Disable libvirt cgroup functionality for cgroup v2

Change-Id: I5a9f1828d7c2f36e14de89323868c4a1dbebba64
2023-07-05 21:07:49 +03:30 · 2023-07-05 21:07:49 +03:30 · 4fc46f1808
commit 4fc46f1808
parent 6b6ca9e26c
3 changed files with 61 additions and 41 deletions
--- a/libvirt/Chart.yaml
+++ b/libvirt/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm libvirt
 name: libvirt
-version: 0.1.20
+version: 0.1.21
 home: https://libvirt.org
 sources:
  - https://libvirt.org/git/?p=libvirt.git;a=summary
--- a/libvirt/templates/bin/_libvirt.sh.tpl
+++ b/libvirt/templates/bin/_libvirt.sh.tpl
@ -16,6 +16,13 @@ limitations under the License.

 set -ex

+# TODO: We disable cgroup functionality for cgroup v2, we should fix this in the future
+if $(stat -fc %T /sys/fs/cgroup/ | grep -q cgroup2fs); then
+  CGROUP_VERSION=v2
+else
+  CGROUP_VERSION=v1
+fi
+
 if [ -n "$(cat /proc/*/comm 2>/dev/null | grep -w libvirtd)" ]; then
  set +x
  for proc in $(ls /proc/*/comm 2>/dev/null); do
@ -38,6 +45,7 @@ if [[ -c /dev/kvm ]]; then
    chown root:kvm /dev/kvm
 fi

+if [ $CGROUP_VERSION != "v2" ]; then
  #Setup Cgroups to use when breaking out of Kubernetes defined groups
  CGROUPS=""
  for CGROUP in cpu rdma hugetlb; do
@ -46,6 +54,7 @@ for CGROUP in cpu rdma hugetlb; do
    fi
  done
  cgcreate -g ${CGROUPS%,}:/osh-libvirt
+fi

 # We assume that if hugepage count > 0, then hugepages should be exposed to libvirt/qemu
 hp_count="$(cat /proc/meminfo | grep HugePages_Total | tr -cd '[:digit:]')"
@ -68,6 +77,7 @@ if [ 0"$hp_count" -gt 0 ]; then
    exit 1
  fi

+  if [ $CGROUP_VERSION != "v2" ]; then
    # Kubernetes 1.10.x introduced cgroup changes that caused the container's
    # hugepage byte limit quota to zero out. This workaround sets that pod limit
    # back to the total number of hugepage bytes available to the baremetal host.
@ -101,10 +111,15 @@ if [ 0"$hp_count" -gt 0 ]; then
         exit 1)
    fi
  fi
+fi

 if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] || [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
+  if [ $CGROUP_VERSION != "v2" ]; then
    #NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied.
    cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen &
+  else
+    systemd-run --scope --slice=system libvirtd --listen &
+  fi

  tmpsecret=$(mktemp --suffix .xml)
  if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
@ -180,5 +195,9 @@ EOF

 fi

+if [ $CGROUP_VERSION != "v2" ]; then
  #NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied.
  cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen
+else
+  systemd-run --scope --slice=system libvirtd --listen
+fi
--- a/releasenotes/notes/libvirt.yaml
+++ b/releasenotes/notes/libvirt.yaml
@ -21,4 +21,5 @@ libvirt:
  - 0.1.18 Replace node-role.kubernetes.io/master with control-plane
  - 0.1.19 Set kubernetes cgroup value equal kubepods.slice to fit systemd cgroup driver
  - 0.1.20 Update Ceph to 17.2.6
+  - 0.1.21 Disable libvirt cgroup functionality for cgroup-v2
 ...