Skip to content

feat: refine hpc_tuning and add additional tunings#70

Open
lixuemin2016 wants to merge 1 commit intolinux-system-roles:mainfrom
lixuemin2016:tuning
Open

feat: refine hpc_tuning and add additional tunings#70
lixuemin2016 wants to merge 1 commit intolinux-system-roles:mainfrom
lixuemin2016:tuning

Conversation

@lixuemin2016
Copy link
Collaborator

@lixuemin2016 lixuemin2016 commented Feb 9, 2026
edited
Loading

Enhancement:
Refine existing hpc_tuning and add additional system-level tunings

  • Remove azsec-monitor to prevent CPU utilization by azsec-monitor
  • Add DefaultLimitMEMLOCK configuration via drop-in method

Reason:
Add more system-level tunings and refine current hpc_tuning
Note: It does not modify the main file /etc/systemd/system.conf, using
drop-in /etc/systemd/system.conf.d/99-memlock.conf which is safer and cleaner

Result:

sysctl sunrpc.tcp_max_slot_table_entries 
sunrpc.tcp_max_slot_table_entries = 128

systemctl show --property=DefaultLimitMEMLOCK
DefaultLimitMEMLOCK=infinity

/etc/systemd/system.conf.d/99-memlock.conf
/etc/systemd/user.conf.d/99-memlock.conf

Issue Tracker Tickets (Jira or BZ if any):

JIRA: RHELHPC-109

Some history information about customized systemd service method for reference only.
cat /etc/systemd/system.conf | grep -i DefaultLimitMEMLOCK=infinity
DefaultLimitMEMLOCK=infinity

cat /etc/systemd/user.conf | grep -i DefaultLimitMEMLOCK=infinity
DefaultLimitMEMLOCK=infinity

systemctl status sunrpc_tcp_settings
● sunrpc_tcp_settings.service - Set sunrpc tcp settings
Loaded: loaded (/etc/systemd/system/sunrpc_tcp_settings.service; enabled; preset: disabled)
Active: active (exited) since Mon 2026-02-09 07:39:18 UTC; 38min ago
Main PID: 19764 (code=exited, status=0/SUCCESS)
CPU: 5ms

systemd[1]: Starting Set sunrpc tcp settings...
systemd[1]: Finished Set sunrpc tcp settings.

systemctl restart sunrpc_tcp_settings

systemctl status sunrpc_tcp_settings

● sunrpc_tcp_settings.service - Set sunrpc tcp settings
Loaded: loaded (/etc/systemd/system/sunrpc_tcp_settings.service; enabled; preset: disabled)
Active: active (exited) since Mon 2026-02-09 08:18:16 UTC; 3s ago
Process: 35183 ExecStart=/usr/sbin/sunrpc_tcp_settings.sh (code=exited, status=0/SUCCESS)
Main PID: 35183 (code=exited, status=0/SUCCESS)
CPU: 5ms

systemd[1]: Starting Set sunrpc tcp settings...
systemd[1]: Finished Set sunrpc tcp settings.

Summary by Sourcery

Refine HPC system tuning by expanding system-level resource limits, managing azsec-monitor, and replacing direct sunrpc module loading with a dedicated systemd service.

New Features:

  • Introduce a sunrpc_tcp_settings systemd service and helper script to load the sunrpc module and apply TCP-related sysctl settings for HPC systems.

Enhancements:

  • Remove the azsec-monitor package during HPC tuning to avoid unnecessary CPU utilization on tuned systems.
  • Raise default per-user open file limits in the HPC limits configuration to better support high-scale workloads.
  • Configure systemd system and user defaults to set DefaultLimitMEMLOCK=infinity and re-exec systemd when these settings are applied.

Documentation:

  • Update HPC role documentation to describe loading the sunrpc kernel module via the new sunrpc_tcp_settings systemd service instead of direct module loading.

@sourcery-ai
Copy link

sourcery-ai bot commented Feb 9, 2026
edited
Loading

Reviewer's Guide

Refines the HPC tuning Ansible role by tightening resource limits, managing sunrpc settings via a dedicated systemd service, and adding safeguards like removing azsec-monitor and re-execing/reloading systemd when configuration changes occur.

