Configure systemd CPUShares/Nice/IOScheduler for cron, docker, ssh

This updates CPUShares, CPUQuota, Nice, IOScheduling for: cron.service, docker.service, rsync.service and ssh.service, since these have sporadic intensive CPU and disk IO operations, yet are not latency critical. This gives 1/8th reduced shares, reduces Nice priority to +19(lowest), and reduced IOScheduling to use best-effort/priority 7(lowest) (used with 'bfq' IO Scheduler). ssh.service CPUQuota is set to 100% since there is no engineering reason to enable more. There are cases when admins attempt to do multiple large cpu/disk operations in parallel. rsync.service is observed to have sustained burst of work during software upload. cron.service has also been used for SysEng activities to generate substantial system load. This is part of an overall set of adjustments are required for systemd cgroups CPUShares, CPUQuota, and AllowedCPUs for key system services. This will improve latency of Kubernetes critical components, and throttles lesser important services. Partial-Bug: 2084714 TEST PLAN: AIO-SX, AIO-DX, Standard, Storage, DC: - PASS: Fresh install - PASS: verify systemd parameters for cron, docker, rsync, ssh Example: systemctl show cron.service | \ grep -e CPUShares -e CPUQuota -e Nice -e IOScheduling systemctl show docker.service | \ grep -e CPUShares -e CPUQuota -e Nice -e IOScheduling systemctl show rsync.service | \ grep -e CPUShares -e CPUQuota -e Nice -e IOScheduling systemctl show ssh.service | \ grep -e CPUShares -e CPUQuota -e Nice -e IOScheduling AIO-SX, AIO-DX: - PASS: B&R - PASS: K8S orchestrated upgrade from 1.24 to 1.29 - PASS: Platform USM upgrade, including pre-activation rollback Exception: docker override requires USM migration script. Change-Id: Ide8f4269426385fc5fc8bddbdebfa6abb5eca2d1 Signed-off-by: Jim Gauld <James.Gauld@windriver.com>
2024-10-16 13:53:22 -04:00 · 2024-10-16 13:53:22 -04:00 · a52b6e831e
commit a52b6e831e
parent 7705765a68
10 changed files with 76 additions and 7 deletions
--- a/base-files-config/debian/deb_folder/base-files-config.dirs
+++ b/base-files-config/debian/deb_folder/base-files-config.dirs
@ -0,0 +1,5 @@
+etc/profile.d/
+etc/systemd/system/cron.service.d
+etc/systemd/system/rsync.service.d
+etc/vim
+usr/share/starlingx/base-files
--- a/base-files-config/debian/deb_folder/base-files-config.install
+++ b/base-files-config/debian/deb_folder/base-files-config.install
@ -1,5 +1,7 @@
-custom.sh                          /etc/profile.d/
-motd                               /usr/share/starlingx/base-files
-profile                            /usr/share/starlingx/base-files
-prompt.sh                          /etc/profile.d/
-vimrc.local                        /etc/vim/
+etc/profile.d/custom.sh
+etc/profile.d/prompt.sh
+etc/systemd/system/cron.service.d/cron-cpu-shares.conf
+etc/systemd/system/rsync.service.d/rsync-cpu-shares.conf
+etc/vim/vimrc.local
+usr/share/starlingx/base-files/motd
+usr/share/starlingx/base-files/profile
--- a/base-files-config/debian/deb_folder/changelog
+++ b/base-files-config/debian/deb_folder/changelog
@ -1,3 +1,9 @@
+base-files-config (1.0-2) unstable; urgency=medium
+
+  * Added systemd DropIn config overrides for cron.service, rsync.service
+
+ -- Jim Gauld <James.Gauld@windriver.com>  Thu, 21 Nov 2024 08:35:05 -0400
+
 base-files-config (1.0-1) unstable; urgency=medium

  * Initial release
--- a/base-files-config/debian/deb_folder/copyright
+++ b/base-files-config/debian/deb_folder/copyright
@ -3,7 +3,7 @@ Upstream-Name: base-files-config
 Source: https://opendev.org/starlingx/config-files/

