commit a4525ed816de9f35d1f33795b50c78414cae2a5f61cb30f037810ed867db83c2 Author: Dan Čermák Date: Thu Apr 28 12:31:09 2022 +0000 First version of BCI based on Tumbleweed OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/pcp-image?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/10-host_mount.conf.template b/10-host_mount.conf.template new file mode 100644 index 0000000..af1f4ab --- /dev/null +++ b/10-host_mount.conf.template @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +[Service] +Environment="PROC_STATSPATH=${HOST_MOUNT}" +Environment="PCP_PODMAN_DATADIR=${HOST_MOUNT}/var/lib/containers/storage/overlay-containers" +Environment="PCP_PODMAN_RUNDIR=${HOST_MOUNT}/run/containers/storage/overlay-containers" diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e5f8c49 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) +#!BuildTag: suse/pcp:5.2.2 +#!BuildTag: suse/pcp:latest +#!BuildTag: suse/pcp:5.2.2-%RELEASE% +#!BuildTag: suse/pcp:5.2 +#!BuildTag: suse/pcp:5 +FROM bci/bci-init:latest + +MAINTAINER SUSE LLC (https://www.suse.com/) + +# Define labels according to https://en.opensuse.org/Building_derived_containers +# labelprefix=com.suse.application.pcp +LABEL org.opencontainers.image.title="SLE Performance Co-Pilot (pcp) container Container Image" +LABEL org.opencontainers.image.description="Performance Co-Pilot (pcp) container image based on the SLE Base Container Image. This container image is not supported when using a container runtime other than podman." +LABEL org.opencontainers.image.version="5.2.2" +LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" +LABEL org.opencontainers.image.created="%BUILDTIME%" +LABEL org.opencontainers.image.vendor="SUSE LLC" +LABEL org.opensuse.reference="registry.suse.com/suse/pcp:5.2.2-%RELEASE%" +LABEL org.openbuildservice.disturl="%DISTURL%" +LABEL com.suse.supportlevel="techpreview" +LABEL com.suse.eula="sle-bci" +LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle" +LABEL com.suse.image-type="application" +LABEL com.suse.release-stage="beta" +# endlabelprefix + + +RUN set -euo pipefail && zypper -n in --no-recommends pcp hostname shadow gettext-runtime util-linux-systemd && zypper -n clean && rm -rf /var/log/* + + +ENTRYPOINT ["/usr/bin/container-entrypoint"] +CMD ["/usr/lib/systemd/systemd"] + +RUN mkdir -p /usr/share/container-scripts/pcp && mkdir -p /etc/sysconfig +COPY container-entrypoint /usr/bin/ +RUN chmod +x /usr/bin/container-entrypoint +COPY pmproxy.conf.template 10-host_mount.conf.template /usr/share/container-scripts/pcp/ +COPY pmcd pmlogger /etc/sysconfig/ + +# This can be removed after the pcp dependency on sysconfig is removed +RUN systemctl disable wicked wickedd + +VOLUME ["/var/log/pcp/pmlogger"] +EXPOSE 44321 44322 44323 diff --git a/README.md b/README.md new file mode 100644 index 0000000..697b7a6 --- /dev/null +++ b/README.md @@ -0,0 +1,93 @@ +# Performance Co-Pilot container + +Performance Co-Pilot ([PCP](https://pcp.io)) is a system performance analysis toolkit. + +## Usage + +``` +$ podman run -d \ + --name pcp \ + --systemd always \ + -p 44321:44321 \ + -p 44322:44322 \ + -v pcp-archives:/var/log/pcp/pmlogger \ + registry.suse.com/suse/pcp +``` + +**Note:** On SELinux enabled systems, the following boolean needs to be set: `sudo setsebool -P container_manage_cgroup true` + +### Enabling host processes, network and container metrics + +``` +$ sudo podman run -d \ + --name pcp \ + --privileged \ + --net host \ + --systemd always \ + -e HOST_MOUNT=/host \ + -v pcp-archives:/var/log/pcp/pmlogger \ + -v /:/host:ro,rslave \ + registry.suse.com/suse/pcp +``` + +## Configuration + +### Environment Variables + +#### `PCP_SERVICES` +Default: `pmcd,pmie,pmlogger,pmproxy` + +Comma-separated list of PCP services to start. + +#### `HOST_MOUNT` +Default: unset. + +Path inside the container to the bind mount of `/` on the host. + +#### `REDIS_SERVERS` +Default: `localhost:6379` + +Redis connection spec(s) - could be any individual cluster host, and all hosts in the cluster will be automatically discovered. +Alternately, use comma-separated hostspecs (non-clustered setup) + +### Configuration Files + +For custom configuration options beyond the above environment variables, it is advised to use a bind mount with a configuration file on the host to the container. +Example command to run a pmlogger-only container: + +``` +$ podman run -d \ + --name pmlogger \ + --systemd always \ + -e PCP_SERVICES=pmlogger \ + -v $(pwd)/pmlogger.control:/etc/pcp/pmlogger/control.d/local:z \ + -v pcp-archives:/var/log/pcp/pmlogger \ + registry.suse.com/suse/pcp +``` + +pmlogger.control: +``` +$version=1.1 + +remote.pmcdhost.corp n n PCP_ARCHIVE_DIR/remote_pmcd -N -r -T24h10m -c config.default -v 100Mb +``` + +## Volumes + +### `/var/log/pcp/pmlogger` + +Performance Co-Pilot archive files with historical metrics. + +## Ports + +### `44321/tcp` + +The pmcd daemon listens on this port and exposes the [PMAPI(3)](https://man7.org/linux/man-pages/man3/pmapi.3.html) to access metrics. + +### `44322/tcp` + +The pmproxy daemon listens on this port and exposes the REST [PMWEBAPI(3)](https://man7.org/linux/man-pages/man3/pmwebapi.3.html) to access metrics. + +## Documentation + +[PCP books](https://pcp.readthedocs.io) diff --git a/_service b/_service new file mode 100644 index 0000000..52b4539 --- /dev/null +++ b/_service @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/container-entrypoint b/container-entrypoint new file mode 100644 index 0000000..69c69d1 --- /dev/null +++ b/container-entrypoint @@ -0,0 +1,39 @@ +#!/bin/bash -eu +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +ALL_PCP_SERVICES='pmcd,pmie,pmlogger,pmproxy' + +export PCP_SERVICES=${PCP_SERVICES:-${ALL_PCP_SERVICES}} +export HOST_MOUNT=${HOST_MOUNT:-''} +export REDIS_SERVERS=${REDIS_SERVERS:-'localhost:6379'} + +mkdir -p /etc/systemd/system/pmcd.service.d +# shellcheck disable=SC2016 +envsubst '$HOST_MOUNT' < /usr/share/container-scripts/pcp/10-host_mount.conf.template > /etc/systemd/system/pmcd.service.d/10-host_mount.conf +# shellcheck disable=SC2016 +envsubst '$REDIS_SERVERS' < /usr/share/container-scripts/pcp/pmproxy.conf.template > /etc/pcp/pmproxy/pmproxy.conf + +echo "Enabling PCP services: ${PCP_SERVICES}" +for service in ${ALL_PCP_SERVICES//,/ }; do + if [[ ",${PCP_SERVICES}," = *",${service},"* ]]; then + systemctl enable "${service}" 2> /dev/null + else + # pcp-zeroconf enables some PCP services already -> disable them if not requested + systemctl disable "${service}" 2> /dev/null + # prevent other services from starting (due to systemd dependencies) by masking them + systemctl mask "${service}" 2> /dev/null + fi +done + +# After systemd starts, something is creating syslinks in +# /var/lib/pcp/config/pmieconf/dm and /var/lib/pcp/config/pmieconf/zeroconf +# to the following non-existing locations. Pmie fails to start because of these broken links. +# Pmie starts okay if the targets are empty files, so this is a workaround for now. +mkdir -p /etc/pcp/pmieconf/dm +touch /etc/pcp/pmieconf/dm/data_high_util +touch /etc/pcp/pmieconf/dm/metadata_high_util +mkdir -p /etc/pcp/pmieconf/zeroconf +touch /etc/pcp/pmieconf/zeroconf/all_threads + +echo Starting systemd... +exec "$@" diff --git a/pcp-image.changes b/pcp-image.changes new file mode 100644 index 0000000..473a0f4 diff --git a/pmcd b/pmcd new file mode 100644 index 0000000..1b0a739 --- /dev/null +++ b/pmcd @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +# Environment variables for the pmcd daemon. Refer also to the +# pmcd.options and pmcd.conf files for additional configuration. + +# Behaviour regarding listening on external-facing interfaces; +# unset PMCD_LOCAL to allow connections from remote hosts. +# A value of 0 permits remote connections, 1 permits local only. +PMCD_LOCAL=0 + +# Max length to which the queue of pending connections may grow +# A value of 5 is the default. +# PMCD_MAXPENDING=5 + +# Default behaviour regarding pmcd's approach to starting PMDAs; +# In cases where pmdaroot is available, setting this variable to +# 1, offloads starting and stopping of agents to pmdaroot. This +# allows pmcd to not require a restart when starting a new PMDA. +PMCD_ROOT_AGENT=1 + +# Default behaviour regarding pmcd's approach to re-starting any +# unresponsive PMDAs; this should only be used with pmdaroot and +# PMCD_ROOT_AGENT=1 as it allows pmcd to attempt to automatically +# restart any exited PMDA that it detects (which usually requires +# privileges not available to pmcd itself). +PMCD_RESTART_AGENTS=1 + +# Default timeout for waiting on pmcd to accept connections; any +# longer than this value and the rc scripts report it as failed. +# The value is a PCPIntro(1) interval in units of seconds and it +# will be passed directly to the pmcd_wait(1) utility. +# PMCD_WAIT_TIMEOUT=60 + +# Mode for pmcd to initialize the NSS certificate database when using +# secure connections. The default for pmcd is "readonly", as