cli: add configuration option to enable/disable vhost_net

[caoruidong]

Add disable_vhost_net option to enable or disable the use of
vhost_net. Vhost_net can improve network performance.

Fixes: #169

Signed-off-by: Ruidong Cao caoruidong@huawei.com

[opendev-zuul]

Build failed (third-party-check pipeline) integration testing with
OpenStack. For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

• kata-runsh : FAILURE in 29m 02s

[katacontainersbot]

PSS Measurement:
Qemu: 169432 KB
Proxy: 4175 KB
Shim: 8789 KB

Memory inside container:
Total Memory: 2043460 KB
Free Memory: 2003596 KB

[bergwolf]

@caoruidong I believe you need to change the govmm code as well since it also has hardcoded vhost dependency there. Something like:

diff --git a/vendor/github.com/intel/govmm/qemu/qmp.go b/vendor/github.com/intel/govmm/qemu/qmp.go
index 58b8924..1e7ed25 100644
--- a/vendor/github.com/intel/govmm/qemu/qmp.go
+++ b/vendor/github.com/intel/govmm/qemu/qmp.go
@@ -794,13 +794,16 @@ func (q *QMP) ExecuteNetdevChardevAdd(ctx context.Context, netdevType, netdevID,
 // Must be valid QMP identifier.
 func (q *QMP) ExecuteNetdevAddByFds(ctx context.Context, netdevType, netdevID string, fdNames, vhostFdNames []string) error {
        fdNameStr := strings.Join(fdNames, ":")
-       vhostFdNameStr := strings.Join(vhostFdNames, ":")
        args := map[string]interface{}{
-               "type":     netdevType,
-               "id":       netdevID,
-               "fds":      fdNameStr,
-               "vhost":    "on",
-               "vhostfds": vhostFdNameStr,
+               "type": netdevType,
+               "id":   netdevID,
+               "fds":  fdNameStr,
+       }
+
+       if len(vhostFdNames) != 0 {
+               vhostFdNameStr := strings.Join(vhostFdNames, ":")
+               args["vhost"] = "on"
+               args["vhostfds"] = vhostFdNameStr
        }

        return q.executeCommand(ctx, "netdev_add", args, nil)
@@ -832,7 +835,7 @@ func (q *QMP) ExecuteNetPCIDeviceAdd(ctx context.Context, netdevID, devID, macAd
                args["bus"] = bus
        }

-       if queues > 0 {
+       if queues > 1 {
                // (2N+2 vectors, N for tx queues, N for rx queues, 1 for config, and one for possible control vq)
                // -device virtio-net-pci,mq=on,vectors=2N+2...
                // enable mq in guest by 'ethtool -L eth0 combined $queue_num'

[bergwolf]

Please change govmm and update vendor here.

[caoruidong]

See #169 (comment). So we assume kata can still run without vhost_net?

[katacontainersbot]

PSS Measurement:
Qemu: 165962 KB
Proxy: 4098 KB
Shim: 8751 KB

Memory inside container:
Total Memory: 2043460 KB
Free Memory: 2003572 KB

[katacontainersbot]

PSS Measurement:
Qemu: 169679 KB
Proxy: 4066 KB
Shim: 8841 KB

Memory inside container:
Total Memory: 2043460 KB
Free Memory: 2003720 KB

[opendev-zuul]

Build failed (third-party-check pipeline) integration testing with
OpenStack. For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

• kata-runsh : TIMED_OUT in 1h 01m 00s

[bergwolf]

@caoruidong yes, I think so and I did succeed running kata w/o vhost locally.

[sboeuf]

@caoruidong please add @jiulongzaitian to the Signed-off-by section, since he's also part of this PR.

[caoruidong]

OK. The original commit has Soby. I'll squash them into one for clarity.

[codecov]

Codecov Report

Merging #706 into master will increase coverage by 0.07%.
The diff coverage is 80%.

