Merge pull request #49472 from mburke5678/nodes-cgroups-vs-tech-preview

OSDOCS#3977: Tech preview of cgroup V2

Author: mburke5678

_topic_maps/_topic_map.yml

@@ -470,6 +470,8 @@ Topics:
     File: installing-customizing
   - Name: Configuring your firewall
     File: configuring-firewall
+  - Name: Enabling Linux control group version 2 (cgroup v2)
+    File: enabling-cgroup-v2
 - Name: Validating an installation
   File: validating-an-installation
   Distros: openshift-origin,openshift-enterprise
@@ -2081,6 +2083,9 @@ Topics:
   - Name: Configuring your cluster to place pods on overcommited nodes
     File: nodes-cluster-overcommit
     Distros: openshift-enterprise,openshift-origin
+  - Name: Enabling Linux control group version 2 (cgroup v2)
+    File: nodes-cluster-cgroups-2
+    Distros: openshift-enterprise,openshift-origin
   - Name: Enabling features using FeatureGates
     File: nodes-cluster-enabling-features
     Distros: openshift-enterprise,openshift-origin

installing/install_config/enabling-cgroup-v2.adoc

@@ -0,0 +1,27 @@
+:_content-type: ASSEMBLY
+:context: nodes-cluster-cgroups-2
+[id="enabling-cgroup-v2"]
+= Enabling Linux control group version 2 (cgroup v2)
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+You can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster by editing the `node.config` object. Enabling cgroup v2 in {product-title} disables all cgroups version 1 controllers and hierarchies in your cluster. cgroup v1 is enabled by default.
+
+cgroup v2 is the next version of the Linux cgroup API. cgroup v2 offers several improvements over cgroup v1, including a unified hierarchy, safer sub-tree delegation, new features such as link:https://www.kernel.org/doc/html/latest/accounting/psi.html[Pressure Stall Information], and enhanced resource management and isolation. 
+
+:FeatureName: {product-title} cgroups version 2 support
+include::snippets/technology-preview.adoc[leveloffset=+0]
+
+// The following include statements pull in the module files that comprise
+// the assembly. Include any combination of concept, procedure, or reference
+// modules required to cover the user story. You can also include other
+// assemblies.
+
+
+include::modules/nodes-clusters-cgroups-2-install.adoc[leveloffset=+1]
+
+.Additional resources
+
+* xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling[Enabling OpenShift Container Platform features using FeatureGates]
+* xref:../../installing/index.adoc#ocp-installation-overview[OpenShift Container Platform installation overview]

modules/installation-configuration-parameters.adoc

@@ -456,10 +456,6 @@ Optional installation configuration parameters are described in the following ta
 |Extends the set of optional capabilities beyond what you specify in `baselineCapabilitySet`. Valid values are `baremetal`, `marketplace` and `openshift-samples`. You may specify multiple capabilities in this parameter.
 |String array
 
-|`cgroupsV2`
-|Enables link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control groups version 2] (cgroups v2) on specific nodes in your cluster. The {product-title} process for enabling cgroups v2 disables all cgroup version 1 controllers and hierarchies. The {product-title} cgroups version 2 feature is in Developer Preview and is not supported by Red Hat at this time.
-|`true`
-
 |`compute`
 |The configuration for the machines that comprise the compute nodes.
 |Array of `MachinePool` objects.

modules/nodes-clusters-cgroups-2-install.adoc

@@ -0,0 +1,38 @@
+// Module included in the following assemblies:
+//
+// * install/install_config/enabling-cgroup-v2
+
+:_content-type: PROCEDURE
+[id="nodes-clusters-cgroups-2-install_{context}"]
+= Enabling Linux cgroup v2 during installation
+
+You can enable Linux control group version 2 (cgroup v2) when you install a cluster by creating installation manifests.
+
+.Procedure 
+
+. Create or edit the `node.config` object to specify the `v2` cgroup: 
++
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: Node
+metadata:
+  name: cluster
+  spec:
+    cgroupMode: "v2"
+----
+
+. Create or edit the `FeatureGate` object to enable the `TechPreviewNoUpgrade` feature set:
++
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: FeatureGate
+metadata:
+  name: cluster
+  spec:
+    featureSet: "TechPreviewNoUpgrade"
+----
+
+. Proceed with the installation as usual. 
+

