kvm2 driver: Remove uneeded nvram element #18241

nirs · 2024-02-23T22:27:47Z

The curent domain xml template includes static nvram image using the shared template image:

<nvram>/usr/share/AAVMF/AAVMF_VARS.fd</nvram>

This "works" when starting sinlge profile, but when starting a second profile this breaks with:

virError(Code=55, Domain=24, Message='Requested operation is not
valid: Setting different SELinux label on /usr/share/AAVMF/AAVMF_VARS.fd
which is already in use

Which tells us that we are doing the wrong thing.

If we remove the nvram element, a new per-vm nvram is created dynamially:

$ virsh -c qemu:///system dumpxml ex1 | grep nvram
<nvram template='/usr/share/AAVMF/AAVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/ex1_VARS.fd</nvram>

$ virsh -c qemu:///system dumpxml ex2 | grep nvram
<nvram template='/usr/share/AAVMF/AAVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/ex2_VARS.fd</nvram>

Tested on top of #18239

Fixes #18240

The curent domain xml template includes static nvram image using the shared template image: <nvram>/usr/share/AAVMF/AAVMF_VARS.fd</nvram> This "works" when starting sinlge profile, but when starting a second profile this breaks with: virError(Code=55, Domain=24, Message='Requested operation is not valid: Setting different SELinux label on /usr/share/AAVMF/AAVMF_VARS.fd which is already in use Which tells us that we are doing the wrong thing. If we remove the nvram element, a new per-vm nvram is created dynamially: $ virsh -c qemu:///system dumpxml ex1 | grep nvram <nvram template='/usr/share/AAVMF/AAVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/ex1_VARS.fd</nvram> $ virsh -c qemu:///system dumpxml ex2 | grep nvram <nvram template='/usr/share/AAVMF/AAVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/ex2_VARS.fd</nvram>

k8s-ci-robot · 2024-02-23T22:27:56Z

Hi @nirs. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

minikube-bot · 2024-02-23T22:30:03Z

Can one of the admins verify this patch?

nirs · 2024-02-23T22:42:16Z

Build and install

make
prog="out/docker-machine-driver-kvm2"
rm -f "$prog"*
make "$prog"
cp "$prog" ~/.minikube/bin/

Start the first cluster

$ minikube start --driver kvm2 -p cluster1
😄  [cluster1] minikube v1.32.0 on Fedora 39 (arm64)
✨  Using the kvm2 driver based on user configuration
👍  Starting control plane node cluster1 in cluster cluster1
🔥  Creating kvm2 VM (CPUs=2, Memory=6000MB, Disk=20000MB) ...
🐳  Preparing Kubernetes v1.28.3 on Docker 24.0.7 ...
    ▪ Generating certificates and keys ...
    ▪ Booting up control plane ...
    ▪ Configuring RBAC rules ...
🔗  Configuring bridge CNI (Container Networking Interface) ...
🔎  Verifying Kubernetes components...
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟  Enabled addons: storage-provisioner, default-storageclass
🏄  Done! kubectl is now configured to use "cluster1" cluster and "default" namespace by default

Start the second cluster

$ minikube start --driver kvm2 -p cluster2
😄  [cluster2] minikube v1.32.0 on Fedora 39 (arm64)
✨  Using the kvm2 driver based on user configuration
👍  Starting control plane node cluster2 in cluster cluster2
🔥  Creating kvm2 VM (CPUs=2, Memory=6000MB, Disk=20000MB) ...
🐳  Preparing Kubernetes v1.28.3 on Docker 24.0.7 ...
    ▪ Generating certificates and keys ...
    ▪ Booting up control plane ...
    ▪ Configuring RBAC rules ...
🔗  Configuring bridge CNI (Container Networking Interface) ...
🔎  Verifying Kubernetes components...
    ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟  Enabled addons: default-storageclass, storage-provisioner
🏄  Done! kubectl is now configured to use "cluster2" cluster and "default" namespace by default

