How to set sysctl on HostOS for entire fleet permanently?

Product support
4

I’m running single container, but that shouldn’t matter, these kernel settings should be available in any of your containers. Here’s my output from inside the container, but I get the same result if I do it on the host OS:

root@b1de590:~# sysctl net.core
net.core.bpf_jit_enable = 1
net.core.bpf_jit_harden = 0
net.core.bpf_jit_kallsyms = 1
net.core.bpf_jit_limit = 132942659584
net.core.busy_poll = 0
net.core.busy_read = 0
net.core.default_qdisc = fq_codel
net.core.dev_weight = 64
net.core.dev_weight_rx_bias = 1
net.core.dev_weight_tx_bias = 1
net.core.devconf_inherit_init_net = 0
net.core.fb_tunnels_only_for_init_net = 0
net.core.flow_limit_cpu_bitmap = 0
net.core.flow_limit_table_len = 4096
net.core.gro_normal_batch = 8
net.core.high_order_alloc_disable = 0
net.core.max_skb_frags = 17
net.core.message_burst = 10
net.core.message_cost = 5
net.core.netdev_budget = 300
net.core.netdev_budget_usecs = 8000
net.core.netdev_max_backlog = 1000
net.core.netdev_rss_key = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
net.core.netdev_tstamp_prequeue = 1
net.core.netdev_unregister_timeout_secs = 10
net.core.optmem_max = 20480
net.core.rmem_default = 212992
net.core.rmem_max = 3000000
net.core.rps_sock_flow_entries = 0
net.core.skb_defer_max = 64
net.core.somaxconn = 4096
net.core.tstamp_allow_data = 1
net.core.txrehash = 1
net.core.warnings = 0
net.core.wmem_default = 212992
net.core.wmem_max = 3000000
net.core.xfrm_acq_expires = 30
net.core.xfrm_aevent_etime = 10
net.core.xfrm_aevent_rseqth = 2
net.core.xfrm_larval_drop = 1

I’m also running privileged. Here’s my docker-compose.yml:

version: '2.1'
networks: {}
volumes:
  resin-data: {}
  udevdata:
    driver: local
    driver_opts:
      o: bind
      type: none
      device: /run/udev/data
  logs:
    driver_opts:
      type: tmpfs
      device: tmpfs
  tmpstorage:
    driver_opts:
      type: tmpfs
      device: tmpfs
services:
  main:
    build:
      context: .
      dockerfile: Dockerfile.arm64
    privileged: true
    tty: true
    environment:
      - 'DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socket'
    ports:
      - "22:22"
    expose: [22]
    restart: always
    network_mode: host
    volumes:
      - 'resin-data:/data'
      - 'udevdata:/run/udev/data'
      - 'logs:/tmp/DMXCore100Logs'
      - 'tmpstorage:/tmp/DMXCore100Temp'
    labels:
      io.resin.features.kernel-modules: '1'
      io.resin.features.firmware: '1'
      io.resin.features.dbus: '1'
      io.resin.features.supervisor-api: '1'
      io.resin.features.resin-api: '1'
1 Like