modules/nodes-clusters-cgroups-2.adoc

@@ -0,0 +1,194 @@
+// Module included in the following assemblies:
+//
+// * nodes/clusters/nodes-cluster-cgroups-2.adoc
+// * post_installation_configuration/machine-configuration-tasks.adoc
+
+ifeval::["{context}" == "nodes-cluster-cgroups-2"]
+:nodes:
+endif::[]
+ifeval::["{context}" == "post-install-cluster-tasks"]
+:post:
+endif::[]
+
+:_content-type: PROCEDURE
+[id="nodes-clusters-cgroups-2_{context}"]
+= Configuring Linux cgroup v2
+
+ifdef::post[]
+You can enable link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control group version 2] (cgroup v2) in your cluster by editing the `node.config` object. Enabling cgroup v2 in {product-title} disables all cgroups version 1 controllers and hierarchies in your cluster. cgroup v1 is enabled by default.
+
+cgroup v2 is the next version of the Linux cgroup API. cgroup v2 offers several improvements over cgroup v1, including a unified hierarchy, safer sub-tree delegation, new features such as link:https://www.kernel.org/doc/html/latest/accounting/psi.html[Pressure Stall Information], and enhanced resource management and isolation. 
+
+[IMPORTANT]
+====
+{product-title} cgroups version 2 support is a Technology Preview feature only. Technology Preview features
+are not supported with Red Hat production service level agreements (SLAs) and
+might not be functionally complete. Red Hat does not recommend using them
+in production. These features provide early access to upcoming product
+features, enabling customers to test functionality and provide feedback during
+the development process.
+
+For more information about the support scope of Red Hat Technology Preview
+features, see https://access.redhat.com/support/offerings/techpreview/.
+====
+endif::post[]
+
+ifdef::nodes[]
+You enable cgroup v2 by editing the `node.config` object.
+endif::nodes[]
+
+.Prerequisites
+* You have a running {product-title} cluster that uses version 4.12 or later.
+* You are logged in to the cluster as a user with administrative privileges.
+* You have enabled the `TechPreviewNoUpgrade` feature set by using the feature gates.
+
+.Procedure
+
+. Enable cgroup v2 on nodes:
+
+.. Edit the `node.config` object:
++
+[source,terminal]
+----
+$ oc edit nodes.config/cluster
+----
+
+.. Add `spec.cgroupMode: "v2"`:
++
+.Example `node.config` object
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: Node
+metadata:
+  annotations:
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+    release.openshift.io/create-only: "true"
+  creationTimestamp: "2022-07-08T16:02:51Z"
+  generation: 1
+  name: cluster
+  ownerReferences:
+  - apiVersion: config.openshift.io/v1
+    kind: ClusterVersion
+    name: version
+    uid: 36282574-bf9f-409e-a6cd-3032939293eb
+  resourceVersion: "1865"
+  uid: 0c0f7a4c-4307-4187-b591-6155695ac85b
+spec:
+  cgroupMode: "v2" <1>
+...
+----
+<1> Enables cgroup v2.
+
+
+.Verification
+
+. Check the machine configs to see that the new machine configs were added:
++
+[source,terminal]
+----
+$ oc get mc
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                               GENERATEDBYCONTROLLER                      IGNITIONVERSION   AGE
+00-master                                          52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
+00-worker                                          52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
+01-master-container-runtime                        52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
+01-master-kubelet                                  52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
+01-worker-container-runtime                        52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
+01-worker-kubelet                                  52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
+97-master-generated-kubelet                        52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0              3m <1>
+99-worker-generated-kubelet                        52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0              3m
+99-master-generated-registries                     52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
+99-master-ssh                                                                                 3.2.0             40m
+99-worker-generated-registries                     52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
+99-worker-ssh                                                                                 3.2.0             40m
+rendered-master-23e785de7587df95a4b517e0647e5ab7   52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
+rendered-worker-5d596d9293ca3ea80c896a1191735bb1   52dd3ba6a9a527fc3ab42afac8d12b693534c8c9   3.2.0             33m
+worker-enable-cgroups-v2                                                                      3.2.0             10s
+----
+<1> New machine configs are created, as expected.
+
+. Check that the new `kernelArguments` were added to the new machine configs:
++
+[source,terminal]
+----
+$ oc describe mc <name>
+----
++
+.Example output
+[source,terminal]
+----
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 05-worker-kernelarg-selinuxpermissive
+spec:
+  kernelArguments:
+  - systemd_unified_cgroup_hierarchy=1 <1>
+  - cgroup_no_vi="all" <2>
+  - psi=1 <3>
+----
+<1> Enables cgroup v2 in systemd.
+<2> Disables cgroups v1.
+<3> Enables the Linux Pressure Stall Information (PSI) feature.
+
+. Check the nodes to see that scheduling on the nodes is disabled. This indicates that the change is being applied:
++
+[source,terminal]
+----
+$ oc get nodes
+----
++
+.Example output
+[source,terminal]
+----
+NAME                                       STATUS                     ROLES    AGE   VERSION
+ci-ln-fm1qnwt-72292-99kt6-master-0         Ready                      master   58m   v1.24.0
+ci-ln-fm1qnwt-72292-99kt6-master-1         Ready                      master   58m   v1.24.0
+ci-ln-fm1qnwt-72292-99kt6-master-2         Ready                      master   58m   v1.24.0
+ci-ln-fm1qnwt-72292-99kt6-worker-a-h5gt4   Ready,SchedulingDisabled   worker   48m   v1.24.0
+ci-ln-fm1qnwt-72292-99kt6-worker-b-7vtmd   Ready                      worker   48m   v1.24.0
+ci-ln-fm1qnwt-72292-99kt6-worker-c-rhzkv   Ready                      worker   48m   v1.24.0
+----
+
+. After a node returns to the `Ready` state, start a debug session for that node:
++
+[source,terminal]
+----
+$ oc debug node/<node_name>
+----
+
+. Set `/host` as the root directory within the debug shell:
++
+[source,terminal]
+----
+sh-4.4# chroot /host
+----
+
+. Check that the `sys/fs/cgroup/cgroup2fs` file is present on your nodes. This file is created by cgroup v2:
++
+[source,terminal]
+----
+$ stat -c %T -f /sys/fs/cgroup 
+----
++
+.Example output
+[source,terminal]
+----
+cgroup2fs
+----
+
+ifeval::["{context}" == "nodes-cluster-cgroups-2"]
+:!nodes:
+endif::[]
+ifeval::["{context}" == "post-install-cluster-tasks"]
+:!post:
+endif::[]