. I have no experience with that piece of software whatsoever - maybe you can get some hints on how to get debug logging enabled from their documentation / support channels / ... ?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!