diff --git a/libvirt/Chart.yaml b/libvirt/Chart.yaml index 029ca49731..fcfe5c62b1 100644 --- a/libvirt/Chart.yaml +++ b/libvirt/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm libvirt name: libvirt -version: 0.1.32 +version: 0.1.33 home: https://libvirt.org sources: - https://libvirt.org/git/?p=libvirt.git;a=summary diff --git a/libvirt/templates/bin/_libvirt.sh.tpl b/libvirt/templates/bin/_libvirt.sh.tpl index 357bfe363c..c574069ed7 100644 --- a/libvirt/templates/bin/_libvirt.sh.tpl +++ b/libvirt/templates/bin/_libvirt.sh.tpl @@ -53,16 +53,14 @@ if [[ -c /dev/kvm ]]; then chown root:kvm /dev/kvm fi -if [ $CGROUP_VERSION != "v2" ]; then - #Setup Cgroups to use when breaking out of Kubernetes defined groups - CGROUPS="" - for CGROUP in cpu rdma hugetlb; do - if [ -d /sys/fs/cgroup/${CGROUP} ]; then - CGROUPS+="${CGROUP}," - fi - done - cgcreate -g ${CGROUPS%,}:/osh-libvirt -fi +#Setup Cgroups to use when breaking out of Kubernetes defined groups +CGROUPS="" +for CGROUP in {{ .Values.conf.kubernetes.cgroup_controllers | include "helm-toolkit.utils.joinListWithSpace" }}; do + if [ -d /sys/fs/cgroup/${CGROUP} ] || grep -w $CGROUP /sys/fs/cgroup/cgroup.controllers; then + CGROUPS+="${CGROUP}," + fi +done +cgcreate -g ${CGROUPS%,}:/osh-libvirt # We assume that if hugepage count > 0, then hugepages should be exposed to libvirt/qemu hp_count="$(cat /proc/meminfo | grep HugePages_Total | tr -cd '[:digit:]')" @@ -122,12 +120,8 @@ if [ 0"$hp_count" -gt 0 ]; then fi if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] || [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then - if [ $CGROUP_VERSION != "v2" ]; then - #NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied. - cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen & - else - systemd-run --scope --slice=system libvirtd --listen & - fi + + cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen & tmpsecret=$(mktemp --suffix .xml) if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then @@ -203,9 +197,5 @@ EOF fi -if [ $CGROUP_VERSION != "v2" ]; then - #NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied. - cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen -else - systemd-run --scope --slice=system libvirtd --listen -fi +# NOTE(vsaienko): changing CGROUP is required as restart of the pod will cause domains restarts +cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen diff --git a/libvirt/values.yaml b/libvirt/values.yaml index ba35a3f584..b5354ccae2 100644 --- a/libvirt/values.yaml +++ b/libvirt/values.yaml @@ -123,6 +123,20 @@ conf: group: "kvm" kubernetes: cgroup: "kubepods.slice" + # List of cgroup controller we want to use when breaking out of + # Kubernetes defined groups + cgroup_controllers: + - blkio + - cpu + - devices + - freezer + - hugetlb + - memory + - net_cls + - perf_event + - rdma + - misc + - pids vencrypt: # Issuer to use for the vencrypt certs. issuer: @@ -176,7 +190,6 @@ conf: kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.crt}' | base64 -d > /tmp/${TYPE}.crt kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.key}' | base64 -d > /tmp/${TYPE}.key kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/${TYPE}-ca.crt - pod: probes: libvirt: diff --git a/releasenotes/notes/libvirt.yaml b/releasenotes/notes/libvirt.yaml index 18c7a70bfd..0209ef5c8b 100644 --- a/releasenotes/notes/libvirt.yaml +++ b/releasenotes/notes/libvirt.yaml @@ -33,4 +33,5 @@ libvirt: - 0.1.30 Add 2024.1 overrides - 0.1.31 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default - 0.1.32 Enable a flag to parse Libvirt Nova metadata in libvirt exporter + - 0.1.33 Handle cgroupv2 correctly ...