From 74e346083d3a77f702e5c16dc2aabca2b33aa407e97ee56866c7005c13c32732 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Thu, 8 Aug 2024 16:57:47 +0000 Subject: [PATCH] [info=738834a649e89bf5aab5e8da86a84fcb] OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/pcp-image?expand=0&rev=186 --- .gitattributes | 23 ++++++ .gitignore | 1 + 10-host_mount.conf.template | 6 ++ Dockerfile | 60 ++++++++++++++++ README.md | 105 +++++++++++++++++++++++++++ _service | 16 +++++ container-entrypoint | 41 +++++++++++ healthcheck | 16 +++++ pcp-image.changes | 139 ++++++++++++++++++++++++++++++++++++ pmcd | 37 ++++++++++ pmlogger | 27 +++++++ pmproxy.conf.template | 87 ++++++++++++++++++++++ 12 files changed, 558 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 10-host_mount.conf.template create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 _service create mode 100644 container-entrypoint create mode 100644 healthcheck create mode 100644 pcp-image.changes create mode 100644 pmcd create mode 100644 pmlogger create mode 100644 pmproxy.conf.template diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/10-host_mount.conf.template b/10-host_mount.conf.template new file mode 100644 index 0000000..af1f4ab --- /dev/null +++ b/10-host_mount.conf.template @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +[Service] +Environment="PROC_STATSPATH=${HOST_MOUNT}" +Environment="PCP_PODMAN_DATADIR=${HOST_MOUNT}/var/lib/containers/storage/overlay-containers" +Environment="PCP_PODMAN_RUNDIR=${HOST_MOUNT}/run/containers/storage/overlay-containers" diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..6615c65 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,60 @@ +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +# Copyright (c) 2024 SUSE LLC + +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. + +# The content of THIS FILE IS AUTOGENERATED and should not be manually modified. +# It is maintained by the BCI team and generated by +# https://github.com/SUSE/BCI-dockerfile-generator + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# You can contact the BCI team via https://github.com/SUSE/bci/discussions + + +#!BuildTag: opensuse/pcp:6.2.1 +#!BuildTag: opensuse/pcp:6.2.1-%RELEASE% +#!BuildTag: opensuse/pcp:6.2 +#!BuildTag: opensuse/pcp:6.2-%RELEASE% +#!BuildTag: opensuse/pcp:6 +#!BuildTag: opensuse/pcp:6-%RELEASE% +#!BuildTag: opensuse/pcp:latest + +FROM opensuse/bci/bci-init:latest + +# Define labels according to https://en.opensuse.org/Building_derived_containers +# labelprefix=org.opensuse.application.pcp +LABEL org.opencontainers.image.authors="openSUSE (https://www.opensuse.org/)" +LABEL org.opencontainers.image.title="openSUSE Tumbleweed Performance Co-Pilot (pcp)" +LABEL org.opencontainers.image.description="Performance Co-Pilot (pcp) container based on the openSUSE Tumbleweed Base Container Image. This container is only supported with podman." +LABEL org.opencontainers.image.version="6.2.1" +LABEL org.opencontainers.image.url="https://www.opensuse.org" +LABEL org.opencontainers.image.created="%BUILDTIME%" +LABEL org.opencontainers.image.vendor="openSUSE Project" +LABEL org.opencontainers.image.source="%SOURCEURL%" +LABEL org.opensuse.reference="registry.opensuse.org/opensuse/pcp:6.2.1-%RELEASE%" +LABEL org.openbuildservice.disturl="%DISTURL%" +LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI" +LABEL org.opensuse.release-stage="released" +# endlabelprefix +LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/pcp-image/README.md" + +RUN set -euo pipefail; zypper -n in --no-recommends pcp hostname procps shadow envsubst util-linux-systemd; zypper -n clean; rm -rf /var/log/{lastlog,tallylog,zypper.log,zypp/history,YaST2} +ENTRYPOINT ["/usr/local/bin/container-entrypoint"] +CMD ["/usr/lib/systemd/systemd"] +EXPOSE 44321 44322 44323 + +RUN set -euo pipefail; mkdir -p /usr/share/container-scripts/pcp; mkdir -p /etc/sysconfig +COPY container-entrypoint healthcheck /usr/local/bin/ +RUN set -euo pipefail; chmod +x /usr/local/bin/container-entrypoint /usr/local/bin/healthcheck +COPY pmproxy.conf.template 10-host_mount.conf.template /usr/share/container-scripts/pcp/ +COPY pmcd pmlogger /etc/sysconfig/ + +# This can be removed after the pcp dependency on sysconfig is removed +RUN set -euo pipefail; systemctl disable wicked wickedd || : + +HEALTHCHECK --start-period=30s --timeout=20s --interval=10s --retries=3 CMD /usr/local/bin/healthcheck + +VOLUME /var/log/pcp/pmlogger diff --git a/README.md b/README.md new file mode 100644 index 0000000..6a46be4 --- /dev/null +++ b/README.md @@ -0,0 +1,105 @@ +# openSUSE Tumbleweed Performance Co-Pilot (pcp): Performance Co-Pilot +![Redistributable](https://img.shields.io/badge/Redistributable-Yes-green) + +## Description +Performance Co-Pilot ([PCP](https://pcp.io)) is a system performance analysis toolkit. + +## Usage + +``` +$ podman run -d \ + --name pcp \ + --systemd always \ + -p 44321:44321 \ + -p 44322:44322 \ + -v pcp-archives:/var/log/pcp/pmlogger \ + registry.opensuse.org/opensuse/pcp:6.2.1 +``` + +**Note:** On SELinux enabled systems, the following boolean needs to be set: `sudo setsebool -P container_manage_cgroup true` + +### Enabling host processes, network and container metrics + +``` +$ sudo podman run -d \ + --name pcp \ + --privileged \ + --net host \ + --systemd always \ + -e HOST_MOUNT=/host \ + -v pcp-archives:/var/log/pcp/pmlogger \ + -v /:/host:ro,rslave \ + registry.opensuse.org/opensuse/pcp:6.2.1 +``` + +## Configuration + +### Environment variables + +#### `PCP_SERVICES` +Default: `pmcd,pmie,pmlogger,pmproxy` + +Comma-separated list of PCP services to start. + +#### `HOST_MOUNT` +Default: unset. + +Path inside the container to the bind mount of `/` on the host. + +#### `REDIS_SERVERS` +Default: `localhost:6379` + +Redis connection spec(s) - could be any individual cluster host, and all hosts in the cluster will be automatically discovered. +Alternately, use comma-separated hostspecs (non-clustered setup) + +### Configuration files + +For custom configuration options beyond the above environment variables, it is advised to use a bind mount with a configuration file on the host to the container. +Example command to run a pmlogger-only container: + +``` +$ podman run -d \ + --name pmlogger \ + --systemd always \ + -e PCP_SERVICES=pmlogger \ + -v $(pwd)/pmlogger.control:/etc/pcp/pmlogger/control.d/local:z \ + -v pcp-archives:/var/log/pcp/pmlogger \ + registry.opensuse.org/opensuse/pcp:6.2.1 +``` + +pmlogger.control: +``` +$version=1.1 + +remote.pmcdhost.corp n n PCP_ARCHIVE_DIR/remote_pmcd -N -r -T24h10m -c config.default -v 100Mb +``` + +## Volumes + +### `/var/log/pcp/pmlogger` + +Performance Co-Pilot archive files with historical metrics. + +## Ports + +### `44321/tcp` + +The pmcd daemon listens on this port and exposes the [PMAPI(3)](https://man7.org/linux/man-pages/man3/pmapi.3.html) to access metrics. + +### `44322/tcp` + +The pmproxy daemon listens on this port and exposes the REST [PMWEBAPI(3)](https://man7.org/linux/man-pages/man3/pmwebapi.3.html) to access metrics. + +## Documentation + +[PCP books](https://pcp.readthedocs.io) + +## Licensing + +`SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+)` + +This documentation and the build recipe are licensed as (LGPL-2.1+ AND GPL-2.0+). +The container itself contains various software components under various open source licenses listed in the associated +Software Bill of Materials (SBOM). + +This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/). diff --git a/_service b/_service new file mode 100644 index 0000000..a6e6659 --- /dev/null +++ b/_service @@ -0,0 +1,16 @@ + + + + + Dockerfile + %%pcp_major%% + pcp + major + + + Dockerfile + %%pcp_minor%% + pcp + minor + + \ No newline at end of file diff --git a/container-entrypoint b/container-entrypoint new file mode 100644 index 0000000..9e3e797 --- /dev/null +++ b/container-entrypoint @@ -0,0 +1,41 @@ +#!