| 2023-04-07 20:05:43 |
John Chittum |
description |
In Ubuntu 22.04, the HWE kernel has rolled to 5.19. the 5.19 kernel includes the apparmor feature for ipc/posix_mqueue. livecd-rootfs only contains features for the 5.15 kernel, thus missing ipc/posix_mqueue. This leads to snap_preseed having a mismatch in features, and the preseed is not optimized. in a cloud environment this can lead to boot delays of between 5 and 10s (rough measurements observed while debugging)
livecd-rootfs bind mounts apparmor features in functions/setup_mountpoint. This occurs early in the process when the final kernel is unknown. |
In Ubuntu 22.04, the HWE kernel has rolled to 5.19. the 5.19 kernel includes the apparmor feature for ipc/posix_mqueue. livecd-rootfs only contains features for the 5.15 kernel, thus missing ipc/posix_mqueue. This leads to snap_preseed having a mismatch in features, and the preseed is not optimized. in a cloud environment this can lead to boot delays of between 5 and 10s (rough measurements observed while debugging)
livecd-rootfs bind mounts apparmor features in functions/setup_mountpoint. This occurs early in the process when the final kernel is unknown. This only affects 22.04 at this time, but a fix, when committed, should also be in the main branch, to ensure future compatibility
TESTING
a failing system will present issues when checking `snap debug seeding`
example bad output:
'preseed-system-key': {'apparmor-features': ['caps', 'dbus', 'domain', 'file',
'mount', 'namespaces', 'network',
'network_v8', 'policy', 'ptrace',
'query', 'rlimit', 'signal'],
'apparmor-parser-features': ['cap-audit-read',
'cap-bpf', 'mqueue',
'qipcrtr-socket', 'unsafe',
'xdp'],
'apparmor-parser-mtime': 1666191120,
'build-id': '79b62e11a4cf60b38c3e2449d220a6078db42607',
'cgroup-version': '2',
'nfs-home': False,
'overlay-root': '',
'seccomp-compiler-version': 'd9242946c125eab1ac4e30a3a7f48ee885551585 '
'2.5.4 '
'c3c9b282ef3c8dfcc3124b2aeaef62f56b813bfd21f8806b30a6c9dbc2e6e58d '
'bpf-actlog',
'seccomp-features': ['allow', 'errno', 'kill_process',
'kill_thread', 'log', 'trace',
'trap', 'user_notif'],
'version': 10},
'preseeded': True,
'seed-completion': '5.765s',
'seed-restart-system-key': {'apparmor-features': ['caps', 'dbus', 'domain',
'file', 'ipc', 'mount',
'namespaces', 'network',
'network_v8', 'policy',
'ptrace', 'query', 'rlimit',
'signal'],
'apparmor-parser-features': ['cap-audit-read',
'cap-bpf', 'mqueue',
'qipcrtr-socket',
'unsafe', 'xdp'],
'apparmor-parser-mtime': 1666191120,
'build-id': '79b62e11a4cf60b38c3e2449d220a6078db42607',
'cgroup-version': '2',
'nfs-home': False,
'overlay-root': '',
'seccomp-compiler-version': 'd9242946c125eab1ac4e30a3a7f48ee885551585 '
'2.5.4 '
'c3c9b282ef3c8dfcc3124b2aeaef62f56b813bfd21f8806b30a6c9dbc2e6e58d '
'bpf-actlog',
'seccomp-features': ['allow', 'errno',
'kill_process', 'kill_thread',
'log', 'trace', 'trap',
'user_notif'],
'version': 10},
'seeded': True}
This shows the comparison between what was seeded ('preseed-system-key' and the running system 'seed-restart-system-key')
a passing test will only have times:
{'image-preseeding': '9.238s',
'preseeded': True,
'seed-completion': '9.726s',
'seeded': True}
to test:
1. create an image with an HWE kernel (for CPC this is ec2, gce, azure, oracle)
2. register image in cloud
3. run an instance
4. check `snap debug seeding` |
|
