Hi,

Do you have suggestions for kernel tweaks for getting the most out of a RAM limited system?

I am running a service requiring 2GB of RAM (netbird) on a VPS which has just 1 GB of memory. I am doing so because I am a stingy bastard and I use only free VPSs for my personal use so I get what I am paying for.

Because of this hardware limit in about 12 hours from service start I begin swapping a bit too much. This would still be manageable but soon the hypervisor gets really pissed and steals up to 90% of the CPU. So the only solution so far is restarting the docker containers every 12 hours (not great, not terrible).

Looking to improve this, Iam now experimenting with ZRAM and swappiness and it seems some benefit can be achieved by using some of the Linux kernel feaures. Is there anything else I should look into?

  • aesir@lemmy.worldOP
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Thanks again, I will look into your suggestions, never heard of neither Talos, RKE or Burmila. Indeed I should also look if I can do in the containers. The problem is only this database “CockroachDB” which is extremely memory hungry, maybe I can change something there.

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      CockroachDB recommends at least 4GB of RAM according to their documentation, I don’t think you can shave that down to a nornal level.

      However, the CockroachDB dependency doesn’t seem to come from Netbird itself but from Zitadel. You can try using another identity provider listed here if you can find one that takes less RAM, or even use external services to handle auth for you. I can already tell you that Keycloak is quite resource hungry at times, but the entire thing seems to just do basic OAuth2 or OIDC authentication so there are plenty of lightweight alternatives.

      I’m not sure what your use case for Netbird is, but if you just want a peer to peer network and don’t care for the complex IdP integrations, Tailscale provides a similar peer to peer network and is much lighter on resources. You can use headscale to run the server and then use the official Tailscale clients to connect to it (the default setup will use Tailscale’s servers at least a little, but you can host everything yourself).

      • aesir@lemmy.worldOP
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Thanks, this is a really good point, I can try to replace the identity provider! I did not realized that cockroachDB was only a Zitadel requirement! There are many great alternatives for mesh VPNs, netmaker, nebula, and headscale as you mentioned and all of them are much lighter. I ended up hosting netbird as it is natively able to traverse my corporate NAT (maybe headscale could do it as well, I did not try it since I do not like having to configure registry keys on windows clients and losing the kernel wireguard speed on linux clients) .

    • forwardvoid@feddit.nl
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      CockroachDB is a clustered version of PostgreSQL you probably should be able to replace it with that. But running a full RDBMS with the resources you gave is not great. SQLite would be a better fit for the resources available if the tools you run support it.

      • aesir@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        One of the answers in this discussion made me realize that this database is required only by the identity provider which I can change from the default. Considering this is a far less essential dependency than I thought I will get rid of it completely.