 Files: *
-Copyright: (c) 2013-2021 Wind River Systems, Inc
+Copyright: (c) 2013-2024 Wind River Systems, Inc
 License: Apache-2

 Files: debian/*
--- a/base-files-config/debian/deb_folder/rules
+++ b/base-files-config/debian/deb_folder/rules
@ -3,5 +3,17 @@
 # output every command that modifies files on the build system.
 #export DH_VERBOSE = 1

+ROOT := $(CURDIR)/debian/tmp
+
 %:
 	dh $@
+
+override_dh_install:
+	install -p -D -m 644 custom.sh             ${ROOT}/etc/profile.d/custom.sh
+	install -p -D -m 644 prompt.sh             ${ROOT}/etc/profile.d/prompt.sh
+	install -p -D -m 644 cron-cpu-shares.conf  ${ROOT}/etc/systemd/system/cron.service.d/cron-cpu-shares.conf
+	install -p -D -m 644 rsync-cpu-shares.conf ${ROOT}/etc/systemd/system/rsync.service.d/rsync-cpu-shares.conf
+	install -p -D -m 644 vimrc.local           ${ROOT}/etc/vim/vimrc.local
+	install -p -D -m 644 motd                  ${ROOT}/usr/share/starlingx/base-files/motd
+	install -p -D -m 644 profile               ${ROOT}/usr/share/starlingx/base-files/profile
+	dh_install
--- a/base-files-config/debian/meta_data.yaml
+++ b/base-files-config/debian/meta_data.yaml
@ -1,6 +1,6 @@
 ---
 debname: base-files-config
-debver: 1.0-1
+debver: 1.0-2
 src_path: source
 revision:
  dist: $STX_DIST
--- a/base-files-config/source/cron-cpu-shares.conf
+++ b/base-files-config/source/cron-cpu-shares.conf
@ -0,0 +1,10 @@
+[Service]
+# cgroup performance engineering
+# - cron.service does not provide latency critical service
+# - some cron jobs have significant significant sustained CPU and disk IO
+# - set 1/8th default share
+# - set lower IO priority (effective only with 'bfq' scheduler)
+CPUShares=128
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
--- a/base-files-config/source/rsync-cpu-shares.conf
+++ b/base-files-config/source/rsync-cpu-shares.conf
@ -0,0 +1,9 @@
+[Service]
+# cgroup performance engineering
+# - rsync.service does not provide latency critical service
+# - set 1/8th default share
+# - set lower IO priority (effective only with 'bfq' scheduler)
+CPUShares=128
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
--- a/docker-config/source-debian/docker-stx-override.conf
+++ b/docker-config/source-debian/docker-stx-override.conf
@ -5,5 +5,17 @@ ExecStartPost=/bin/bash -c 'echo $MAINPID > /var/run/dockerd.pid;'
 ExecStartPost=/bin/bash -c 'sleep 2 && [ ! -d '/var/lib/docker/tmp' ] && /bin/systemctl restart docker.service || true'
 ExecStopPost=/bin/rm -f /var/run/dockerd.pid

+# cgroup performance engineering
+# - docker.service does not provide latency critical service
+# - docker generates significant sustained CPU and disk IO writes
+# - 'docker pull' and 'docker load' require many parallel dockerd threads;
+#   extraction phase has multiple 'docker-untar' and 'unpigz' processes
+# - set 1/8th default share
+# - set lower IO priority (effective only with 'bfq' scheduler)
+CPUShares=128
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
+
 # pmond monitors docker service
 Restart=no
--- a/openssh-config/source-debian/ssh.service
+++ b/openssh-config/source-debian/ssh.service
@ -16,6 +16,19 @@ Type=notify
 RuntimeDirectory=sshd
 RuntimeDirectoryMode=0755

+# cgroup performance engineering
+# - ssh (and tools run by users) do not provide latency critical service
+# - specific tools can easily take 100% cpu and do significant IO
+# - set 1/8th default share
+# - set 100% cpu quota (1 logical cpu)
+# - set lower IO priority (effective only with 'bfq' scheduler)
+CPUShares=128
+CPUQuota=100%
+CPUQuotaPeriodSec=10ms
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
+
 [Install]
 WantedBy=multi-user.target
 Alias=sshd.service