Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use recommended clocksources #1328

Merged
merged 1 commit into from
Jun 29, 2023
Merged

Use recommended clocksources #1328

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions files/bin/configure-clocksource
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
#!/usr/bin/env bash

set -o errexit
set -o pipefail
set -o nounset

CLOCK_PATH="/sys/devices/system/clocksource/clocksource0"

function log() {
echo >&2 "$@"
}

function current-clocksource() {
cat "${CLOCK_PATH}/current_clocksource"
}

function check-available-clocksource() {
grep --quiet "${1}" "${CLOCK_PATH}/available_clocksource"
}

function try-set-clocksource() {
if check-available-clocksource "${1}"; then
echo "${1}" > "${CLOCK_PATH}/current_clocksource"
log "configured clocksource: ${1}"
else
log "clocksource not available: ${1}"
fi
}

case "$(imds /latest/meta-data/system)" in
nitro)
CLOCKSOURCE="kvm-clock"
;;

**)
CLOCKSOURCE="tsc"
;;
esac

log "desired clocksource: ${CLOCKSOURCE}"

if [ ! "$(current-clocksource)" = "${CLOCKSOURCE}" ]; then
try-set-clocksource "${CLOCKSOURCE}"
fi

log "final clocksource: $(current-clocksource)"
5 changes: 5 additions & 0 deletions files/bootstrap.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -325,6 +325,11 @@ if [ "$MOUNT_BPF_FS" = "true" ]; then
mount-bpf-fs
fi

cp -v /etc/eks/configure-clocksource.service /etc/systemd/system/configure-clocksource.service
chown root:root /etc/systemd/system/configure-clocksource.service
systemctl daemon-reload
systemctl enable --now configure-clocksource

ECR_URI=$(/etc/eks/get-ecr-uri.sh "${AWS_DEFAULT_REGION}" "${AWS_SERVICES_DOMAIN}" "${PAUSE_CONTAINER_ACCOUNT:-}")
PAUSE_CONTAINER_IMAGE=${PAUSE_CONTAINER_IMAGE:-$ECR_URI/eks/pause}
PAUSE_CONTAINER="$PAUSE_CONTAINER_IMAGE:$PAUSE_CONTAINER_VERSION"
Expand Down
8 changes: 8 additions & 0 deletions files/configure-clocksource.service
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[Unit]
Description=Configure kernel clocksource

[Service]
ExecStart=/usr/bin/configure-clocksource

[Install]
WantedBy=multi-user.target
22 changes: 4 additions & 18 deletions scripts/install-worker.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,27 +81,13 @@ sudo yum versionlock kernel-$(uname -r)
# Remove the ec2-net-utils package, if it's installed. This package interferes with the route setup on the instance.
if yum list installed | grep ec2-net-utils; then sudo yum remove ec2-net-utils -y -q; fi

sudo mkdir -p /etc/eks/

################################################################################
### Time #######################################################################
################################################################################

# Make sure Amazon Time Sync Service starts on boot.
sudo chkconfig chronyd on

# Make sure that chronyd syncs RTC clock to the kernel.
cat << EOF | sudo tee -a /etc/chrony.conf
# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
rtcsync
EOF
Comment on lines -92 to -96
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I verified that this is already present in /etc/chrony.conf in the latest AL2 minimal AMI. We should not configure chrony here to avoid diverging from the defaults provided by AL2.


# If current clocksource is xen, switch to tsc
if grep --quiet xen /sys/devices/system/clocksource/clocksource0/current_clocksource \
&& grep --quiet tsc /sys/devices/system/clocksource/clocksource0/available_clocksource; then
echo "tsc" | sudo tee /sys/devices/system/clocksource/clocksource0/current_clocksource
else
echo "tsc as a clock source is not applicable, skipping."
fi
Comment on lines -98 to -104
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This only sets the current clocksource, which has no effect after a reboot.

sudo mv $WORKING_DIR/configure-clocksource.service /etc/eks/configure-clocksource.service

################################################################################
### SSH ########################################################################
Expand All @@ -114,7 +100,7 @@ sudo systemctl restart sshd.service
################################################################################
### iptables ###################################################################
################################################################################
sudo mkdir -p /etc/eks

sudo mv $WORKING_DIR/iptables-restore.service /etc/eks/iptables-restore.service

################################################################################
Expand Down
6 changes: 6 additions & 0 deletions scripts/upgrade_kernel.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,10 @@ sudo grubby \
--update-kernel=ALL \
--args="psi=1"

# use the tsc clocksource by default
# https://repost.aws/knowledge-center/manage-ec2-linux-clock-source
sudo grubby \
--update-kernel=ALL \
--args="clocksource=tsc tsc=reliable"

Comment on lines +27 to +32
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't strictly necessary with the configure-clocksource unit in place, but the tsc=reliable flag is still worth setting, and we might as well configure a default here too.

sudo reboot
1 change: 1 addition & 0 deletions test/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ RUN amazon-linux-extras enable docker && \

ENV IMDS_ENDPOINT=127.0.0.1:1338
COPY --from=aemm /ec2-metadata-mock /sbin/ec2-metadata-mock
RUN mkdir -p /etc/systemd/system
RUN mkdir -p /etc/eks/containerd
COPY files/ /etc/eks/
COPY files/containerd-config.toml files/kubelet-containerd.service files/pull-sandbox-image.sh files/sandbox-image.service /etc/eks/containerd/
Expand Down