StarlingX miscellaneous tools and utilities
Go to file
Rei Oliveira f617cc5d8f Fail fast improvement to show-certs
When k8s certificates are expired, this script can take more than 1
minute to return. During debugging, I noticed that the most time
consuming step is PrintCertInfo-for-OIDC-Certificates, which queries
for kubernetes secret many times. PrintCertInfo-fromGenericSecret,
below it, also makes a few calls with kubectl.

This commit adds a variable to capture the return of 'kubeadm certs
check-expiration' command and then only calls
PrintCertInfo-for-OIDC-Certificates if the RC is successful.

This reduces the overall execution time from about 1 minute to around
10 seconds.

Test Plan:
PASS: Run show-certs in c0 and c1 and verify it finishes successfully
      and the output before and after this change is the same
PASS: Cause k8s certificates for expire. run show-certs in c0 and c1 and
      verify it finishes successfully in less than 10s. Verify that the
      output before and after this change is the same.

Story: 2010815
Task: 49485
Change-Id: I9f3eaec3a543fdea278e04c2f1895685bc333505
Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
2024-02-02 14:57:43 +00:00
ceph Add missing dependencies in stx-ceph-manager debian image 2023-10-17 11:43:50 +00:00
security Generate self-signed certificate when https is enabled 2021-09-23 14:57:45 -04:00
tools Add rendering collect bundle files to report tool 2023-12-15 12:43:38 -05:00
utilities Fail fast improvement to show-certs 2024-02-02 14:57:43 +00:00
.gitignore Refactoring novaClient instantiation and unittests 2022-01-25 19:27:36 -03:00
.gitreview Add a .gitreview file to the new repo 2019-09-09 09:48:42 -05:00
.zuul.yaml Add python-ldap deps for zuul test 2023-09-15 18:41:49 +00:00
bindep.txt Add python-ldap deps for zuul test 2023-09-15 18:41:49 +00:00
centos_build_layer.cfg Build layering, add layer build config file and tarball lst file 2019-10-15 15:17:50 +08:00
centos_dev_docker_images.inc Create containerized pci-irq-affinity-agent 2021-11-10 15:43:08 -03:00
centos_dev_wheels.inc Create containerized pci-irq-affinity-agent 2021-11-10 15:43:08 -03:00
centos_guest_image_rt.inc Config file changes to add 'ceph/ceph-manager ceph/python-cephclient utilities/nfscheck utilities/logmgmt security/tpm2-openssl-engine security/stx-ssl tools/collector tools/engtools/hostdata-collectors utilities/build-info utilities/namespace-utils utilities/pci-irq-affinity-agent utilities/platform-util utilities/stx-extensions utilities/update-motd ' after relocation from 'stx-integ' 2019-09-04 11:08:27 -04:00
centos_guest_image.inc Config file changes to add 'ceph/ceph-manager ceph/python-cephclient utilities/nfscheck utilities/logmgmt security/tpm2-openssl-engine security/stx-ssl tools/collector tools/engtools/hostdata-collectors utilities/build-info utilities/namespace-utils utilities/pci-irq-affinity-agent utilities/platform-util utilities/stx-extensions utilities/update-motd ' after relocation from 'stx-integ' 2019-09-04 11:08:27 -04:00
centos_iso_image.inc Removing remaining pci affinity agent service code 2022-05-20 13:57:26 -03:00
centos_pkg_dirs Remove pm-qos-mgr daemon 2019-10-24 13:23:53 -04:00
centos_stable_docker_images.inc CentOS base container image with development tools 2022-04-25 13:48:16 -03:00
centos_stable_wheels.inc Create containerized pci-irq-affinity-agent 2021-11-10 15:43:08 -03:00
centos_tarball-dl.lst Build layering, add layer build config file and tarball lst file 2019-10-15 15:17:50 +08:00
CONTRIBUTING.rst Adding zuul jobs for new repo 2019-09-09 13:43:49 -05:00
debian_build_layer.cfg Add debian_build_layer.cfg file 2021-10-05 14:13:38 -04:00
debian_iso_image.inc debian: Remove debian-integration package 2022-12-06 08:01:23 -05:00
debian_pkg_dirs Debian: Add build structure for utilities/pci-irq-affinity-agent 2023-01-16 15:43:53 -03:00
debian_stable_docker_images.inc Port stx-pci-irq-affinity-agent to stx-debian 2023-01-16 15:44:08 -03:00
debian_stable_wheels.inc Debian: Add build structure for utilities/pci-irq-affinity-agent 2023-01-16 15:43:53 -03:00
HACKING.rst Adding zuul jobs for new repo 2019-09-09 13:43:49 -05:00
pylint.rc Re-enable important py3k checks for utilities 2021-10-21 12:34:24 +00:00
README.rst Document PCI IRQ Affinity Agent operation 2021-11-04 16:39:08 -03:00
requirements.txt Turn off legacy resolver workaround in pip 2020-12-17 17:04:41 -06:00
test-requirements.txt Add flake8-import-order and use python3.9 on tox 2022-09-13 21:49:41 +00:00
tox.ini Add python-ldap deps for zuul test 2023-09-15 18:41:49 +00:00

