openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
ea5ec5e2235b26b62db33f4d631270b3ad4a36b0
openshift-docs/modules/nodes-clusters-cgroups-2.adoc
Andrea Hoffer ea5ec5e223 OSDOCS#11296: Doc sweep for Kubernetes 1.29 to 1.30
2024-09-10 14:11:16 +00:00

269 lines
9.3 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * nodes/clusters/nodes-cluster-cgroups-2.adoc
// * post_installation_configuration/cluster-tasks.adoc
ifeval::["{context}" == "nodes-cluster-cgroups-2"]
:nodes:
endif::[]
ifeval::["{context}" == "post-install-cluster-tasks"]
:post:
endif::[]
:_mod-docs-content-type: PROCEDURE
[id="nodes-clusters-cgroups-2_{context}"]
= Configuring Linux cgroup
ifndef::openshift-origin[]
ifdef::post[]
As of {product-title} 4.14, {product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster. If you are using cgroup v1 on {product-title} 4.13 or earlier, migrating to {product-title} 4.14 or later will not automatically update your cgroup configuration to version 2. A fresh installation of {product-title} 4.14 or later will use cgroup v2 by default. However, you can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/index.html[Linux control group version 1] (cgroup v1) upon installation.
endif::post[]
endif::openshift-origin[]
ifdef::openshift-origin[]
ifdef::post[]
{product-title} uses link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster.
endif::post[]
endif::openshift-origin[]
ifdef::post[]
cgroup v2 is the current version of the Linux cgroup API. cgroup v2 offers several improvements over cgroup v1, including a unified hierarchy, safer sub-tree delegation, new features such as link:https://www.kernel.org/doc/html/latest/accounting/psi.html[Pressure Stall Information], and enhanced resource management and isolation. However, cgroup v2 has different CPU, memory, and I/O management characteristics than cgroup v1. Therefore, some workloads might experience slight differences in memory or CPU usage on clusters that run cgroup v2.
You can change between cgroup v1 and cgroup v2, as needed. Enabling cgroup v1 in {product-title} disables all cgroup v2 controllers and hierarchies in your cluster.
endif::post[]
ifdef::nodes[]
You can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/index.html[Linux control group version 1] (cgroup v1) or link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) by editing the `node.config` object. The default is cgroup v2.
endif::nodes[]
:FeatureName: cgroup v1
include::snippets/deprecated-feature.adoc[]
.Prerequisites
* You have a running {product-title} cluster that uses version 4.12 or later.
* You are logged in to the cluster as a user with administrative privileges.
.Procedure
. Enable cgroup v1 on nodes:
.. Edit the `node.config` object:
+
[source,terminal]
----
$ oc edit nodes.config/cluster
----
ifdef::post[]
.. Add `spec.cgroupMode: "v1"`:
+
.Example `node.config` object
[source,yaml]
----
apiVersion: config.openshift.io/v2
kind: Node
metadata:
annotations:
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/create-only: "true"
creationTimestamp: "2022-07-08T16:02:51Z"
generation: 1
name: cluster
ownerReferences:
- apiVersion: config.openshift.io/v2
kind: ClusterVersion
name: version
uid: 36282574-bf9f-409e-a6cd-3032939293eb
resourceVersion: "1865"
uid: 0c0f7a4c-4307-4187-b591-6155695ac85b
spec:
cgroupMode: "v1" <1>
...
----
<1> Enables cgroup v1.
endif::post[]
ifdef::nodes[]
.. Edit the `spec.cgroupMode` parameter:
+
.Example `node.config` object
[source,yaml]
----
apiVersion: config.openshift.io/v2
kind: Node
metadata:
annotations:
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/create-only: "true"
creationTimestamp: "2022-07-08T16:02:51Z"
generation: 1
name: cluster
ownerReferences:
- apiVersion: config.openshift.io/v2
kind: ClusterVersion
name: version
uid: 36282574-bf9f-409e-a6cd-3032939293eb
resourceVersion: "1865"
uid: 0c0f7a4c-4307-4187-b591-6155695ac85b
spec:
cgroupMode: "v1" <1>
...