Each VM get it's own nvrame image

# ls -lh /var/lib/libvirt/qemu/nvram/cluster[12]_VARS.fd
-rw-------. 1 qemu qemu 64M Feb 24 00:29 /var/lib/libvirt/qemu/nvram/cluster1_VARS.fd
-rw-------. 1 qemu qemu 64M Feb 24 00:30 /var/lib/libvirt/qemu/nvram/cluster2_VARS.fd

Issues

the nvram image is not removed when deleting the minikube cluster. Not sure if
this is a minikube bug or libvirt bug. Since libvirt created the image I think it should
delete the image.

afbjorklund

Looks good to me, thanks for clear explanation.

afbjorklund · 2024-03-07T17:09:11Z

/ok-to-test

minikube-pr-bot · 2024-03-07T18:05:46Z

kvm2 driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 18241) |
+----------------+----------+---------------------+
| minikube start | 73.6s    | 51.3s               |
| enable ingress | 25.4s    | 25.8s               |
+----------------+----------+---------------------+

Times for minikube start: 164.2s 53.1s 50.4s 51.9s 48.5s
Times for minikube (PR 18241) start: 50.9s 53.9s 51.2s 48.2s 52.2s

Times for minikube ingress: 25.1s 22.7s 27.7s 25.7s 25.7s
Times for minikube (PR 18241) ingress: 26.7s 23.6s 26.7s 26.1s 26.2s

docker driver with docker runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 18241) |
+----------------+----------+---------------------+
| minikube start | 24.9s    | 23.2s               |
| enable ingress | 20.7s    | 20.9s               |
+----------------+----------+---------------------+

Times for minikube start: 25.5s 26.3s 24.7s 26.1s 21.9s
Times for minikube (PR 18241) start: 22.3s 25.3s 23.0s 23.3s 21.9s

Times for minikube (PR 18241) ingress: 20.4s 20.3s 21.3s 22.3s 20.3s
Times for minikube ingress: 20.3s 22.3s 20.3s 20.3s 20.3s

docker driver with containerd runtime

+----------------+----------+---------------------+
|    COMMAND     | MINIKUBE | MINIKUBE (PR 18241) |
+----------------+----------+---------------------+
| minikube start | 22.5s    | 22.9s               |
| enable ingress | 30.6s    | 33.8s               |
+----------------+----------+---------------------+

Times for minikube start: 24.1s 24.2s 22.0s 21.1s 21.3s
Times for minikube (PR 18241) start: 24.2s 20.9s 24.6s 24.0s 21.2s

Times for minikube (PR 18241) ingress: 30.8s 30.9s 29.8s 46.8s 30.9s
Times for minikube ingress: 30.8s 30.9s 30.8s 30.8s 29.8s

minikube-pr-bot · 2024-03-07T19:21:24Z

These are the flake rates of all failed tests.