utilities

This file serves as documentation for the components and features included on the utilities repository.

PCI IRQ Affinity Agent

While in OpenStack it is possible to enable instances to use PCI devices, the interrupts generated by these devices may be handled by host CPUs that are unrelated to the instance, and this can lead to a performance that is lower than it could be if the device interrupts were handled by the instance CPUs.

The agent only acts over instances with dedicated vCPUs. For instances using shared vCPUs no action will be taken by the agent.

The expected outcome from the agent operation is achieving a higher performance by assigning the instances core to handle the interrupts from PCI devices used by these instances and avoid interrupts consuming excessive cycles from the platform cores.

Agent operation

The agent operates by listening to RabbitMQ notifications from Nova. When an instance is created or moved to the host, the agent checks for an specific flavor spec (detailed below) and if it does then it queries libvirt to map the instance vCPUs into pCPUs from the host.

Once the agent has the CPU mapping, it determines the IRQ for each PCI device used by the instance, and then it loops over all PCI devices and determines which host NUMA node is associated with the device, the pCPUs that are associated with the NUMA node and finally set the CPU affinity for the IRQs of the PCI device based on the pCPU list.

There is also a periodic audit that runs every minute and loops over the existing IRQs, so that if there are new IRQs that weren't mapped before the agent maps them, and if there are PCI devices that aren't associated to an instance that they were before, their IRQ affinity is reset to the default value.

Flavor spec

The PCI IRQ Affinity Agent uses a specific flavor spec for PCI interrupt affining, that is used to determine which vCPUs assigned to the instance must handle the interrupts from the PCI devices:

  • hw:pci_irq_affinity_mask=<vcpus_cpulist>

Where vcpus_cpulist can assume a comma-separated list of values that can be expressed as:

  • int: the vCPU expressed by int will be assigned to handle the interruptions from the PCI devices
  • int1-int2: the vCPUs between int1 and int2 (inclusive) will be used to handle the interruptions from the PCI devices
  • ^int: the vCPU expressed by int will not be assigned to handle the interruptions from the PCI devices and shall be used to exclude a vCPU that was included in a previous range

NOTE: int must be a value between 0 and flavor.vcpus - 1

Example: hw_pci_irq_affinity_mask=1-4,^3,6 means that vCPUs with indexes 1,2,4 and 6 from the vCPU list that Nova allocates to the instance will be assigned to handle interruptions from the PCI devices.

Limitations

  • No CPU affining is performed for instances using shared CPUs (i.e., when using flavor spec hw:cpu_policy=shared)
  • No CPU affining will be performed when invalid ranges are specified on the flavor spec, the agent instead will log error messages indicating the problem

Agent packaging

The agent code resides on the starlingx/utilities repo, along with the spec and docker_image files that are used to build a CentOS image with the agent wheel installed on it.

The agent is deployed by Armada along with the other OpenStack helm charts; refer to PCI IRQ Affinity Agent helm chart on starlingx/openstack-armada-app repository.