search

cilium / cilium-olm

Other
10 stars 13 forks source link

fixed tuned config #22

Closed errordeveloper closed 3 years ago

errordeveloper commented 3 years ago

Looks like Tuned CR introduced in edc1a1044b407819c6b58c22b4a062da9666bd76 is not working.

It has no effect in OCP 4.6, since systemd version is an older one, so it's not subject to cilium/cilium#10645.

OCP 4.6:

systemd 239
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy

OKD 4.5:

systemd 245 (v245.6-2.fc32)
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified

What happens is that tuned complains like so:

I0128 17:54:04.307384    5197 tuned.go:264] disabling system tuned...
I0128 17:54:04.388955    5197 tuned.go:820] started events processor
I0128 17:54:04.388996    5197 tuned.go:281] extracting Tuned profiles
I0128 17:54:04.389889    5197 tuned.go:863] started controller
I0128 17:54:05.428245    5197 tuned.go:359] written "/etc/tuned/recommend.d/50-openshift.conf" to set Tuned profile openshift-node-rpfilter-cilium
I0128 17:54:06.640778    5197 tuned.go:563] active profile () != recommended profile (openshift-node-rpfilter-cilium)
I0128 17:54:06.641115    5197 tuned.go:368] starting tuned...
2021-01-28 17:54:06,854 INFO     tuned.daemon.application: dynamic tuning is globally disabled
2021-01-28 17:54:06,878 INFO     tuned.daemon.daemon: using sleep interval of 1 second(s)
2021-01-28 17:54:06,878 INFO     tuned.daemon.daemon: Running in automatic mode, checking what profile is recommended for your configuration.
2021-01-28 17:54:06,879 INFO     tuned.daemon.daemon: Using 'openshift-node-rpfilter-cilium' profile
2021-01-28 17:54:06,880 INFO     tuned.profiles.loader: loading profile: openshift-node-rpfilter-cilium
2021-01-28 17:54:06,933 INFO     tuned.daemon.controller: starting controller
2021-01-28 17:54:06,934 INFO     tuned.daemon.daemon: starting tuning
2021-01-28 17:54:06,947 INFO     tuned.plugins.base: instance cpu: assigning devices cpu2, cpu3, cpu1, cpu0
2021-01-28 17:54:06,948 INFO     tuned.plugins.plugin_cpu: We are running on an x86 GenuineIntel platform
2021-01-28 17:54:06,952 ERROR    tuned.utils.commands: Executing x86_energy_perf_policy error: x86_energy_perf_policy: /dev/cpu/1/msr offset 0x1ad read failed: Input/output error
2021-01-28 17:54:06,952 WARNING  tuned.plugins.plugin_cpu: your CPU doesn't support MSR_IA32_ENERGY_PERF_BIAS, ignoring CPU energy performance bias
2021-01-28 17:54:06,955 INFO     tuned.plugins.base: instance disk: assigning devices sda, dm-0
2021-01-28 17:54:06,958 INFO     tuned.plugins.base: instance net: assigning devices ens4
2021-01-28 17:54:07,005 ERROR    tuned.plugins.plugin_sysctl: Failed to read sysctl parameter 'net.ipv4.conf.lxc*.rp_filter', the parameter does not exist
2021-01-28 17:54:07,005 ERROR    tuned.plugins.plugin_sysctl: sysctl option net.ipv4.conf.lxc*.rp_filter will not be set, failed to read the original value.
2021-01-28 17:54:07,005 INFO     tuned.plugins.plugin_sysctl: reapplying system sysctl
2021-01-28 17:54:07,014 INFO     tuned.daemon.daemon: static tuning from profile 'openshift-node-rpfilter-cilium' applied

It's potentially possible to use tuned in unmanaged mode to solve this, but that needs investigating.

errordeveloper commented 3 years ago

https://github.com/redhat-performance/tuned/issues/202

errordeveloper commented 3 years ago

It's potentially possible to use tuned in unmanaged mode

That's something else, won't work. Perhaps we can make use of tuned's sysfs or script plugins.

errordeveloper commented 3 years ago

sysfs plugin does supports globs, however file-bases access to sysctl is through /proc/sys, so that won't work.

script plugin remains the only option, and perhaps it's best to make it actually write a file, but it doesn't look like tuned supports inline script or scripts with arguments, so it needs to be written to a file somehow and bash -c is not an option.

errordeveloper commented 3 years ago

it's not fixable, a more direct solution to rp_filter problem is needed (see https://github.com/cilium/cilium/issues/10645#issuecomment-769604842).