/bin/bash -eu +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +ALL_PCP_SERVICES='pmcd,pmie,pmlogger,pmproxy' + +export PCP_SERVICES=${PCP_SERVICES:-${ALL_PCP_SERVICES}} +export HOST_MOUNT=${HOST_MOUNT:-''} +export REDIS_SERVERS=${REDIS_SERVERS:-'localhost:6379'} + +mkdir -p /etc/systemd/system/pmcd.service.d +# shellcheck disable=SC2016 +envsubst '$HOST_MOUNT' < /usr/share/container-scripts/pcp/10-host_mount.conf.template > /etc/systemd/system/pmcd.service.d/10-host_mount.conf +# shellcheck disable=SC2016 +envsubst '$REDIS_SERVERS' < /usr/share/container-scripts/pcp/pmproxy.conf.template > /etc/pcp/pmproxy/pmproxy.conf + +echo "Enabling PCP services: ${PCP_SERVICES}" +for service in ${ALL_PCP_SERVICES//,/ }; do + if [[ ",${PCP_SERVICES}," = *",${service},"* ]]; then + systemctl enable "${service}" 2> /dev/null + else + # pcp-zeroconf enables some PCP services already -> disable them if not requested + systemctl disable "${service}" 2> /dev/null + # prevent other services from starting (due to systemd dependencies) by masking them + systemctl mask "${service}" 2> /dev/null + fi +done + +# After systemd starts, something is creating syslinks in +# /var/lib/pcp/config/pmieconf/dm and /var/lib/pcp/config/pmieconf/zeroconf +# to the following non-existing locations. Pmie fails to start because of these broken links. +# Pmie starts okay if the targets are empty files, so this is a workaround for now. +mkdir -p /etc/pcp/pmieconf/dm +touch /etc/pcp/pmieconf/dm/data_high_util +touch /etc/pcp/pmieconf/dm/metadata_high_util +mkdir -p /etc/pcp/pmieconf/zeroconf +touch /etc/pcp/pmieconf/zeroconf/all_threads + +chown pcp:pcp /var/log/pcp/pmlogger + +echo Starting systemd... +exec "$@" diff --git a/healthcheck b/healthcheck new file mode 100644 index 0000000..0d4fcd4 --- /dev/null +++ b/healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash -eu + +ALL_PCP_SERVICES='pmcd,pmie,pmlogger,pmproxy' +PCP_SERVICES=${PCP_SERVICES:-${ALL_PCP_SERVICES}} + +failed="" +for service in ${PCP_SERVICES//,/ }; do + if ! systemctl is-active $service --quiet; then + failed="$failed $service" + fi +done + +if [ ! -z "$failed" ]; then + echo "$0: services not active:$failed" + exit 1 +fi diff --git a/pcp-image.changes b/pcp-image.changes new file mode 100644 index 0000000..81d3587 --- /dev/null +++ b/pcp-image.changes @@ -0,0 +1,139 @@ +------------------------------------------------------------------- +Thu Aug 8 16:43:43 UTC 2024 - Dirk Mueller + +- remove oci reference annotation again + +------------------------------------------------------------------- +Mon Aug 5 11:38:13 UTC 2024 - Dirk Mueller + +- add OCI reference annotation + +------------------------------------------------------------------- +Sat Aug 3 08:56:51 UTC 2024 - Dirk Mueller + +- set OCI.authors attribute instead of deprecated MAINTAINER + +------------------------------------------------------------------- +Wed Jul 31 12:06:44 UTC 2024 - Dirk Mueller + +- set specific lifecycle url for openSUSE BCI + +------------------------------------------------------------------- +Fri Jun 21 06:21:46 UTC 2024 - Dirk Mueller + +- Add missing procps package + +------------------------------------------------------------------- +Mon Jun 17 08:14:23 UTC 2024 - Dan Čermák + +- Use envsubst to reduce image size + +------------------------------------------------------------------- +Mon Jun 10 15:11:25 UTC 2024 - Dirk Mueller + +- update README; reduce unnecessary newlines + +------------------------------------------------------------------- +Wed Jun 5 15:13:27 UTC 2024 - Dirk Mueller + +- Don't add artifacthub labels into labelprefix section + +------------------------------------------------------------------- +Wed Jun 5 12:47:22 UTC 2024 - Dan Čermák + +- Hardcode package version in the README + +------------------------------------------------------------------- +Tue Jun 4 12:35:15 UTC 2024 - Alexandre Vicenzi + +- Fix grammar mistake in licensing footer + +------------------------------------------------------------------- +Wed May 8 16:26:31 UTC 2024 - Dirk Mueller + +- README fixes - better titles and follow recommended document structure + +------------------------------------------------------------------- +Tue May 7 19:07:24 UTC 2024 - Dirk Mueller + +- extend READMEs; correct eula for application images + +------------------------------------------------------------------- +Thu May 2 06:59:49 UTC 2024 - Dirk Mueller + +- Add licensing footer to the README + +------------------------------------------------------------------- +Fri Apr 12 12:03:53 UTC 2024 - Dirk Mueller + +- Don't wipe everything in /var/log, only remove log files (this omits directories owned by packages) + +------------------------------------------------------------------- +Wed Jan 17 14:29:14 UTC 2024 - Dan Čermák + +- Add initial README stub + +------------------------------------------------------------------- +Tue Jan 2 08:26:58 UTC 2024 - Dirk Mueller + +- update year to 2024 + +------------------------------------------------------------------- +Thu Sep 28 14:29:10 UTC 2023 - Dirk Mueller + +- add copyright and description header + +------------------------------------------------------------------- +Mon Jul 24 12:54:31 UTC 2023 - Dirk Mueller + +- Fix base image naming in description label + +------------------------------------------------------------------- +Fri Jun 23 15:33:33 UTC 2023 - Dirk Mueller + +- label capitalization and related cleanups + +------------------------------------------------------------------- +Tue May 30 06:52:56 UTC 2023 - Dan Čermák + +- Add release stage and lifecycle url + +------------------------------------------------------------------- +Thu Mar 30 15:12:51 UTC 2023 - Dirk Mueller + +- Put VOLUME statements last + +------------------------------------------------------------------- +Fri Mar 3 07:24:36 UTC 2023 - Dan Čermák + +- Add org.opencontainers.image.source label set to %SOURCEURL% + +------------------------------------------------------------------- +Fri Feb 24 13:12:03 UTC 2023 - Darragh O'Reilly + +- The pmlogger_daily.service was failing silently because it runs as user pcp which did not have permissions on /var/log/pcp/pmlogger. Normally pcp running on the host creates /var/log/pcp/pmlogger and also does chown pcp:pcp /var/log/pcp/pmlogger if it does not exist. But VOLUME /var/log/pcp/pmlogger in the Dockerfile causes the directory to exist with + +------------------------------------------------------------------- +Wed Dec 21 16:02:13 UTC 2022 - Dirk Müller + +- handle non-existent wicked gracefully + +------------------------------------------------------------------- +Wed Dec 21 14:05:34 UTC 2022 - Dirk Müller + +- BuildTag sorting and consistency fixes + +------------------------------------------------------------------- +Fri Jul 15 11:06:27 UTC 2022 - Dan Čermák + +- Increase compatibility with openSUSE + +------------------------------------------------------------------- +Tue Jun 14 10:12:15 UTC 2022 - Dan Čermák + +- Add HEALTHCHECK + +------------------------------------------------------------------- +Tue May 3 09:03:29 UTC 2022 - Dan Čermák + +- Use set -euo pipefail in every RUN command, use ; instead of && to prevent masking failures diff --git a/pmcd b/pmcd new file mode 100644 index 0000000..1b0a739 --- /dev/null +++ b/pmcd @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +# Environment variables for the pmcd daemon. Refer also to the +# pmcd.options and pmcd.conf files for additional configuration. + +# Behaviour regarding listening on external-facing interfaces; +# unset PMCD_LOCAL to allow connections from remote hosts. +# A value of 0 permits remote connections, 1 permits local only. +PMCD_LOCAL=0 + +# Max length to which the queue of pending connections may grow +# A value of 5 is the default. +# PMCD_MAXPENDING=5 + +# Default behaviour regarding pmcd's approach to starting PMDAs; +# In cases where pmdaroot is available, setting this variable to +# 1, offloads starting and stopping of agents to pmdaroot. This +# allows pmcd to not require a restart when starting a new PMDA. +PMCD_ROOT_AGENT=1 + +# Default behaviour regarding pmcd's approach to re-starting any +# unresponsive PMDAs; this should only be used with pmdaroot and +# PMCD_ROOT_AGENT=1 as it allows pmcd to attempt to automatically +# restart any exited PMDA that it detects (which usually requires +# privileges not available to pmcd itself). +PMCD_RESTART_AGENTS=1 + +# Default timeout for waiting on pmcd to accept connections; any +# longer than this value and the rc scripts report it as failed. +# The value is a PCPIntro(1) interval in units of seconds and it +# will be passed directly to the pmcd_wait(1) utility. +# PMCD_WAIT_TIMEOUT=60 + +# Mode for pmcd to initialize the NSS certificate database when using +# secure connections. The default for pmcd is "readonly", as set here. +# If set to "readwrite" but fails, it will fallback and attempt readonly. +PCP_NSS_INIT_MODE=readonly diff --git a/pmlogger b/pmlogger new file mode 100644 index 0000000..ea1654c --- /dev/null +++ b/pmlogger @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +# Environment variables for the primary pmlogger daemon. See also +# the pmlogger control file and pmlogconf(1) for additional details. + +# Behaviour regarding listening on external-facing interfaces; +# unset PMLOGGER_LOCAL to allow connections from remote hosts. +# A value of 0 permits remote connections, 1 permits local only. +PMLOGGER_LOCAL=1 + +# Max length to which the queue of pending connections may grow +# A value of 5 is the default. +# PMLOGGER_MAXPENDING=5 + +# Default sampling interval pmlogger uses when no more specific +# interval is requested. A value of 60 seconds is the default. +# Both pmlogger command line (via control file) and also pmlogger +# configuration file directives will override this value. +PMLOGGER_INTERVAL=10 + +# The default behaviour, when pmlogger configuration comes from +# pmlogconf(1), is to regenerate the configuration file and check for +# changes whenever pmlogger is started from pmlogger_check(1). +# If the PMDA configuration is stable, this is not necessary, and +# setting PMLOGGER_CHECK_SKIP_LOGCONF to yes disables the regeneration +# and checking. +# PMLOGGER_CHECK_SKIP_LOGCONF=yes diff --git a/pmproxy.conf.template b/pmproxy.conf.template new file mode 100644 index 0000000..46b0d92 --- /dev/null +++ b/pmproxy.conf.template @@ -0,0 +1,87 @@ +# SPDX-License-Identifier: (LGPL-2.1+ AND GPL-2.0+) + +# configuration options for pmproxy, pmseries and associated APIs +# uncomment/edit lines as required + +##################################################################### +## general settings for the pmproxy(1) daemon +##################################################################### +[pmproxy] + +# settings related to TLS certificates and keys +#certificates = /etc/pki/tls/certs/pcp.crt +#private_key = /etc/pki/tls/private/pcp.key +#authority = # PEM format file of acceptable client CAs +#cipher_list = # (TLSv2) colon-separated cipher list to be used +#cipher_suites = # (TLSv3) colon-separated cipher suites to be used + +# maximum pending socket opens +#maxpending = 128 + +# delay in seconds for TCP keep-alive (zero to disable) +#keepalive = 45 + +# buffer size for chunked transfer encoding (bytes, default pagesize) +#chunksize = 4096 + +# support PCP protocol proxying +pcp.enabled = true + +# serve the PCP REST APIs (HTTP) +http.enabled = true + +# support Redis protocol proxying +redis.enabled = true + +# support SSL/TLS protocol wrapping +secure.enabled = true + + +##################################################################### +## settings related to automatically discovered archives +##################################################################### +[discover] + +# propogate archives from pmlogger(1) into Redis querying +enabled = true + +# comma-separated metrics name (globs) to skip during discovery +exclude.metrics = proc.*,acct.* + +# comma-separated list of instance domains to skip during discovery +exclude.indoms = 3.9,3.40,79.7 + +##################################################################### +## settings for metric and indom help text searching via RediSearch +[pmsearch] +##################################################################### + +# allow REST API queries and indexing of metric and indom help text +enabled = true + +# default number of query results in a batch (paginated) +count = 10 + +##################################################################### +## settings for fast, scalable time series quering via Redis +[pmseries] +##################################################################### + +# allow REST API queries of fast, scalable time series +enabled = true + +# Redis connection spec(s) - could be any individual cluster host, +# and all hosts in the cluster will be automatically discovered -- +# alternately, use comma-separated hostspecs (non-clustered setup) +servers = ${REDIS_SERVERS} + +# number of elements from scan calls (https://redis.io/commands/scan) +cursor.count = 256 + +# seconds to expire in-core series (https://redis.io/commands/expire) +stream.expire = 86400 + +# limit number of elements in series (https://redis.io/commands/xadd) +stream.maxlen = 8640 + +#####################################################################