@@            Coverage Diff             @@
##           master     #706      +/-   ##
==========================================
+ Coverage   65.25%   65.33%   +0.07%     
==========================================
  Files          85       85              
  Lines        9956     9951       -5     
==========================================
+ Hits         6497     6501       +4     
+ Misses       2807     2798       -9     
  Partials      652      652

[katacontainersbot]

PSS Measurement:
Qemu: 173671 KB
Proxy: 4035 KB
Shim: 8889 KB

Memory inside container:
Total Memory: 2043460 KB
Free Memory: 2003548 KB

[opendev-zuul]

Build failed (third-party-check pipeline) integration testing with
OpenStack. For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

• kata-runsh : TIMED_OUT in 1h 01m 10s

[sboeuf]

@caoruidong looks fine to me! Please rebase.

[jodh-intel]

lgtm

[sboeuf]

@bergwolf PTAL and update your review!

[amshinde]

Sorry, I am just seeing this PR.
I am not in favor of detecting if vhost is available during runtime.
This means we perform an exec, anytime we need to attach a network device.

cmd := exec.Command(modInfoCmd, module)

I think this should really be an explicit runtime configuration, set to true by default and documented.
What do others think about this?
cc @egernst

[sboeuf]

@amshinde actually I think you're totally right. A lot of exec are going to be performed eventually...
Having this, part of the hypervisor configuration would be the best place, but would require a bit of rework regarding network.go to make sure it can access the hypervisor config.

[sboeuf]

Agreed with @amshinde this patch will result in a lot of exec at runtime, which will impact performance.

[bergwolf]

I agree with @amshinde that this should be a config option and if vhost is enabled by configuration, try to modprobe it if it doesn't exist yet. And maybe we want another option to say if we want to fallback when vhost-net module doesn't exist.

[caoruidong]

I agree this patch doesn't work now. We create vhost fds without judgement.

runtime/virtcontainers/network.go

Lines 939 to 943 in e02695b

	vhostFds, err := createVhostFds(defaultQueues)
	if err != nil {
	return fmt.Errorf("Could not setup vhost fds %s : %s", netPair.VirtIface.Name, err)
	}
	netPair.VhostFds = vhostFds

Our codes strongly depend on vhost_net. @bergwolf How do you run kata without vhost_net? Do you change the code?

[jodh-intel]

Good catch @amshinde - agreed!

[katacontainersbot]

PSS Measurement:
Qemu: 169613 KB
Proxy: 4029 KB
Shim: 9154 KB

Memory inside container:
Total Memory: 2043460 KB
Free Memory: 2003432 KB

[opendev-zuul]

Build succeeded (third-party-check pipeline).

• kata-runsh : SUCCESS in 58m 31s

[bergwolf]

LGTM. Just one comment on the new option explanation.

[bergwolf]

So we no longger modprobe vhost-net, neither we fallback to non-vhost case, right? Please document it here that vhost-net kernel module needs to be builtin or inserted if vhost_net is enabled. Otherwise we'll fail to create the network endpoint for containers.

[caoruidong]

If vhost_net.ko exists but is not inserted, when someone accesses /dev/vhost-net, vhost_net.ko will be auto loaded. So we don't need to modprobe it by hand.
If vhost is enabled but actually ko doesn't exist, we won't know until we try to create vhost fds. So I wonder whether that is a good time to fallback to non-vhost when we meet error.

runtime/virtcontainers/network.go

Lines 917 to 921 in a5f05bf

	vhostFds, err := createVhostFds(defaultQueues)
	if err != nil {
	return fmt.Errorf("Could not setup vhost fds %s : %s", netPair.VirtIface.Name, err)
	}
	netPair.VhostFds = vhostFds

Both just error out and fallback are OK.

[bergwolf]

It's OK to just fail in such case. Thanks for the info that vhost_net.ko is automatically loaded.

[bergwolf]

LGTM, thanks! @caoruidong Please rebase though since it conflicts with new changes merged in #719.

[bergwolf]

@sboeuf @amshinde ptal

[katacontainersbot]

PSS Measurement:
Qemu: 169415 KB
Proxy: 3998 KB
Shim: 8743 KB

Memory inside container:
Total Memory: 2043460 KB
Free Memory: 2006332 KB

[opendev-zuul]

Build failed (third-party-check pipeline) integration testing with
OpenStack. For information on how to proceed, see
http://docs.openstack.org/infra/manual/developers.html#automated-testing

• kata-runsh : TIMED_OUT in 1h 01m 12s