diff --git a/compute/compute-node.Dockerfile b/compute/compute-node.Dockerfile index bdb9e0ed7f..730fb21bf4 100644 --- a/compute/compute-node.Dockerfile +++ b/compute/compute-node.Dockerfile @@ -1751,6 +1751,50 @@ RUN set -ex; \ /tmp/awscliv2/aws/install; \ rm -rf /tmp/awscliv2.zip /tmp/awscliv2 +######################################################################################### +# +# Layer "cgroup-tools" +# +######################################################################################### + +# Build cgroup-tools +# +# At time of writing (2023-03-14), debian bullseye has a version of cgroup-tools (technically +# libcgroup) that doesn't support cgroup v2 (version 0.41-11). Unfortunately, the vm-monitor +# requires cgroup v2, so we'll build cgroup-tools ourselves. +# +# At time of migration to bookworm (2024-10-09), debian has a version of libcgroup/cgroup-tools 2.0.2, +# and it _probably_ can be used as-is. However, we'll build it ourselves to minimise the changeset +# for debian version migration. +# +FROM debian:bookworm-slim as cgroup-tools +ENV LIBCGROUP_VERSION=v2.0.3 + +RUN set -exu \ + && apt update \ + && apt install --no-install-recommends -y \ + git \ + ca-certificates \ + automake \ + cmake \ + make \ + gcc \ + byacc \ + flex \ + libtool \ + libpam0g-dev \ + && git clone --depth 1 -b $LIBCGROUP_VERSION https://github.com/libcgroup/libcgroup \ + && INSTALL_DIR="/libcgroup-install" \ + && mkdir -p "$INSTALL_DIR/bin" "$INSTALL_DIR/include" \ + && cd libcgroup \ + # extracted from bootstrap.sh, with modified flags: + && (test -d m4 || mkdir m4) \ + && autoreconf -fi \ + && rm -rf autom4te.cache \ + && CFLAGS="-O3" ./configure --prefix="$INSTALL_DIR" --sysconfdir=/etc --localstatedir=/var --enable-opaque-hierarchy="name=systemd" \ + # actually build the thing... + && make install + ######################################################################################### # # Clean up postgres folder before inclusion @@ -1925,6 +1969,13 @@ RUN mkdir /var/db && useradd -m -d /var/db/postgres postgres && \ # aws cli is used by fast_import COPY --from=awscli /usr/local/aws-cli /usr/local/aws-cli +# locally built cgroup-tools +COPY --from=cgroup-tools /libcgroup-install/bin/* /usr/local/bin/ +COPY --from=cgroup-tools /libcgroup-install/lib/* /usr/local/lib/ +COPY --from=cgroup-tools /libcgroup-install/sbin/* /usr/local/sbin/ + +COPY --chmod=0644 compute/etc/cgconfig.conf /etc/cgconfig.conf + # pgbouncer and its config COPY --from=pgbouncer /usr/local/pgbouncer/bin/pgbouncer /usr/local/bin/pgbouncer COPY --chmod=0666 --chown=postgres compute/etc/pgbouncer.ini /etc/pgbouncer.ini diff --git a/compute/etc/cgconfig.conf b/compute/etc/cgconfig.conf new file mode 100644 index 0000000000..1c8bade7eb --- /dev/null +++ b/compute/etc/cgconfig.conf @@ -0,0 +1,12 @@ +# Configuration for cgroups in VM compute nodes +group neon-postgres { + perm { + admin { + uid = postgres; + } + task { + gid = users; + } + } + memory {} +} diff --git a/compute/etc/systemd/system/compute_ctl.service b/compute/etc/systemd/system/compute_ctl.service index ccc152d5b0..0176d75f79 100644 --- a/compute/etc/systemd/system/compute_ctl.service +++ b/compute/etc/systemd/system/compute_ctl.service @@ -10,6 +10,7 @@ User=postgres EnvironmentFile=/neonvm/runtime/command.env ExecStart=/usr/local/bin/compute_ctl $COMPUTE_CTL_ARGS Restart=on-failure +Delegate=yes [Install] WantedBy=multi-user.target