From e5126c8c0b5f2c35a96b62af21f49ca4bc7ec390 Mon Sep 17 00:00:00 2001 From: mwiegand Date: Sat, 9 May 2026 10:15:45 +0200 Subject: [PATCH] docs(deploy): tighten perf-tuning escape hatches - RT example: add AmbientCapabilities=CAP_SYS_NICE so the User=left4me service can actually enter SCHED_FIFO on Trixie. - CPU governor: note that linux-cpupower may need apt install. - CPUAffinity=2: clarify that per-instance values typically increment. - NIC tuning: note that ethtool may need apt install. --- deploy/README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/deploy/README.md b/deploy/README.md index f890a23..37f1575 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -86,6 +86,8 @@ The performance governor squeezes a few percent off jitter under bursty load. `s sudo cpupower frequency-set -g performance ``` +Install via `sudo apt install linux-cpupower` if the binary isn't present. + Persist via your distro's CPU-frequency tooling (e.g. `/etc/default/cpufrequtils`). ### Per-instance CPU affinity @@ -97,11 +99,13 @@ Persist via your distro's CPU-frequency tooling (e.g. `/etc/default/cpufrequtils CPUAffinity=2 ``` +This pins the instance to CPU 2 specifically; per-instance values would typically be 1, 2, 3, ... so each server has its own core. + A reasonable strategy on an N-core host: leave core 0 for the kernel + IRQs + system services, then pin one instance per remaining core. ### NIC tuning -Hardware-specific. On a host with a single primary interface (replace `eth0`): +Hardware-specific (install via `sudo apt install ethtool` if not present). On a host with a single primary interface (replace `eth0`): ```sh sudo ethtool -G eth0 rx 4096 tx 4096 @@ -121,8 +125,11 @@ Source-engine servers do not need real-time scheduling, and a misbehaving `srcds CPUSchedulingPolicy=fifo CPUSchedulingPriority=10 LimitRTPRIO=10 +AmbientCapabilities=CAP_SYS_NICE ``` +The `AmbientCapabilities=CAP_SYS_NICE` line is needed because the service runs as `User=left4me` with `NoNewPrivileges=true`; without it some kernels/systemd combinations refuse to apply the RT policy. + ### Applying changes to running servers Unit-file changes do not apply to already-running services. After any change: