Install RT kernel from RPMs included in RHCOS

Makefile

@@ -54,7 +54,7 @@ OPERATOR_DEV_CSV="0.0.1"
 # Export GO111MODULE=on to enable project to be built from within GOPATH/src
 export GO111MODULE=on
 
-build: gofmt golint
+build: gofmt golint govet
 	@echo "Building operator binary"
 	mkdir -p build/_output/bin
 	env GOOS=$(TARGET_GOOS) GOARCH=$(TARGET_GOARCH) go build -i -ldflags="-s -w" -mod=vendor -o build/_output/bin/performance-addon-operators ./cmd/manager
@@ -112,6 +112,10 @@ cluster-deploy: kustomize
 	@echo "Deploying operator"
 	FULL_REGISTRY_IMAGE=$(FULL_REGISTRY_IMAGE) KUSTOMIZE=$(KUSTOMIZE) hack/deploy.sh
 
+cluster-label-worker-rt:
+	@echo "Adding worker-rt label to worker nodes"
+	hack/label-worker-rt.sh
+
 cluster-clean:
 	@echo "Deleting operator"
 	FULL_REGISTRY_IMAGE=$(FULL_REGISTRY_IMAGE) hack/clean-deploy.sh

build/assets/scripts/rt-kernel.sh

@@ -1,55 +1,55 @@
 #!/usr/bin/env bash
 
+######################################################################################
+## NOTE:                                                                            ##
+## THIS IS A TEMPORARY WORKAROUND UNTIL THIS FEATURE IS AVAILABLE VIA MACHINECONFIG ##
+## IT ONLY WORKS WITH RT KERNEL VERSION 4.*                                         ##
+######################################################################################
+
 set -euo pipefail
 
-REPO_DIR="/etc/yum.repos.d"
-RT_REPO="${REPO_DIR}/rt-kernel.repo"
+echo "Mounting OS image"
 
-# Enable yum repo
-if [[ -f $RT_REPO ]]
-then
-    # The env var might have been changed, so always create new rt repo
-    rm $RT_REPO
-fi
+# remove old container
+osContainerName="osContainer"
+set +e
+podman rm -f "$osContainerName" >/dev/null 2>&1
+set -e
 
-mkdir -p $REPO_DIR
-cat > $RT_REPO <<EOF
-[rt]
-baseurl=${RT_REPO_URL}
-gpgcheck=0
-EOF
-
-# update cache
-rpm-ostree refresh-md -f
-
-exit_handler () {
-    exit_code=$?
-    if [[ ${exit_code} -eq 77 ]]; then 
-        echo "No update available, nothing to do"; 
-        exit 0;
-    elif [[ ${exit_code} -eq 100 ]]; then
-        echo "Initiate reboot, touch /var/reboot"
-        touch /var/reboot
-        exit 0;
-    else
-        exit ${exit_code}
-    fi
-}
+# find booted image sha
+sha=$(rpm-ostree status --json | jq -r '.deployments[] | select(.booted == true) | .["custom-origin"][0]' | sed -E "s|.*@(.*)|\1|")
+imageID=$(podman images --digests | grep $sha | awk '{print $4}')
 
-trap exit_handler EXIT
+# create and mount new container
+podman create --net=none --name "$osContainerName" "$imageID" > /dev/null
+kernelDir=$(podman mount "$osContainerName")
 
-# Swap to RT kernel
+# Swap to or update RT kernel
 kernel=$(uname -a)
-if [[ $kernel =~ "PREEMPT RT" ]]
+if [[ "$kernel" =~ "PREEMPT RT" ]]
 then
     echo "RT kernel already installed, checking for updates"
-    # if no upgrade is available the script will exit with code 77, and we will trap it
-    rpm-ostree upgrade --unchanged-exit-77
-    echo "RT kernel updated"
-    exit 100
+
+    installedVersion=$(rpm -qa | grep kernel-rt-core)
+    # filename without rpm suffix is available version
+    availableVersion=$(ls ${kernelDir}/kernel-rt-core-4*.rpm | xargs basename | xargs -i bash -c 'f="{}" && echo "${f%.*}"')
+
+    if [[ "$installedVersion" == "$availableVersion" ]]
+    then
+        echo "No update available, nothing to do";
+        exit 0
+    else
+        echo "Updating RT kernel"
+        rpm-ostree override replace ${kernelDir}/kernel-rt-core-4*.rpm ${kernelDir}/kernel-rt-modules-4*.rpm ${kernelDir}/kernel-rt-modules-extra-4*.rpm
+        echo "RT kernel updated, trigger reboot by touching /var/reboot"
+        touch /var/reboot
+        exit 0
+    fi
+
 else
     echo "Installing RT kernel"
-    rpm-ostree override remove kernel{,-core,-modules,-modules-extra} --install kernel-rt-core --install kernel-rt-modules --install kernel-rt-modules-extra
-    echo "RT kernel installed"
-    exit 100
+    rpm-ostree override remove kernel{,-core,-modules,-modules-extra} --install ${kernelDir}/kernel-rt-core-4*.rpm --install ${kernelDir}/kernel-rt-modules-4*.rpm --install ${kernelDir}/kernel-rt-modules-extra-4*.rpm
+    echo "RT kernel installed, trigger reboot by touching /var/reboot"
+    touch /var/reboot
+    exit 0
 fi

