add some perf optimizations for Fedora

2022-11-02 00:49:47 +00:00 · 2022-11-02 00:49:47 +00:00 · f0a2e9501e
parent 360461f91c
commit f0a2e9501e
6 changed files with 51 additions and 17 deletions
--- a/2
+++ b/2
@ -7,7 +7,7 @@ APPLIANCE_VERSION = 1.46.0
 # Export LIBGUESTFS_DEBUG=1 to debug

 all:
-	LIBRARY_PATH=$(LIBRARY_PATH) CGO_LDFLAGS='-l:libvirt.so.0 -l:libyajl.so.2' go build
+	LIBRARY_PATH=$(LIBRARY_PATH) go build

 run:
 	LD_LIBRARY_PATH=$(LIBRARY_PATH) LIBGUESTFS_PATH=$(LIBGUESTFS_PATH) LIBGUESTFS_HV=$(LIBGUESTFS_HV) LIBGUESTFS_BACKEND_SETTINGS=force_tcg ./cloudbuild
--- a/README.md
+++ b/README.md
@ -3,30 +3,18 @@ cloudbuild downloads, modifies and uploads VM templates for the CSC cloud
 (CloudStack) using publicly available images for common Linux distros.

 ## Installing dependencies
-If you have root access, run
+Run the following in a Debian Docker/Podman container.
 ```sh
-sudo apt install golang-guestfs-dev
+apt install golang-guestfs-dev
 scripts/create-libguestfs-module.sh
 ```

-Otherwise, run
-```sh
-make deps
-```
-
 ### Optional dependencies
 If you are developing cloudbuild, you may wish to install
 [guestfish](https://libguestfs.org/guestfish.1.html), an interactive shell
-for guestfs.
-
-If you have root access, run
+for guestfs:
 ```sh
-sudo apt install libguestfs-tools
-```
-
-Otherwise, run
-```sh
-make guestfish-deps
+apt install libguestfs-tools
 ```

 To run:
@ -77,6 +65,8 @@ export UPLOAD_DIRECTORY=/var/www/csc-cloud-images
 export UPLOAD_BASE_URL=http://biloba.csclub.uwaterloo.ca/csc-cloud-images
 # notification emails will be sent here
 export EMAIL_RECIPIENT=root@csclub.uwaterloo.ca
+# directory where SSH keys are stored to SSH into VMs created in CloudStack
+export SSH_KEY_PATH=~/.ssh
 ```

 Finally:
--- a/pkg/distros/almalinux.go
+++ b/pkg/distros/almalinux.go
@ -112,5 +112,11 @@ func (mgr *AlmaLinuxTemplateManager) PerformDistroSpecificModifications(handle *
 	if err = mgr.replaceYumMirrorUrls(handle, mgr.transformAlmaLinuxYumRepoBaseUrl); err != nil {
 		return
 	}
+	if err = mgr.dnfRemoveUnnecessaryPackages(handle); err != nil {
+		return
+	}
+	if err = mgr.setJournaldConf(handle); err != nil {
+		return
+	}
 	return
 }
--- a/pkg/distros/fedora.go
+++ b/pkg/distros/fedora.go
@ -157,5 +157,11 @@ func (mgr *FedoraTemplateManager) PerformDistroSpecificModifications(handle *gue
 	if err = mgr.replaceYumMirrorUrls(handle, mgr.transformFedoraYumRepoBaseUrl); err != nil {
 		return
 	}
+	if err = mgr.dnfRemoveUnnecessaryPackages(handle); err != nil {
+		return
+	}
+	if err = mgr.setJournaldConf(handle); err != nil {
+		return
+	}
 	return
 }
--- a/pkg/distros/resources/journald.conf
+++ b/pkg/distros/resources/journald.conf
@ -0,0 +1,7 @@
+[Journal]
+# The default on Debian is Audit=no, but the default on Fedora is Audit=yes.
+# The audit messages are quite noisy, especially given that the first value
+# of kernel.printk (console_loglevel) is 7 on Fedora. To avoid negatively
+# impacting disk I/O, I chose to explicitly set this to off.
+# Audit records will still be collected if the user decides to install auditd.
+Audit=no
--- a/pkg/distros/template_manager.go
+++ b/pkg/distros/template_manager.go
@ -563,6 +563,23 @@ func (mgr *TemplateManager) replaceDebianMirrorUrls(handle *guestfs.Guestfs) (er
 	return
 }

+func (mgr *TemplateManager) dnfRemoveUnnecessaryPackages(handle *guestfs.Guestfs) (err error) {
+	// SSSD is unnecessary in single-user environments and consumes a lot of resources.
+	// auditd spams the system log and uses lots of disk IO.
+	args := []string{"dnf", "-C", "remove", "-y", "sssd-common", "audit"}
+	mgr.logger.Debug().Msg("Running '" + strings.Join(args, " ") + "'")
+	_, err = handle.Command(args)
+	if err != nil {
+		return
+	}
+	// Now that we removed SSSD, we also have to make sure that it's not being used in PAM.
+	// The way to do this on Fedora (and likely other RHEL-based distros) is with authselect.
+	args = []string{"authselect", "select", "minimal"}
+	mgr.logger.Debug().Msg("Running '" + strings.Join(args, " ") + "'")
+	_, err = handle.Command(args)
+	return err
+}
+
 // requires an Augeas handle to be open
 func (mgr *TemplateManager) updateSshdConfig(handle *guestfs.Guestfs) error {
 	mgr.logger.Debug().Msg("Setting PrintLastLog=no in sshd_config")
@ -577,6 +594,14 @@ func (mgr *TemplateManager) setTimesyncdConf(handle *guestfs.Guestfs) (err error
 	return handle.Write("/etc/systemd/timesyncd.conf.d/csclub.conf", getResource("timesyncd.conf"))
 }

+func (mgr *TemplateManager) setJournaldConf(handle *guestfs.Guestfs) (err error) {
+	mgr.logger.Debug().Msg("Writing custom journald.conf")
+	if err = handle.Mkdir_p("/etc/systemd/journald.conf.d"); err != nil {
+		return
+	}
+	return handle.Write("/etc/systemd/journald.conf.d/csclub.conf", getResource("journald.conf"))
+}
+
 func (mgr *TemplateManager) setMotd(handle *guestfs.Guestfs) error {
 	mgr.logger.Debug().Msg("Writing to /etc/motd")
 	return handle.Write("/etc/motd", getResource("motd"))