KVM cpu_type and flags
42 views
Skip to first unread message
bamblew...@gmail.com
Nov 14, 2022, 2:33:26 PM11/14/22
to ganeti
It seems like setting the ganeti backend parameter "cpu_type" is beneficial for a number reasons:
1. Performance -- Certain flags enable processor-specific performance features.
2. Security -- Certain flags enable fixes to hardware vulnerabilities, like Spectre and Meltdown.
3. Compatibility -- Rocky Linux 9.0, running kernel v5.14, panics at boot time unless a specific processor model is set. The default "QEMU Virtual CPU" is no longer sufficient.
QUESTION: How do I select the optimal processor model and flags from the dozens that are available with KVM?
EXAMPLE:
Here's the /proc/cpuinfo from my test cluster, where all nodes are Dell PowerEdge R610:
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 44
model name : Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
stepping : 2
microcode : 0x1f
cpu MHz : 2393.795
cache size : 12288 KB
physical id : 1
siblings : 8
core id : 0
cpu cores : 4
apicid : 32
initial apicid : 32
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid dca sse4_1 sse4_2 popcnt aes lahf_lm pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid dtherm ida arat flush_l1d
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit
bogomips : 4787.59
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
Ganeti accepts this command...
# gnt-cluster modify -H kvm:cpu_type=Westmere\\,+pcid\\,+invpcid\\,+spec-ctrl\\,+ssbd\\,+md-clear
.. and the processor model and flags show up accordingly in the hypervisor command line...
# ps aux | grep qemu-kvm
root 526448 88.6 1.1 9912048 975664 ? Sl 14:10 0:37 /usr/libexec/qemu-kvm -name foremantest3a.dmz.psfc.coop -m 8192 -smp 4 -pidfile /var/run/ganeti/kvm-hypervisor/pid/foremantest3a.dmz.psfc.coop -device virtio-balloon -daemonize -D /var/log/ganeti/kvm/foremantest3a.dmz.psfc.coop.log -machine pc-i440fx-rhel7.6.0 -monitor unix:/var/run/ganeti/kvm-hypervisor/ctrl/foremantest3a.dmz.psfc.coop.monitor,server,nowait -serial unix:/var/run/ganeti/kvm-hypervisor/ctrl/foremantest3a.dmz.psfc.coop.serial,server,nowait -usb -usbdevice tablet -vnc 127.0.0.1:5100 -cpu Westmere,+pcid,+invpcid,+spec-ctrl,+ssbd,+md-clear -uuid 050e7e64-9901-492a-8342-b2a226c636d1 -netdev type=tap,id=nic-cf467569-0418-4eca,fd=12 -device virtio-net-pci,id=nic-cf467569-0418-4eca,bus=pci.0,addr=0xd,netdev=nic-cf467569-0418-4eca,mac=aa:00:00:ff:cc:37 -qmp unix:/var/run/ganeti/kvm-hypervisor/ctrl/foremantest3a.dmz.psfc.coop.qmp,server,nowait -qmp unix:/var/run/ganeti/kvm-hypervisor/ctrl/foremantest3a.dmz.psfc.coop.kvmd,server,nowait -boot c -device virtio-blk-pci,id=disk-e3949a28-9948-41af,bus=pci.0,addr=0xc,drive=disk-e3949a28-9948-41af -drive file=/var/run/ganeti/instance-disks/foremantest3a.dmz.psfc.coop:0,format=raw,if=none,aio=threads,id=disk-e3949a28-9948-41af,auto-read-only=off -S
...but, is this complete, or even sufficient?
Any advice would be greatly appreciated.
-jm
1. Performance -- Certain flags enable processor-specific performance features.
2. Security -- Certain flags enable fixes to hardware vulnerabilities, like Spectre and Meltdown.
3. Compatibility -- Rocky Linux 9.0, running kernel v5.14, panics at boot time unless a specific processor model is set. The default "QEMU Virtual CPU" is no longer sufficient.
QUESTION: How do I select the optimal processor model and flags from the dozens that are available with KVM?
EXAMPLE:
Here's the /proc/cpuinfo from my test cluster, where all nodes are Dell PowerEdge R610:
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 44
model name : Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
stepping : 2
microcode : 0x1f
cpu MHz : 2393.795
cache size : 12288 KB
physical id : 1
siblings : 8
core id : 0
cpu cores : 4
apicid : 32
initial apicid : 32
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid dca sse4_1 sse4_2 popcnt aes lahf_lm pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid dtherm ida arat flush_l1d
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit
bogomips : 4787.59
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
Ganeti accepts this command...
# gnt-cluster modify -H kvm:cpu_type=Westmere\\,+pcid\\,+invpcid\\,+spec-ctrl\\,+ssbd\\,+md-clear
.. and the processor model and flags show up accordingly in the hypervisor command line...