set here. +# If set to "readwrite" but fails, it will fallback and attempt readonly. +PCP_NSS_INIT_MODE=readonly diff --git a/pmlogger b/pmlogger new file mode 100644 index 0000000..ea1654c --- /dev/null +++ b/pmlogger @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +# Environment variables for the primary pmlogger daemon. See also +# the pmlogger control file and pmlogconf(1) for additional details. + +# Behaviour regarding listening on external-facing interfaces; +# unset PMLOGGER_LOCAL to allow connections from remote hosts. +# A value of 0 permits remote connections, 1 permits local only. +PMLOGGER_LOCAL=1 + +# Max length to which the queue of pending connections may grow +# A value of 5 is the default. +# PMLOGGER_MAXPENDING=5 + +# Default sampling interval pmlogger uses when no more specific +# interval is requested. A value of 60 seconds is the default. +# Both pmlogger command line (via control file) and also pmlogger +# configuration file directives will override this value. +PMLOGGER_INTERVAL=10 + +# The default behaviour, when pmlogger configuration comes from +# pmlogconf(1), is to regenerate the configuration file and check for +# changes whenever pmlogger is started from pmlogger_check(1). +# If the PMDA configuration is stable, this is not necessary, and +# setting PMLOGGER_CHECK_SKIP_LOGCONF to yes disables the regeneration +# and checking. +# PMLOGGER_CHECK_SKIP_LOGCONF=yes diff --git a/pmproxy.conf.template b/pmproxy.conf.template new file mode 100644 index 0000000..46b0d92 --- /dev/null +++ b/pmproxy.conf.template @@ -0,0 +1,87 @@ +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +# configuration options for pmproxy, pmseries and associated APIs +# uncomment/edit lines as required + +##################################################################### +## general settings for the pmproxy(1) daemon +##################################################################### +[pmproxy] + +# settings related to TLS certificates and keys +#certificates = /etc/pki/tls/certs/pcp.crt +#private_key = /etc/pki/tls/private/pcp.key +#authority = # PEM format file of acceptable client CAs +#cipher_list = # (TLSv2) colon-separated cipher list to be used +#cipher_suites = # (TLSv3) colon-separated cipher suites to be used + +# maximum pending socket opens +#maxpending = 128 + +# delay in seconds for TCP keep-alive (zero to disable) +#keepalive = 45 + +# buffer size for chunked transfer encoding (bytes, default pagesize) +#chunksize = 4096 + +# support PCP protocol proxying +pcp.enabled = true + +# serve the PCP REST APIs (HTTP) +http.enabled = true + +# support Redis protocol proxying +redis.enabled = true + +# support SSL/TLS protocol wrapping +secure.enabled = true + + +##################################################################### +## settings related to automatically discovered archives +##################################################################### +[discover] + +# propogate archives from pmlogger(1) into Redis querying +enabled = true + +# comma-separated metrics name (globs) to skip during discovery +exclude.metrics = proc.*,acct.* + +# comma-separated list of instance domains to skip during discovery +exclude.indoms = 3.9,3.40,79.7 + +##################################################################### +## settings for metric and indom help text searching via RediSearch +[pmsearch] +##################################################################### + +# allow REST API queries and indexing of metric and indom help text +enabled = true + +# default number of query results in a batch (paginated) +count = 10 + +##################################################################### +## settings for fast, scalable time series quering via Redis +[pmseries] +##################################################################### + +# allow REST API queries of fast, scalable time series +enabled = true + +# Redis connection spec(s) - could be any individual cluster host, +# and all hosts in the cluster will be automatically discovered -- +# alternately, use comma-separated hostspecs (non-clustered setup) +servers = ${REDIS_SERVERS} + +# number of elements from scan calls (https://redis.io/commands/scan) +cursor.count = 256 + +# seconds to expire in-core series (https://redis.io/commands/expire) +stream.expire = 86400 + +# limit number of elements in series (https://redis.io/commands/xadd) +stream.maxlen = 8640 + +#####################################################################