Improvements on boot speed and rootfs size #2296
Conversation
This avoids repeated log entries and unnecessary modprobe invocations when the default target changes. Signed-off-by: Ben Cressey <bcressey@amazon.com>
The `insmod` binary that kube-proxy uses does not support compressed modules, and hands the compressed file to the kernel to load. This leads to warnings that unsigned modules are not allowed, if lockdown is enabled, or errors about malformed modules otherwise. kube-proxy does check whether the module is loaded, so we can avoid these errors by loading the necessary modules before kubelet starts. Signed-off-by: Ben Cressey <bcressey@amazon.com>
Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
There was a problem hiding this comment.
Is there a reason why we keep the overall number of patches in the downstream patch series for systemd? I have seen this now on multiple PRs that we have to touch all of them to have that number reflect correctly ([90xx/9011]), without any other changes to the patch itself.
Can we take that second number away next time we touch this or is this necessary for some other reason?
| @@ -82,6 +82,10 @@ CONFIG_ZSTD_COMPRESS=y | |||
| CONFIG_ZSTD_DECOMPRESS=y | |||
| CONFIG_DECOMPRESS_ZSTD=y | |||
|
|
|||
| # Enable ZSTD modules compression | |||
| CONFIG_MODULE_COMPRESS=y | |||
There was a problem hiding this comment.
Since d4bbe942098b ("kbuild: remove CONFIG_MODULE_COMPRESS") got merged in v5.13 CONFIG_MODULE_COMPRESS doesn't exist anymore. It'd be good to drop it for the kernel-5.15 config to avoid introducing a warning by merge_config.sh. We could also unset the CONFIG_MODULE_COMPRESS_NONE=y we pick up from Amazon Linux here.
I don't know that it's necessary, but I like the property that the patches are regenerated as a series so that they don't accumulate offsets and require fuzzy matching, which in my experience is something that tends to happen when they're maintained as independent changes. |
But that would be much more of a process thing in two cases if I am not mistaken:
For the case where we just append an extra patch (like here) we are touching all the other downstream patches to adjust their subject line, which does not have impact on anything but the commit hash (which we do not adjust here), if I am not mistaken. The order of the patches is still governed by what the spec file defines and a later patch should not have an impact on previous patches applicability. I am fine with how this is right now, my curiosity was just sparked when reviewing and I thought we might be able to cut some extra work. |
Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
arnaldo2792
force-pushed
the
kernel-modules-compression
branch
from
c240ca2
to
9d019a9
Compare
My personal workflow is something like: I use different work trees pretty often and don't keep checkouts of the upstream projects around, so this is convenient. I haven't thought too much about the work on the reviewer side, so I'm open to the idea of changing something. If it's just a matter of using this as the last command in the above sequence, I'm cool with that: |
Issue number:
N / A
Description of changes:
In #1689, we reverted the ZSTD compression for kernel modules due to problems with
rpmandkube-proxy. The problem withrpmis gone, and the build doesn't hang anymore. As part of this pull request, theipvskernel modules are loaded early on the boot sequence to preventkube-proxyfrom loading them.Testing done:
ipvskernel modules won't be loaded when they are blocked by the newsettings.kernel.modulesAPIkube-proxyfor theipvskernel modules, since it will try to load them without failing:Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.