----
<1> Specify `v1` to enable cgroup v1 or `v2` for cgroup v2.
endif::nodes[]
.Verification
. Check the machine configs to see that the new machine configs were added:
+
[source,terminal]
----
$ oc get mc
----
+
.Example output
[source,terminal]
----
NAME GENERATEDBYCONTROLLER IGNITIONVERSION AGE
00-master 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
00-worker 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
01-master-container-runtime 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
01-master-kubelet 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
01-worker-container-runtime 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
01-worker-kubelet 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
97-master-generated-kubelet 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
99-worker-generated-kubelet 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
99-master-generated-registries 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
99-master-ssh 3.2.0 40m
99-worker-generated-registries 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
99-worker-ssh 3.2.0 40m
rendered-master-23d4317815a5f854bd3553d689cfe2e9 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 10s <1>
rendered-master-23e785de7587df95a4b517e0647e5ab7 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
rendered-worker-5d596d9293ca3ea80c896a1191735bb1 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 33m
rendered-worker-dcc7f1b92892d34db74d6832bcc9ccd4 52dd3ba6a9a527fc3ab42afac8d12b693534c8c9 3.2.0 10s
----
<1> New machine configs are created, as expected.
. Check that the new `kernelArguments` were added to the new machine configs:
+
[source,terminal]
----
$ oc describe mc <name>
----
+
ifdef::nodes[]
.Example output for cgroup v2
[source,terminal]
----
apiVersion: machineconfiguration.openshift.io/v2
kind: MachineConfig
metadata:
labels:
machineconfiguration.openshift.io/role: worker
name: 05-worker-kernelarg-selinuxpermissive
spec:
kernelArguments:
systemd_unified_cgroup_hierarchy=1 <1>
cgroup_no_v1="all" <2>
psi=1 <3>
----
<1> Enables cgroup v2 in systemd.
<2> Disables cgroup v1.
<3> Enables the Linux Pressure Stall Information (PSI) feature.
+
endif::nodes[]
.Example output for cgroup v1
[source,terminal]
----
apiVersion: machineconfiguration.openshift.io/v2
kind: MachineConfig
metadata:
labels:
machineconfiguration.openshift.io/role: worker
name: 05-worker-kernelarg-selinuxpermissive
spec:
kernelArguments:
systemd.unified_cgroup_hierarchy=0 <1>
systemd.legacy_systemd_cgroup_controller=1 <2>
----
<1> Disables cgroup v2.
<2> Enables cgroup v1 in systemd.
. Check the nodes to see that scheduling on the nodes is disabled. This indicates that the change is being applied:
+
[source,terminal]
----
$ oc get nodes
----
+
.Example output
[source,terminal]
----
NAME STATUS ROLES AGE VERSION
ci-ln-fm1qnwt-72292-99kt6-master-0 Ready,SchedulingDisabled master 58m v1.30.3
ci-ln-fm1qnwt-72292-99kt6-master-1 Ready master 58m v1.30.3
ci-ln-fm1qnwt-72292-99kt6-master-2 Ready master 58m v1.30.3
ci-ln-fm1qnwt-72292-99kt6-worker-a-h5gt4 Ready,SchedulingDisabled worker 48m v1.30.3
ci-ln-fm1qnwt-72292-99kt6-worker-b-7vtmd Ready worker 48m v1.30.3
ci-ln-fm1qnwt-72292-99kt6-worker-c-rhzkv Ready worker 48m v1.30.3
----
. After a node returns to the `Ready` state, start a debug session for that node:
+
[source,terminal]
----
$ oc debug node/<node_name>
----
. Set `/host` as the root directory within the debug shell:
+
[source,terminal]
----
sh-4.4# chroot /host
----
ifdef::post[]
. Check that the `sys/fs/cgroup/cgroup2fs` file is present on your nodes. This file is created by cgroup v1:
+
[source,terminal]
----
$ stat -c %T -f /sys/fs/cgroup
----
+
.Example output
[source,terminal]
----
cgroup2fs
----
endif::post[]
ifdef::nodes[]
. Check that the `sys/fs/cgroup/cgroup2fs` or `sys/fs/cgroup/tmpfs` file is present on your nodes:
+
[source,terminal]
----
$ stat -c %T -f /sys/fs/cgroup
----
+
.Example output for cgroup v2
[source,terminal]
----
cgroup2fs
----
+
.Example output for cgroup v1
[source,terminal]
----
tmpfs
----
endif::nodes[]
ifeval::["{context}" == "nodes-cluster-cgroups-2"]
:!nodes:
endif::[]
ifeval::["{context}" == "post-install-cluster-tasks"]
:!post:
endif::[]
View Git Blame Copy Permalink