Environment	Failed Tests	Flake Rate (%)
Docker_Linux_containerd_arm64	TestStartStop/group/old-k8s-version/serial/SecondStart (gopogh)	2.34 (chart)
QEMU_macOS	TestImageBuild/serial/Setup (gopogh)	11.11 (chart)
QEMU_macOS	TestJSONOutput/pause/Command (gopogh)	11.11 (chart)
QEMU_macOS	TestJSONOutput/start/Command (gopogh)	11.11 (chart)
QEMU_macOS	TestJSONOutput/unpause/Command (gopogh)	11.11 (chart)
QEMU_macOS	TestMinikubeProfile (gopogh)	12.96 (chart)
Hyperkit_macOS	TestDockerFlags (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/parallel/CpCmd (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/parallel/SSHCmd (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/serial/CacheCmd/cache/cache_reload (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/serial/CacheCmd/cache/verify_cache_inside_node (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/serial/KubeContext (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/serial/KubectlGetPods (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/serial/LogsCmd (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/serial/LogsFileCmd (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/serial/MinikubeKubectlCmd (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/serial/MinikubeKubectlCmdDirectly (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/serial/SoftStart (gopogh)	17.76 (chart)
Hyperkit_macOS	TestFunctional/serial/StartWithProxy (gopogh)	17.76 (chart)
Hyperkit_macOS	TestImageBuild/serial/Setup (gopogh)	17.76 (chart)
Hyperkit_macOS	TestJSONOutput/pause/Command (gopogh)	17.76 (chart)
Hyperkit_macOS	TestJSONOutput/start/Command (gopogh)	17.76 (chart)
Hyperkit_macOS	TestJSONOutput/start/parallel/DistinctCurrentSteps (gopogh)	17.76 (chart)
Hyperkit_macOS	TestJSONOutput/start/parallel/IncreasingCurrentSteps (gopogh)	17.76 (chart)
Hyperkit_macOS	TestJSONOutput/unpause/Command (gopogh)	17.76 (chart)
Hyperkit_macOS	TestMultiNode/serial/MultiNodeLabels (gopogh)	17.76 (chart)
Hyperkit_macOS	TestMultiNode/serial/ProfileList (gopogh)	17.76 (chart)
Hyperkit_macOS	TestOffline (gopogh)	17.76 (chart)
Hyperkit_macOS	TestPause/serial/Start (gopogh)	17.76 (chart)
Hyperkit_macOS	TestRunningBinaryUpgrade (gopogh)	17.76 (chart)
More tests...	Continued...

Too many tests failed - See test logs for more details.

To see the flake rates of all tests by environment, click here.

nirs · 2024-03-07T20:01:10Z

@afbjorklund HyperKit and QEMU failures should be unrelated since the change is in libvirt configuration domain xml. Are these tests broken now?

medyagh · 2024-03-08T02:31:39Z

thank you for this contribution @nirs

k8s-ci-robot · 2024-03-08T02:31:53Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: afbjorklund, BlaineEXE, medyagh, nirs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [afbjorklund,medyagh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot requested review from afbjorklund and medyagh February 23, 2024 22:27

k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Feb 23, 2024

k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Feb 23, 2024

BlaineEXE approved these changes Feb 26, 2024

View reviewed changes

afbjorklund approved these changes Mar 7, 2024

View reviewed changes

k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 7, 2024

k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 7, 2024

nirs mentioned this pull request Mar 7, 2024

kvm2 driver: Use scsi cdrom for arm64 to fix Linux on Apple Silicone #18239

Merged

medyagh approved these changes Mar 8, 2024

View reviewed changes

medyagh merged commit 6ad5b4a into kubernetes:master Mar 8, 2024
33 of 44 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

kvm2 driver: Remove uneeded nvram element #18241

kvm2 driver: Remove uneeded nvram element #18241

nirs commented Feb 23, 2024

k8s-ci-robot commented Feb 23, 2024

minikube-bot commented Feb 23, 2024

nirs commented Feb 23, 2024

afbjorklund left a comment

afbjorklund commented Mar 7, 2024

minikube-pr-bot commented Mar 7, 2024

minikube-pr-bot commented Mar 7, 2024

nirs commented Mar 7, 2024

medyagh commented Mar 8, 2024

k8s-ci-robot commented Mar 8, 2024

kvm2 driver: Remove uneeded nvram element #18241

kvm2 driver: Remove uneeded nvram element #18241

Conversation

nirs commented Feb 23, 2024

k8s-ci-robot commented Feb 23, 2024

minikube-bot commented Feb 23, 2024

nirs commented Feb 23, 2024

Build and install

Start the first cluster

Start the second cluster

Each VM get it's own nvrame image

Issues

afbjorklund left a comment

Choose a reason for hiding this comment

afbjorklund commented Mar 7, 2024

minikube-pr-bot commented Mar 7, 2024

minikube-pr-bot commented Mar 7, 2024

nirs commented Mar 7, 2024

medyagh commented Mar 8, 2024

k8s-ci-robot commented Mar 8, 2024