Sequence diagram for sunrpc_tcp_settings systemd-based tuning

sequenceDiagram
    participant Ansible
    participant Systemd
    participant SunrpcService as sunrpc_tcp_settings.service
    participant Script as sunrpc_tcp_settings.sh
    participant Kernel as sunrpc_module

    Ansible->>Systemd: Install sunrpc_tcp_settings.service
    Ansible->>Systemd: daemon-reload
    Ansible->>Systemd: Enable sunrpc_tcp_settings
    Ansible->>Systemd: Start sunrpc_tcp_settings
    Systemd->>SunrpcService: Activate service
    SunrpcService->>Script: ExecStart /usr/sbin/sunrpc_tcp_settings.sh
    Script->>Kernel: modprobe sunrpc
    Script->>Systemd: sysctl -p
    SunrpcService-->>Systemd: Exit status 0
    Ansible->>Systemd: systemctl is-active sunrpc_tcp_settings
    Systemd-->>Ansible: active
Loading

Sequence diagram for updating systemd MEMLOCK limits

sequenceDiagram
    participant Ansible
    participant Systemd
    participant SystemConf as system.conf
    participant UserConf as user.conf

    Ansible->>SystemConf: Ensure DefaultLimitMEMLOCK=infinity
    Ansible->>UserConf: Ensure DefaultLimitMEMLOCK=infinity
    Ansible->>Systemd: daemon-reexec
    Systemd-->>Ansible: New limits applied for services
Loading

Flow diagram for HPC tuning Ansible task block

flowchart TD
    A["Start hpc_tuning block"] --> B["Remove azsec-monitor package if present"]
    B --> C["Write 90-hpc-limits.conf with updated nofile limits"]
    C --> D["Set DefaultLimitMEMLOCK=infinity in system.conf"]
    D --> E["Set DefaultLimitMEMLOCK=infinity in user.conf"]
    E --> F["Write 90-hpc-sysctl.conf and reload sysctl"]
    F --> G["Deploy sunrpc_tcp_settings.sh to /usr/sbin"]
    G --> H["Deploy sunrpc_tcp_settings.service to /etc/systemd/system"]
    H --> I["systemctl daemon-reload"]
    I --> J["Enable and start sunrpc_tcp_settings service"]
    J --> K["Verify sunrpc_tcp_settings is active"]
    K --> L["End hpc_tuning block"]
Loading

File-Level Changes

Change Details Files
Refine HPC tuning task block to remove azsec-monitor, adjust limits, and manage sunrpc via a systemd service instead of direct module loading.
  • Add package task to remove azsec-monitor if present, with ostree-aware backend selection and non-fatal failure handling.
  • Increase system-wide nofile limits in the HPC limits template from 65535 to 1048576 for both soft and hard limits.
  • Replace direct sunrpc module loading and manual modprobe checks with templated sunrpc_tcp_settings.sh and sunrpc_tcp_settings.service, enabling and starting the service, and validating its active status via systemctl.
 tasks/main.yml
templates/90-hpc-limits.conf
templates/sunrpc_tcp_settings.sh
templates/sunrpc_tcp_settings.service
Introduce systemd handlers and configuration adjustments to support HPC tuning changes.
  • Add tasks to set DefaultLimitMEMLOCK=infinity in systemd system.conf and user.conf using lineinfile and trigger a systemd daemon re-exec on change.
  • Add handlers to reexec and reload systemd via systemctl daemon-reexec and systemctl daemon-reload to respond to configuration and unit file changes.
  • Update README to document that sunrpc is now configured via sunrpc_tcp_settings systemd service rather than direct kernel module loading.
 tasks/main.yml
handlers/main.yml
README.md
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Feb 9, 2026
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

