-
Notifications
You must be signed in to change notification settings - Fork 512
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improvements on boot speed and rootfs size #2296
Improvements on boot speed and rootfs size #2296
Conversation
This avoids repeated log entries and unnecessary modprobe invocations when the default target changes. Signed-off-by: Ben Cressey <bcressey@amazon.com>
The `insmod` binary that kube-proxy uses does not support compressed modules, and hands the compressed file to the kernel to load. This leads to warnings that unsigned modules are not allowed, if lockdown is enabled, or errors about malformed modules otherwise. kube-proxy does check whether the module is loaded, so we can avoid these errors by loading the necessary modules before kubelet starts. Signed-off-by: Ben Cressey <bcressey@amazon.com>
Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice to see this finally land!
🐎
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason why we keep the overall number of patches in the downstream patch series for systemd? I have seen this now on multiple PRs that we have to touch all of them to have that number reflect correctly ([90xx/9011]), without any other changes to the patch itself.
Can we take that second number away next time we touch this or is this necessary for some other reason?
@@ -82,6 +82,10 @@ CONFIG_ZSTD_COMPRESS=y | |||
CONFIG_ZSTD_DECOMPRESS=y | |||
CONFIG_DECOMPRESS_ZSTD=y | |||
|
|||
# Enable ZSTD modules compression | |||
CONFIG_MODULE_COMPRESS=y |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since d4bbe942098b ("kbuild: remove CONFIG_MODULE_COMPRESS") got merged in v5.13 CONFIG_MODULE_COMPRESS
doesn't exist anymore. It'd be good to drop it for the kernel-5.15 config to avoid introducing a warning by merge_config.sh
. We could also unset the CONFIG_MODULE_COMPRESS_NONE=y
we pick up from Amazon Linux here.
I don't know that it's necessary, but I like the property that the patches are regenerated as a series so that they don't accumulate offsets and require fuzzy matching, which in my experience is something that tends to happen when they're maintained as independent changes. |
But that would be much more of a process thing in two cases if I am not mistaken:
For the case where we just append an extra patch (like here) we are touching all the other downstream patches to adjust their subject line, which does not have impact on anything but the commit hash (which we do not adjust here), if I am not mistaken. The order of the patches is still governed by what the spec file defines and a later patch should not have an impact on previous patches applicability. I am fine with how this is right now, my curiosity was just sparked when reviewing and I thought we might be able to cut some extra work. |
Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
c240ca2
to
9d019a9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
⚙️
My personal workflow is something like:
I use different work trees pretty often and don't keep checkouts of the upstream projects around, so this is convenient. I haven't thought too much about the work on the reviewer side, so I'm open to the idea of changing something. If it's just a matter of using this as the last command in the above sequence, I'm cool with that:
|
Issue number:
N / A
Description of changes:
In #1689, we reverted the ZSTD compression for kernel modules due to problems with
rpm
andkube-proxy
. The problem withrpm
is gone, and the build doesn't hang anymore. As part of this pull request, theipvs
kernel modules are loaded early on the boot sequence to preventkube-proxy
from loading them.Testing done:
ipvs
kernel modules won't be loaded when they are blocked by the newsettings.kernel.modules
APIkube-proxy
for theipvs
kernel modules, since it will try to load them without failing:Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.