Merge "[libvirt] Handle cgroupv2 correctly"

2024-09-17 00:19:38 +00:00 · 2024-09-17 00:19:38 +00:00 · 36f37b3e7f
commit 36f37b3e7f
parent 4b7a0df803 3903f54d0c
4 changed files with 28 additions and 24 deletions
--- a/libvirt/Chart.yaml
+++ b/libvirt/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm libvirt
 name: libvirt
-version: 0.1.32
+version: 0.1.33
 home: https://libvirt.org
 sources:
  - https://libvirt.org/git/?p=libvirt.git;a=summary
--- a/libvirt/templates/bin/_libvirt.sh.tpl
+++ b/libvirt/templates/bin/_libvirt.sh.tpl
@ -53,16 +53,14 @@ if [[ -c /dev/kvm ]]; then
    chown root:kvm /dev/kvm
 fi

-if [ $CGROUP_VERSION != "v2" ]; then
-  #Setup Cgroups to use when breaking out of Kubernetes defined groups
-  CGROUPS=""
-  for CGROUP in cpu rdma hugetlb; do
-    if [ -d /sys/fs/cgroup/${CGROUP} ]; then
-      CGROUPS+="${CGROUP},"
-    fi
-  done
-  cgcreate -g ${CGROUPS%,}:/osh-libvirt
-fi
+#Setup Cgroups to use when breaking out of Kubernetes defined groups
+CGROUPS=""
+for CGROUP in {{ .Values.conf.kubernetes.cgroup_controllers | include "helm-toolkit.utils.joinListWithSpace"  }}; do
+  if [ -d /sys/fs/cgroup/${CGROUP} ] || grep -w $CGROUP /sys/fs/cgroup/cgroup.controllers; then
+    CGROUPS+="${CGROUP},"
+  fi
+done
+cgcreate -g ${CGROUPS%,}:/osh-libvirt

 # We assume that if hugepage count > 0, then hugepages should be exposed to libvirt/qemu
 hp_count="$(cat /proc/meminfo | grep HugePages_Total | tr -cd '[:digit:]')"
@ -122,12 +120,8 @@ if [ 0"$hp_count" -gt 0 ]; then
 fi

 if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] || [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
-  if [ $CGROUP_VERSION != "v2" ]; then
-    #NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied.
-    cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen &
-  else
-    systemd-run --scope --slice=system libvirtd --listen &
-  fi
+
+  cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen &

  tmpsecret=$(mktemp --suffix .xml)
  if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
@ -203,9 +197,5 @@ EOF

 fi

-if [ $CGROUP_VERSION != "v2" ]; then
-  #NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied.
-  cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen
-else
-  systemd-run --scope --slice=system libvirtd --listen
-fi
+# NOTE(vsaienko): changing CGROUP is required as restart of the pod will cause domains restarts
+cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen
--- a/libvirt/values.yaml
+++ b/libvirt/values.yaml
@ -123,6 +123,20 @@ conf:
    group: "kvm"
  kubernetes:
    cgroup: "kubepods.slice"
+    # List of cgroup controller we want to use when breaking out of
+    # Kubernetes defined groups
+    cgroup_controllers:
+      - blkio
+      - cpu
+      - devices
+      - freezer
+      - hugetlb
+      - memory
+      - net_cls
+      - perf_event
+      - rdma
+      - misc
+      - pids
  vencrypt:
    # Issuer to use for the vencrypt certs.
    issuer:
@ -176,7 +190,6 @@ conf:
      kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.crt}' | base64 -d > /tmp/${TYPE}.crt
      kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.key}' | base64 -d > /tmp/${TYPE}.key
      kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/${TYPE}-ca.crt
-
 pod:
  probes:
    libvirt:
--- a/releasenotes/notes/libvirt.yaml
+++ b/releasenotes/notes/libvirt.yaml
@ -33,4 +33,5 @@ libvirt:
  - 0.1.30 Add 2024.1 overrides
  - 0.1.31 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default
  - 0.1.32 Enable a flag to parse Libvirt Nova metadata in libvirt exporter
+  - 0.1.33 Handle cgroupv2 correctly
 ...