How to prevent other processes from running on instance-dedicated cpus
We are running a single-node PackStack for evaluation purposes. We are able to successfully pin VM instances to CPUs, but we noticed that other services and processes can run on those same cores dedicated to the VMs. We've discovered that Setting a VM instance to dedicated means the VM will run on a specific CPU core, but it does not prevent other openstack services from running on that core.
Is there a way to isolate a CPU core to only allow it to run VM instances that I want it to run, preventing interference from other services?
We are running RH OpenStack 12.
Responses
Red Hat
Expert
1065 points
So you might need to restrict the kernel from accessing the CPUs you have pinned to the instance. For example, let's say I have an 8 core CPU with dual hyper-threading, which results in 16 vcpus. I want to use core 0 for my OpenStack services and cores 1-7 for instances. I'd need to tell the kernel to leave those cores alone. This means I'd need to tell the kernel to leave alone vcpus 1-7 and 9-15:
$ sudo grubby --update-kernel=ALL --args="isolcpus=1,2,3,4,5,6,7,9,10,11,12,13,14,15"
$ sudo grub2-install /dev/sda
$ sudo reboot
For a bigger scenario that includes that method, we've got an example of isolating resources for co-located Compute and Ceph services here:
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.