cluster-setup/base/performance/performance_profile.yaml

@@ -13,4 +13,4 @@ spec:
     - size: "1G"
       count: 1
   realTimeKernel:
-    repoURL: "http://download-node-02.eng.bos.redhat.com/rhel-8/nightly/RHEL-8/latest-RHEL-8.1.1/compose/RT/x86_64/os"
+    enabled: true

deploy/crds/performance.openshift.io_performanceprofiles_crd.yaml

@@ -84,10 +84,10 @@ spec:
               description: RealTimeKernel defines set of real time kernel related
                 parameters.
               properties:
-                repoURL:
-                  description: RepoURL defines the URL to the repository with real
-                    time kernel packages
-                  type: string
+                enabled:
+                  description: Enabled defines if the real time kernel packages should
+                    be installed
+                  type: boolean
               type: object
           type: object
         status:

deploy/olm-catalog/performance-addon-operators/0.0.1/performance.openshift.io_performanceprofiles_crd.yaml

@@ -84,10 +84,10 @@ spec:
               description: RealTimeKernel defines set of real time kernel related
                 parameters.
               properties:
-                repoURL:
-                  description: RepoURL defines the URL to the repository with real
-                    time kernel packages
-                  type: string
+                enabled:
+                  description: Enabled defines if the real time kernel packages should
+                    be installed
+                  type: boolean
               type: object
           type: object
         status:

hack/label-worker-rt.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+# expect oc to be in PATH by default
+OC_TOOL="${OC_TOOL:-oc}"
+
+# Label worker nodes
+echo "[INFO]:labeling worker nodes"
+for node in $(${OC_TOOL} get nodes --selector='!node-role.kubernetes.io/master' -o name); do
+    ${OC_TOOL} label $node node-role.kubernetes.io/worker-rt=""
+done

pkg/apis/performance/v1alpha1/performanceprofile_types.go

@@ -51,8 +51,8 @@ type HugePage struct {
 
 // RealTimeKernel defines the set of parameters relevant for the real time kernel.
 type RealTimeKernel struct {
-	// RepoURL defines the URL to the repository with real time kernel packages
-	RepoURL *string `json:"repoURL,omitempty"`
+	// Enabled defines if the real time kernel packages should be installed
+	Enabled *bool `json:"enabled,omitempty"`
 }
 
 // PerformanceProfileStatus defines the observed state of PerformanceProfile.

pkg/controller/performanceprofile/components/machineconfig/machineconfig.go

@@ -52,7 +52,6 @@ const (
 )
 
 const (
-	environmentRTRepoURL       = "RT_REPO_URL"
 	environmentNonIsolatedCpus = "NON_ISOLATED_CPUS"
 )
 
@@ -73,7 +72,7 @@ func New(assetsDir string, profile *performancev1alpha1.PerformanceProfile) (*ma
 		Spec: machineconfigv1.MachineConfigSpec{},
 	}
 
-	ignitionConfig, err := getIgnitionConfig(assetsDir, *profile.Spec.RealTimeKernel.RepoURL, profile.Spec.CPU.NonIsolated)
+	ignitionConfig, err := getIgnitionConfig(assetsDir, profile)
 	if err != nil {
 		return nil, err
 	}
@@ -118,7 +117,8 @@ func getKernelArgs(hugePages *performancev1alpha1.HugePages, isolatedCPUs *perfo
 	return kargs
 }
 
-func getIgnitionConfig(assetsDir string, rtRepoURL string, nonIsolatedCpus *performancev1alpha1.CPUSet) (*igntypes.Config, error) {
+func getIgnitionConfig(assetsDir string, profile *performancev1alpha1.PerformanceProfile) (*igntypes.Config, error) {
+
 	mode := 0700
 	ignitionConfig := &igntypes.Config{
 		Ignition: igntypes.Ignition{
@@ -149,11 +149,12 @@ func getIgnitionConfig(assetsDir string, rtRepoURL string, nonIsolatedCpus *perf
 		})
 	}
 
-	rtKernelService, err := getSystemdContent(getRTKernelUnitOptions(rtRepoURL))
+	rtKernelService, err := getSystemdContent(getRTKernelUnitOptions())
 	if err != nil {
 		return nil, err
 	}
 
