Commit afe790e0 authored by Michael Sammler's avatar Michael Sammler
Browse files

update notes about seccomp filter

parent 307a6752
......@@ -15,6 +15,7 @@ two servers are relevant
(so effectively we disable hyper-threading on that socket)
+ the other jobs use the same cores as the system itself:
`cpuset_cpus = "1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39"`
+ the timing runner has the seccomp filter disabled to be able to run perf. Once https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27235 is fixed, one could instead use a seccomp filter that allows the `perf_even_open` syscall in Docker, see https://stackoverflow.com/a/44748260 . (Previously, the job was running with privileged = true to enable perf.)
+ using S3-Server for caching (served by MPI)
+ for timing measurements: #instructions are measured with `perf` (less noisy than exact times)
+ server doesn't use custom MPI kernel, but rather the standard Debian kernel (to enable `perf` in Docker)
......@@ -54,10 +55,9 @@ two servers are relevant
3. In /etc/systemd/system.conf: set CPU affinity
4. restore /etc/gitlab-runner/config.toml
5. restore /etc/sysctl/perf.conf
6. (Use a seccomp file that enables the `perf_even_open` syscall in Docker, see the accepted answer to https://stackoverflow.com/questions/44745987/use-perf-inside-a-docker-container-without-privileged ; alternatively keeping the timing Docker container privileged works)
7. Check if everything is running.
6. Check if everything is running.
+ CPU Affinity: sanity-check in htop that only the cores that are configured in system.conf are running system processes
8. Update the docker image at Docker Hub (the Debian version for the timing job needs to be the same as the host version, to have perf working), `ralfjung/opam-ci`.
7. Update the docker image at Docker Hub (the Debian version for the timing job needs to be the same as the host version, to have perf working), `ralfjung/opam-ci`.
Since the automatic pull from the Github repo doesn't work anymore, directly push to Docker Hub:
```
git clone git@github.com:RalfJung/opam-ci.git opam-ci
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment