Bug 2026709
| Summary: | Install TuneD by default on all RHEL (virtual/cloud) images which use @core package group | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Tomáš Hozza <thozza> |
| Component: | osbuild-composer | Assignee: | Tomáš Hozza <thozza> |
| Status: | CLOSED ERRATA | QA Contact: | Release Test Team <release-test-team-automation> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 9.0 | CC: | bfinger, jhladky, jmario, jrusz, jskarvad, pmendezh, yacao, yuxisun |
| Target Milestone: | rc | Keywords: | Patch, Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | osbuild-composer-40-1.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-17 13:30:01 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Tomáš Hozza
2021-11-25 14:40:02 UTC
Update from Kernel Performance QE group: tuned is important for the system performance and it should be installed by default. I received information from jhladky that polkit libraries which are pulled-in as a TuneD dependency uses cca. 8.2 MB which is not negligible for the image. TuneD uses polkit for D-Bus authorization, this feature is there since RHEL-7. It should work even without the polkit (currently untested, but it was designed this way). Without polkit only root can access the D-Bus TuneD interface on the system bus and on each access it will log error that polkit is not available (this could be patched out in TuneD to log the error only once per session). Removing the polkit may introduce some inconvenience to e.g. the workstation users and third party apps used to control the TuneD - all will have to run with the root privileges, which is not good from the security perspective. Or we will have to add explicit list of allowed users to the TuneD, but it is reinvention of the wheel. We could also make the polkit soft dependency in the spec, but I don't know whether it will help you with the creation of the image. In such case if it is installed without the polkit only root will be allowed to control the TuneD. If installed with the polkit it will work as expected using the system wide policy. Hi Jaroslav. (In reply to Jaroslav Škarvada from comment #2) > I received information from jhladky that polkit libraries which are > pulled-in as a TuneD dependency uses cca. 8.2 MB which is not negligible for > the image. The change is meant to be for virtual and cloud images. The RHEL guest image is 4GB in size and the EC2 images are all 10GB in size. I think that 8.2MB is not really an issue. Also TuneD used to be installed on all of this images in the past and it is missing on their RHEL-9 version only because of a change in the @core package group which was not meant to modify the content of RHEL images. > TuneD uses polkit for D-Bus authorization, this feature is there since > RHEL-7. It should work even without the polkit (currently untested, but it > was designed this way). Without polkit only root can access the D-Bus TuneD > interface on the system bus and on each access it will log error that polkit > is not available (this could be patched out in TuneD to log the error only > once per session). Removing the polkit may introduce some inconvenience to > e.g. the workstation users and third party apps used to control the TuneD - > all will have to run with the root privileges, which is not good from the > security perspective. Or we will have to add explicit list of allowed users > to the TuneD, but it is reinvention of the wheel. > > We could also make the polkit soft dependency in the spec, but I don't know > whether it will help you with the creation of the image. In such case if it > is installed without the polkit only root will be allowed to control the > TuneD. If installed with the polkit it will work as expected using the > system wide policy. IMO you can keep things the way they are right now as the dependency is IMO not an issue for RHEL virtual/cloud images. > IMO you can keep things the way they are right now as the dependency is IMO
> not an issue for RHEL virtual/cloud images.
Hi Tomas,
I agree with you!
We have discussed the issue at the kscale meeting, and we concluded that the tuned was removed to make the RHEL image as small as possible. This is why I have asked Jaroslav for analysis if we can reduce the number of dependencies.
Tuned is very important for the system performance, and the Red Hat Performance team strongly advocates for including the tuned in RHEL images by default.
Thanks
Jirka
Note for QE: This change affected the following image types: - qcow2 - vhd - vmdk - openstack - image-installer FYI, it seems with the Gnome desktop the power-profiles-daemon is now installed and enabled by default. It's stopping TuneD upon start. Workaround is to disable or uninstall power-profiles-daemon. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: osbuild-composer), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:2522 Hi Tomas, does it work for you - is tuned installed by default in RHEL-9.0.0 for your environment? I have done some trials with Beaker and tuned IS NOT installed by default: * With RHEL-9.0.0 GA, tuned is NOT installed by default (tested on bare metal and with multi-user.target in Beaker) * I have tested RHEL-9.0.0-updates-20220621.1 and tuned is still not installed * Same results with RHEL-9.1.0-20220621.1 - tuned is still not installed by default Thanks a lot! Jirka This bug is related to RHEL images produced by Image Builder, not installations done using Anaconda. For tracking purposes, I will post here results of various discussions:
--------------------Tomas Hozza-----------------------------------
So the reason is that the summary states "Install TuneD by default on all RHEL (virtual/cloud) images ...".
This means that Tuned is installed by default on all RHEL images that are produced by Image Builder (osbuild-composer), but the change has no effect on default installation that is done via Anaconda.
---------------------Josh Boyer-----------------------------------
Jan removed tuned from the @core group in Fedora ELN Jan 18, 2021.
commit a5d4f1b6c9fcbe20cb0c38eac5048d7d45d1dd17
Author: Jan Pazdziora <jpazdziora>
Date: Mon Jan 18 12:21:03 2021 +0100
The tuned daemon should not be mandatory in minimal host installations.
If I remember correctly, this was to minimize the footprint and reduce
the number of packages that are required for Common Criteria
certification. We can add tuned to the @base/@standard groups, but it
should probably not go back into @core at this point.
=======================================================================
Resolution:
We have agreed to add tuned to @base/@standard groups. Here are the tickets:
https://bugzilla.redhat.com/show_bug.cgi?id=2100491
https://issues.redhat.com/browse/ENGCMP-2413
|