+	nonIsolatedCpus := profile.Spec.CPU.NonIsolated
 	preBootTuningService, err := getSystemdContent(
 		getPreBootTuningUnitOptions(string(*nonIsolatedCpus)),
 	)
@@ -166,11 +167,15 @@ func getIgnitionConfig(assetsDir string, rtRepoURL string, nonIsolatedCpus *perf
 		return nil, err
 	}
 
+	enableRTKernel := profile.Spec.RealTimeKernel != nil &&
+		profile.Spec.RealTimeKernel.Enabled != nil &&
+		*profile.Spec.RealTimeKernel.Enabled
+
 	ignitionConfig.Systemd = igntypes.Systemd{
 		Units: []igntypes.Unit{
 			{
 				Contents: rtKernelService,
-				Enabled:  pointer.BoolPtr(true),
+				Enabled:  &enableRTKernel,
 				Name:     getSystemdService(rtKernel),
 			},
 			{
@@ -209,7 +214,7 @@ func getSystemdContent(options []*unit.UnitOption) (string, error) {
 	return string(outBytes), nil
 }
 
-func getRTKernelUnitOptions(rtRepoURL string) []*unit.UnitOption {
+func getRTKernelUnitOptions() []*unit.UnitOption {
 	return []*unit.UnitOption{
 		// [Unit]
 		// Description
@@ -222,8 +227,6 @@ func getRTKernelUnitOptions(rtRepoURL string) []*unit.UnitOption {
 		unit.NewUnitOption(systemdSectionUnit, systemdBefore, systemdServiceKubelet),
 		unit.NewUnitOption(systemdSectionUnit, systemdBefore, getSystemdService(preBootTuning)),
 		// [Service]
-		// Environment
-		unit.NewUnitOption(systemdSectionService, systemdEnvironment, getSystemdEnvironment(environmentRTRepoURL, rtRepoURL)),
 		// Type
 		unit.NewUnitOption(systemdSectionService, systemdType, systemdServiceTypeOneshot),
 		// RemainAfterExit
@@ -264,7 +267,7 @@ func getPreBootTuningUnitOptions(nonIsolatedCpus string) []*unit.UnitOption {
 	return []*unit.UnitOption{
 		// [Unit]
 		// Description
-		unit.NewUnitOption(systemdSectionUnit, systemdDescription, "Reboot initiated by rt-kernel and pre-boot-tuning"),
+		unit.NewUnitOption(systemdSectionUnit, systemdDescription, "Preboot tuning patch"),
 		// Wants
 		unit.NewUnitOption(systemdSectionUnit, systemdWants, getSystemdService(rtKernel)),
 		// After

pkg/controller/performanceprofile/components/machineconfig/machineconfig_test.go

@@ -22,7 +22,6 @@ const expectedSystemdUnits = `
           Before=pre-boot-tuning.service
 
           [Service]
-          Environment=RT_REPO_URL=https://test.test
           Type=oneshot
           RemainAfterExit=true
           ExecStart=/usr/local/bin/rt-kernel.sh
@@ -33,7 +32,7 @@ const expectedSystemdUnits = `
         name: rt-kernel.service
       - contents: |
           [Unit]
-          Description=Reboot initiated by rt-kernel and pre-boot-tuning
+          Description=Preboot tuning patch
           Wants=rt-kernel.service
           After=rt-kernel.service
           Before=kubelet.service

pkg/controller/performanceprofile/performanceprofile_controller.go

@@ -447,13 +447,6 @@ func (r *ReconcilePerformanceProfile) validatePerformanceProfileParameters(perfo
 		return fmt.Errorf("you should provide non isolated CPU set")
 	}
 
-	if performanceProfile.Spec.RealTimeKernel == nil {
-		return fmt.Errorf("you should provide real time kernel section")
-	}
-
-	if performanceProfile.Spec.RealTimeKernel.RepoURL == nil {
-		return fmt.Errorf("you should provide real time kernel repository URL")
-	}
 	return nil
 }
 

pkg/utils/testing/testing.go

@@ -17,8 +17,6 @@ const (
 	NonIsolateCPUs = performancev1alpha1.CPUSet("2-3")
 	// ReservedCPUs defines the reserved CPU set used for tests
 	ReservedCPUs = performancev1alpha1.CPUSet("0-3")
-	// RepoURL defines the real-time kernel repository URL used for tests
-	RepoURL = "https://test.test"
 )
 
 // NewPerformanceProfile returns new performance profile object that used for tests
@@ -50,7 +48,7 @@ func NewPerformanceProfile(name string) *performancev1alpha1.PerformanceProfile
 				},
 			},
 			RealTimeKernel: &performancev1alpha1.RealTimeKernel{
-				RepoURL: pointer.StringPtr(RepoURL),
+				Enabled: pointer.BoolPtr(true),
 			},
 			NodeSelector: map[string]string{
 				"test": "test",