[libvirt] Handle cgroupv2 correctly

The list of default kernel cgroup controllers may be changed
an example is kernel upgrade from 5.4.x to 5.15.x where misc controller
is enabled by default. Unhardcode list of controllers to have ability
to override them for never kernel version and allow to do not kill
qemu processes with container restart.

Change-Id: Ic4f895096a3ad2228c31f19ba1190e44f562f2a0

libvirt/Chart.yaml

@@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm libvirt
 name: libvirt
-version: 0.1.32
+version: 0.1.33
 home: https://libvirt.org
 sources:
   - https://libvirt.org/git/?p=libvirt.git;a=summary

libvirt/templates/bin/_libvirt.sh.tpl

@@ -53,16 +53,14 @@ if [[ -c /dev/kvm ]]; then
     chown root:kvm /dev/kvm
 fi
 
-if [ $CGROUP_VERSION != "v2" ]; then
-  #Setup Cgroups to use when breaking out of Kubernetes defined groups
-  CGROUPS=""
-  for CGROUP in cpu rdma hugetlb; do
-    if [ -d /sys/fs/cgroup/${CGROUP} ]; then
-      CGROUPS+="${CGROUP},"
-    fi
-  done
-  cgcreate -g ${CGROUPS%,}:/osh-libvirt
-fi
+#Setup Cgroups to use when breaking out of Kubernetes defined groups
+CGROUPS=""
+for CGROUP in {{ .Values.conf.kubernetes.cgroup_controllers | include "helm-toolkit.utils.joinListWithSpace"  }}; do
+  if [ -d /sys/fs/cgroup/${CGROUP} ] || grep -w $CGROUP /sys/fs/cgroup/cgroup.controllers; then
+    CGROUPS+="${CGROUP},"
+  fi
+done
+cgcreate -g ${CGROUPS%,}:/osh-libvirt
 
 # We assume that if hugepage count > 0, then hugepages should be exposed to libvirt/qemu
 hp_count="$(cat /proc/meminfo | grep HugePages_Total | tr -cd '[:digit:]')"
@@ -122,12 +120,8 @@ if [ 0"$hp_count" -gt 0 ]; then
 fi
 
 if [ -n "${LIBVIRT_CEPH_CINDER_SECRET_UUID}" ] || [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
-  if [ $CGROUP_VERSION != "v2" ]; then
-    #NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied.
-    cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen &
-  else
-    systemd-run --scope --slice=system libvirtd --listen &
-  fi
+
+  cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen &
 
   tmpsecret=$(mktemp --suffix .xml)
   if [ -n "${LIBVIRT_EXTERNAL_CEPH_CINDER_SECRET_UUID}" ] ; then
@@ -203,9 +197,5 @@ EOF
 
 fi
 
-if [ $CGROUP_VERSION != "v2" ]; then
-  #NOTE(portdirect): run libvirtd as a transient unit on the host with the osh-libvirt cgroups applied.
-  cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen
-else
-  systemd-run --scope --slice=system libvirtd --listen
-fi
+# NOTE(vsaienko): changing CGROUP is required as restart of the pod will cause domains restarts
+cgexec -g ${CGROUPS%,}:/osh-libvirt systemd-run --scope --slice=system libvirtd --listen

libvirt/values.yaml

@@ -123,6 +123,20 @@ conf:
     group: "kvm"
   kubernetes:
     cgroup: "kubepods.slice"
+    # List of cgroup controller we want to use when breaking out of
+    # Kubernetes defined groups
+    cgroup_controllers:
+      - blkio
+      - cpu
+      - devices
+      - freezer
+      - hugetlb
+      - memory
+      - net_cls
+      - perf_event
+      - rdma
+      - misc
+      - pids
   vencrypt:
     # Issuer to use for the vencrypt certs.
     issuer:
@@ -176,7 +190,6 @@ conf:
       kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.crt}' | base64 -d > /tmp/${TYPE}.crt
       kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.key}' | base64 -d > /tmp/${TYPE}.key
       kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/${TYPE}-ca.crt
-
 pod:
   probes:
     libvirt:

releasenotes/notes/libvirt.yaml

@@ -33,4 +33,5 @@ libvirt:
   - 0.1.30 Add 2024.1 overrides
   - 0.1.31 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default
   - 0.1.32 Enable a flag to parse Libvirt Nova metadata in libvirt exporter
+  - 0.1.33 Handle cgroupv2 correctly
 ...