  • The lineinfile tasks for DefaultLimitMEMLOCK=infinity will not update an existing DefaultLimitMEMLOCK entry with a different value; consider using a regexp to replace any existing line rather than just appending a new one.
  • The sunrpc_tcp_settings.sh script runs sysctl -p, which reloads all sysctl settings and might have unintended side effects; it would be safer to scope this to the specific sysctl config file(s) you manage (e.g., sysctl -p /etc/sysctl.d/90-hpc-sysctl.conf) or use sysctl -w for the needed keys.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- The `lineinfile` tasks for `DefaultLimitMEMLOCK=infinity` will not update an existing `DefaultLimitMEMLOCK` entry with a different value; consider using a `regexp` to replace any existing line rather than just appending a new one.
- The `sunrpc_tcp_settings.sh` script runs `sysctl -p`, which reloads all sysctl settings and might have unintended side effects; it would be safer to scope this to the specific sysctl config file(s) you manage (e.g., `sysctl -p /etc/sysctl.d/90-hpc-sysctl.conf`) or use `sysctl -w` for the needed keys.

## Individual Comments

### Comment 1
<location> `templates/sunrpc_tcp_settings.sh:6` </location>
<code_context>
+{{ "system_role:hpc" | comment(prefix="", postfix="") }}
+
+modprobe sunrpc
+sysctl -p
</code_context>

<issue_to_address>
**suggestion (bug_risk):** Using `sysctl -p` without a specific file may reload and depend on global sysctl configuration

This reloads `/etc/sysctl.conf` and all of `/etc/sysctl.d`, which can introduce unrelated changes and fail due to invalid, non-HPC sysctl entries. To limit scope and improve robustness, invoke `sysctl -p` with the specific HPC (or sunrpc-specific) configuration file instead.

Suggested implementation:

```
sysctl -p {{ sunrpc_sysctl_config | default('/etc/sysctl.d/99-hpc-sunrpc-tcp.conf') }}

```

1. Ensure a matching sysctl configuration file (e.g. `/etc/sysctl.d/99-hpc-sunrpc-tcp.conf`) is created/managed by this role, containing only the sunrpc/HPC-specific sysctl settings.
2. Optionally define the `sunrpc_sysctl_config` variable in the role defaults or inventory if a different path is desired.
3. Confirm that the managed sysctl file is written before this script is executed so that `sysctl -p` can successfully load it.
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

templates/sunrpc_tcp_settings.sh Outdated
{{ "system_role:hpc" | comment(prefix="", postfix="") }}

modprobe sunrpc
sysctl -p
Copy link

@sourcery-ai sourcery-ai bot Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion (bug_risk): Using sysctl -p without a specific file may reload and depend on global sysctl configuration

This reloads /etc/sysctl.conf and all of /etc/sysctl.d, which can introduce unrelated changes and fail due to invalid, non-HPC sysctl entries. To limit scope and improve robustness, invoke sysctl -p with the specific HPC (or sunrpc-specific) configuration file instead.

Suggested implementation:

sysctl -p {{ sunrpc_sysctl_config | default('/etc/sysctl.d/99-hpc-sunrpc-tcp.conf') }}
  1. Ensure a matching sysctl configuration file (e.g. /etc/sysctl.d/99-hpc-sunrpc-tcp.conf) is created/managed by this role, containing only the sunrpc/HPC-specific sysctl settings.
  2. Optionally define the sunrpc_sysctl_config variable in the role defaults or inventory if a different path is desired.
  3. Confirm that the managed sysctl file is written before this script is executed so that sysctl -p can successfully load it.

@richm
Copy link
Contributor

richm commented Feb 9, 2026

It looks like the sunrpc service does two things:

  • ensures that the sunrpc kernel module is loaded at boot
  • ensures that the sysctl settings are applied at boot

Note that you do not need a service to do this - this can be done automatically by the os.

  1. Ensure that the kernel module is loaded at boot before systemd-sysctl is run - if you add the module to /etc/modules-load.d/ it should be loaded early enough. Otherwise, you'll need to add a custom udev rule.
  2. Then, the systemd-sysctl job should run and load any files in /etc/sysctl.d/

Is there some reason you need a custom systemd service to do this?

dgchinner
dgchinner reviewed Feb 10, 2026
View reviewed changes
dgchinner
dgchinner reviewed Feb 10, 2026
View reviewed changes
tasks/main.yml Outdated
Comment on lines 880 to 883
- name: Create sunrpc_tcp_settings.sh script
template:
src: sunrpc_tcp_settings.sh
dest: /usr/sbin/sunrpc_tcp_settings.sh
Copy link
Contributor

@dgchinner dgchinner Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically the name should be "Install the sunrpc_tcp_settings.sh script" - we are not creating it...

Secondly, custom scripts like this go in /opt/hpc/azure/bin, aka "{{ __hpc_azure_resource_dir }}/bin", not in system binary directories.

dgchinner
dgchinner reviewed Feb 10, 2026
View reviewed changes
templates/sunrpc_tcp_settings.sh Outdated
{{ ansible_managed | comment }}
{{ "system_role:hpc" | comment(prefix="", postfix="") }}

modprobe sunrpc
Copy link
Contributor

@dgchinner dgchinner Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, this should fail if the kernel module loading fails. That way the failure gets propagated to teh service that invoked the script. However, I think the '-eu' addition to the shebang line I mentioned above will trigger script failure correctly here.

Copy link
Collaborator Author

@lixuemin2016 lixuemin2016 Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dgchinner Got it, this shell file is no need anymore since I keep using old installation method for consistency and old installation method is easier to maintain.

dgchinner
dgchinner reviewed Feb 10, 2026
View reviewed changes
tasks/main.yml Outdated
Comment on lines 862 to 895
notify: Restart systemd-modules-load
notify: Reload systemd
Copy link
Contributor

@dgchinner dgchinner Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this removes the only user of the systemd-modules-load handler. If it is now unused, please remove it from the handlers/main.yml file.

@lixuemin2016
Copy link
Collaborator Author

lixuemin2016 commented Feb 11, 2026

Is there some reason you need a custom systemd service to do this?

Hi @richm @dgchinner thank you so much for your review. I use

It looks like the sunrpc service does two things:

  • ensures that the sunrpc kernel module is loaded at boot
  • ensures that the sysctl settings are applied at boot

Note that you do not need a service to do this - this can be done automatically by the os.

  1. Ensure that the kernel module is loaded at boot before systemd-sysctl is run - if you add the module to /etc/modules-load.d/ it should be loaded early enough. Otherwise, you'll need to add a custom udev rule.
  2. Then, the systemd-sysctl job should run and load any files in /etc/sysctl.d/

Is there some reason you need a custom systemd service to do this?

Hi @richm @dgchinner thank you so much for review and detailed comment. Using a custom systemd service mainly is refer to the https://github.com/Azure/azhpc-images/blob/master/components/hpc-tuning.sh which uses custom systemd service. I will test sunrpc kernel module method and change back if no issue.

@lixuemin2016
feat: refine hpc_tuning and add additional tunings
5ac88c5 
Refine existing hpc_tuning and add additional system-level tunings

- Remove azsec-monitor to prevent CPU utilization by azsec-monitor
- Add DefaultLimitMEMLOCK configuration for systemd

Check result:
- sysctl sunrpc.tcp_max_slot_table_entries
  sunrpc.tcp_max_slot_table_entries = 128
- systemctl show --property=DefaultLimitMEMLOCK
  DefaultLimitMEMLOCK=infinity

JIRA: RHELHPC-109

Signed-off-by: Xuemin Li <xuli@redhat.com>
@lixuemin2016
Copy link
Collaborator Author

lixuemin2016 commented Feb 12, 2026

It looks like the sunrpc service does two things:

  • ensures that the sunrpc kernel module is loaded at boot
  • ensures that the sysctl settings are applied at boot

Note that you do not need a service to do this - this can be done automatically by the os.

  1. Ensure that the kernel module is loaded at boot before systemd-sysctl is run - if you add the module to /etc/modules-load.d/ it should be loaded early enough. Otherwise, you'll need to add a custom udev rule.
  2. Then, the systemd-sysctl job should run and load any files in /etc/sysctl.d/

Is there some reason you need a custom systemd service to do this?

@richm Thank you so much. Updated, keep using original method to install kernel module sunrpc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@spetrosi spetrosi Awaiting requested review from spetrosi spetrosi is a code owner

@richm richm Awaiting requested review from richm richm is a code owner

+1 more reviewer

@dgchinner dgchinner dgchinner left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lixuemin2016 @richm @dgchinner