# ps aux | grep qemu-kvm
root 526448 88.6 1.1 9912048 975664 ? Sl 14:10 0:37 /usr/libexec/qemu-kvm -name foremantest3a.dmz.psfc.coop -m 8192 -smp 4 -pidfile /var/run/ganeti/kvm-hypervisor/pid/foremantest3a.dmz.psfc.coop -device virtio-balloon -daemonize -D /var/log/ganeti/kvm/foremantest3a.dmz.psfc.coop.log -machine pc-i440fx-rhel7.6.0 -monitor unix:/var/run/ganeti/kvm-hypervisor/ctrl/foremantest3a.dmz.psfc.coop.monitor,server,nowait -serial unix:/var/run/ganeti/kvm-hypervisor/ctrl/foremantest3a.dmz.psfc.coop.serial,server,nowait -usb -usbdevice tablet -vnc 127.0.0.1:5100 -cpu Westmere,+pcid,+invpcid,+spec-ctrl,+ssbd,+md-clear -uuid 050e7e64-9901-492a-8342-b2a226c636d1 -netdev type=tap,id=nic-cf467569-0418-4eca,fd=12 -device virtio-net-pci,id=nic-cf467569-0418-4eca,bus=pci.0,addr=0xd,netdev=nic-cf467569-0418-4eca,mac=aa:00:00:ff:cc:37 -qmp unix:/var/run/ganeti/kvm-hypervisor/ctrl/foremantest3a.dmz.psfc.coop.qmp,server,nowait -qmp unix:/var/run/ganeti/kvm-hypervisor/ctrl/foremantest3a.dmz.psfc.coop.kvmd,server,nowait -boot c -device virtio-blk-pci,id=disk-e3949a28-9948-41af,bus=pci.0,addr=0xc,drive=disk-e3949a28-9948-41af -drive file=/var/run/ganeti/instance-disks/foremantest3a.dmz.psfc.coop:0,format=raw,if=none,aio=threads,id=disk-e3949a28-9948-41af,auto-read-only=off -S
...but, is this complete, or even sufficient?
Any advice would be greatly appreciated.
-jm
Rudolph Bott
Nov 15, 2022, 2:52:56 AM11/15/22
to gan...@googlegroups.com
Hi JM,
in short - use the oldest CPU type / family available in your cluster (and let's hope it is only either intel or AMD based :-) ). If all of them have the exact same type of CPU, you will really want to set cpu_type=host (this will just pass through to original CPU).
Sascha hast posted a script to make finding the largest common subset of features/flags easier, you can download it from this github issue: https://github.com/ganeti/ganeti/issues/1382
Hope that helps :-)
PS: we already had discussions at earlier GanetiCons regarding the default value of the cpu_type paramter. The 'qemu64' CPU type is the only type which allows for easy migrations between any kind of amd64-type CPUs (be it Intel or AMD based). If this is no longer a valid choice, we probably need to pick up that discussion again :-)
Cheers, Rudi
--
You received this message because you are subscribed to the Google Groups "ganeti" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ganeti+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ganeti/5a0e53a4-45e6-456f-a52d-03fbeb3c4333n%40googlegroups.com.
--
Rudolph Bott - bo...@sipgate.de
Telefon: +49 (0)211-63 55 55-55
Telefax: +49 (0)211-63 55 55-22
sipgate GmbH - Gladbacher Str. 74 - 40219 Düsseldorf
HRB Düsseldorf 39841 - Geschäftsführer: Thilo Salmon, Tim Mois
Steuernummer: 106/5724/7147, Umsatzsteuer-ID: DE219349391
Daniel Howard
Nov 16, 2022, 2:05:08 AM11/16/22
to gan...@googlegroups.com
There is a nice little script at https://github.com/ganeti/ganeti/issues/1382#issuecomment-608390192 that will suggest an optimal cpu_type which you can then insert into the cluster config.
--
You received this message because you are subscribed to the Google Groups "ganeti" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ganeti+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ganeti/5a0e53a4-45e6-456f-a52d-03fbeb3c4333n%40googlegroups.com.
John McNally
Nov 28, 2022, 6:14:50 PM11/28/22
to gan...@googlegroups.com
Rudi,
I am using "cpu_type=host" successfully. Since my clusters all have identical hardware on all nodes, this is a very simple solution.
Thanks for your help.
To view this discussion on the web visit https://groups.google.com/d/msgid/ganeti/CAPG4N%3DbH6hkZkLW_sYqoRaEy3mHJVTr7Fubz4GhXU%2BnvcpH3Xw%40mail.gmail.com.
John McNally
Nov 28, 2022, 6:17:30 PM11/28/22
to gan...@googlegroups.com
Daniel,
Since my clusters have identical hardware on all nodes, I am able to use "cpu_type=host" successfully. The "qemu-common-cpu" script looks quite ingenious though. I will look into it.
To view this discussion on the web visit https://groups.google.com/d/msgid/ganeti/CAKU%3DtE9R1Ks66cCUpDx2%2BFPYXchNh3y71o-cT8xL1hy_LQF3yQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages