Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

neonvm: Fractional CPU limiting inside the VM #1052

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

neonvm: Fractional CPU limiting inside the VM #1052

wants to merge 2 commits into from

Conversation

sharnoff
Copy link
Member

Decided to push the branch I'd made, for discussion. Not necessarily going this route, pending a couple RFCs.

@Omrigan Omrigan self-requested a review September 23, 2024 16:41
@sharnoff
vm-builder: Run all processes in a cgroup
e533771 
More specifically, with this change:

1. There is a new cgroup inside the VM, /neonvm-root
2. There are associated cgroup & mount namespaces such that when inside
   those namespaces, /neonvm-root appears to be the root cgroup
3. All 'command's from the image spec are run inside the /neonvm-root
   cgroup and associated namespaces

In order to support the creation of new cgroups inside /neonvm-root
(like what's used in the test images, or in neondatabase/neon), we have
to run normal processes in a separate /neonvm-root/leaf cgroup in order
to not voilate the "no internal processes" rule.[1]

But other than that, most things should continue to behave as normal.
For example, cgconfigparser (which we use to set up user cgroups)
appears to continue to work just fine.

Also worth noting: Currently sshd also runs in the same cgroup &
namespaces as everything else, so that it continues to match the
perspective of processes running inside the VM.

When running as root, it's possible to break out of the namespaces by
entering PID 1's namespaces:

  nsenter --target=1 --cgroup --mount <command...>

[1]: https://man7.org/linux/man-pages/man7/cgroups.7.html
@sharnoff
neonvm: Add delegated CPU limiting with neonvm-daemon
6fbc3e2 
todo:
- Implement the backend in neonvm-daemon
- Fix build-test-vm needing access to neonvm-daemon (how to get it?)
- Add iptables rules inside the VM to prevent access to neonvm-daemon
- Figure out why scripts/run-bench.sh has 0.1x TPS at 0.25 CPU...
@sharnoff sharnoff force-pushed the sharnoff/neonvm-internal-cpu-limiting branch from 3e7f580 to 6fbc3e2 Compare September 25, 2024 01:03
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 25, 2024
edited
Loading

Merging this branch will increase overall coverage

Impacted Packages Coverage Δ 🤖
github.com/neondatabase/autoscaling/neonvm/apis/neonvm/v1 0.56% (-0.00%) 👎
github.com/neondatabase/autoscaling/neonvm/controllers 12.26% (+0.16%) 👍
github.com/neondatabase/autoscaling/neonvm/daemon 0.00% (ø)
github.com/neondatabase/autoscaling/neonvm/runner 0.00% (ø)
github.com/neondatabase/autoscaling/neonvm/tools/vm-builder 0.00% (ø)
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/neondatabase/autoscaling/neonvm/apis/neonvm/v1/virtualmachine_types.go 1.92% (ø) 52 1 51
github.com/neondatabase/autoscaling/neonvm/apis/neonvm/v1/zz_generated.deepcopy.go 0.00% (ø) 427 (+4) 0 427 (+4)
github.com/neondatabase/autoscaling/neonvm/controllers/vm_controller.go 26.05% (+0.25%) 691 (+5) 180 (+3) 511 (+2) 👍
github.com/neondatabase/autoscaling/neonvm/daemon/main.go 0.00% (ø) 81 (+81) 0 81 (+81)
github.com/neondatabase/autoscaling/neonvm/runner/main.go 0.00% (ø) 835 (+48) 0 835 (+48)
github.com/neondatabase/autoscaling/neonvm/tools/vm-builder/main.go 0.00% (ø) 215 (+7) 0 215 (+7)

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

HTML Report

Click to open

@sharnoff sharnoff mentioned this pull request Sep 26, 2024
Merged
mikhail-sakhnov added a commit that referenced this pull request Oct 14, 2024
@sharnoff @mikhail-sakhnov
neonvm: Add new neonvm-daemon binary skeleton (#1090)
4156e39 
Extracted the minimal version from #1052, because it's clear that this
daemon is required in multiple places, and we don't know which PR will
merge first.

---

**Notes:** Not expected to pass CI! (images won't be in the right
place). Haven't tested it since extracting from #1052.

cc @mikhail-sakhnov, as discussed :)

---------

Signed-off-by: Misha Sakhnov <[email protected]>
Co-authored-by: Misha Sakhnov <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Omrigan Omrigan Awaiting requested review from Omrigan

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sharnoff