Merge pull request #2064 from sever-sever/T1797

T1797: VPP verify minimal installed memory and apply sysctl

3 files changed, 35 insertions, 0 deletions

diff --git a/data/templates/vpp/sysctl.conf.j2 b/data/templates/vpp/sysctl.conf.j2
new file mode 100644
index 000000000..2207e2e38
--- /dev/null
+++ b/data/templates/vpp/sysctl.conf.j2
@@ -0,0 +1,15 @@
+# Number of 2MB hugepages desired
+vm.nr_hugepages=1024
+
+# Must be greater than or equal to (2 * vm.nr_hugepages).
+vm.max_map_count=3096
+
+# All groups allowed to access hugepages
+vm.hugetlb_shm_group=0
+
+# Shared Memory Max must be greater or equal to the total size of hugepages.
+# For 2MB pages, TotalHugepageSize = vm.nr_hugepages * 2 * 1024 * 1024
+# If the existing kernel.shmmax setting  (cat /proc/sys/kernel/shmmax)
+# is greater than the calculated TotalHugepageSize then set this parameter
+# to current shmmax value.
+kernel.shmmax=2147483648
diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst
index bfbeb112c..92037a915 100644
--- a/debian/vyos-1x.preinst
+++ b/debian/vyos-1x.preinst
@@ -7,3 +7,4 @@ dpkg-divert --package vyos-1x --add --no-rename /usr/share/pam-configs/tacplus
 dpkg-divert --package vyos-1x --add --no-rename /etc/rsyslog.conf
 dpkg-divert --package vyos-1x --add --no-rename /etc/skel/.bashrc
 dpkg-divert --package vyos-1x --add --no-rename /etc/skel/.profile
+dpkg-divert --package vyos-1x --add --no-rename /etc/sysctl.d/80-vpp.conf
diff --git a/src/conf_mode/vpp.py b/src/conf_mode/vpp.py
index dd01da87e..62ec4c162 100755
--- a/src/conf_mode/vpp.py
+++ b/src/conf_mode/vpp.py
@@ -14,6 +14,8 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import os
+import psutil
 
 from pathlib import Path
 from re import search as re_search, MULTILINE as re_M
@@ -39,6 +41,10 @@ airbag.enable()
 service_name = 'vpp'
 service_conf = Path(f'/run/vpp/{service_name}.conf')
 systemd_override = '/run/systemd/system/vpp.service.d/10-override.conf'
+sysctl_vpp = '/etc/sysctl.d/80-vpp.conf'
+
+# Min memory 6GB (2GB reserved for vpp)
+MIN_TOTAL_MEMORY = 6
 
 
 def _get_pci_address_by_interface(iface) -> str:
@@ -128,15 +134,26 @@ def verify(config):
         if 'corelist_workers' in config['cpu'] and 'main_core' not in config['cpu']:
             raise ConfigError(f'"cpu main-core" is required but not set!')
 
+    memory = psutil.virtual_memory()
+    memory_total = round(memory.total / (1024 ** 3), 2)
+    if memory_total < MIN_TOTAL_MEMORY:
+        raise ConfigError(
+            f'Not enough installed memory {memory_total}GB! '
+            f'The minimum required memory is {MIN_TOTAL_MEMORY}GB.'
+        )
+
 
 def generate(config):
     if not config or (len(config) == 1 and 'removed_ifaces' in config):
         # Remove old config and return
         service_conf.unlink(missing_ok=True)
+        if os.path.isfile(sysctl_vpp):
+            os.unlink(sysctl_vpp)
         return None
 
     render(service_conf, 'vpp/startup.conf.j2', config)
     render(systemd_override, 'vpp/override.conf.j2', config)
+    render(sysctl_vpp, 'vpp/sysctl.conf.j2', config)
 
     return None
 
@@ -148,6 +165,8 @@ def apply(config):
         call('systemctl daemon-reload')
         call(f'systemctl restart {service_name}.service')
 
+    call(f'sysctl -qp {sysctl_vpp}')
+
     # Initialize interfaces removed from VPP
     for iface in config.get('removed_ifaces', []):
         host_control = HostControl()