This article documents my attempts to upgrade systemd and switch cgroupv2 on a Centos 7 system.

Background

In linux 4.5, cgroup v2 has been added to the kernel code as a new feature. After upgrading the kernel, users can check if cgroup v2 is supported by the following command.

1
2
3
4
5
grep cgroup /proc/filesystems

# OUTPUT
nodev   cgroup
nodev   cgroup2

The kubernetes 1.25.0 release has full support for cgroup v2, and the official documentation recommends that you configure cgroupDriver to systemd. This will allow the kubelet to adapt between v1 and v2 versions of cgroup via systemd. So cgroup v2 adaptation for kubernetes/cri-runtime is actually switching systemd from the default cgroup v1 to cgroup v2.

Since the systemd-219 version of centos 7 is too old to support cgroup v2, I tried to upgrade systemd to 247 via source installation, and then switch the default systemd cgroup version to v2 by configuring the system boot parameters.

In issues/23109, systemd explicitly states that centos 7 is too old and may not be upgraded to a higher version of systemd.

Upgrade systemd

1. option 1: compile and install

This option has a chance of crashing the system

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Install the compilation tool
yum install centos-release-scl
yum install devtoolset-7
scl enable devtoolset-7 bash
source /opt/rh/devtoolset-7/enable

# By default the gcc version installed by the above command is gcc-4.8.5-36, using this version of gcc to compile systemd will fail, refer to https://github.com/systemd/systemd/pull/14726
# You can upgrade gcc to gcc-4.8.5-44 with the following command
yum -y update gcc

# Install python 3.6
wget https://www.python.org/ftp/python/3.6.15/Python-3.6.15.tgz
tar -xf Python-3.6.15.tgz && cd Python-3.6.15
./configure --prefix=/usr/local --with-ssl
make altinstall
ln -s /usr/local/bin/python3.6 /usr/bin/python3
ln -s /usr/local/bin/pip3.6 /usr/bin/pip3
pip3 install --upgrade pip

# Install other dependencies
yum install http://repo.okay.com.mx/centos/7/x86_64/release/okay-release-1-1.noarch.rpm
yum install -y libcap-devel ninja-build meson m4

# Install gperf
wget http://ftp.gnu.org/pub/gnu/gperf/gperf-3.1.tar.gz
tar -zxvf gperf-3.1.tar.gz && cd gperf-3.1 
./configure && make && make install
cd -

# Install cmake
yum -y install openssl-devel
wget https://github.com/Kitware/CMake/releases/download/v3.22.4/cmake-3.22.4.tar.gz
tar -zxvf cmake-3.22.4.tar.gz && cd cmake-3.22.4
./bootstrap --prefix=/usr --datadir=share/cmake --docdir=doc/cmake && make
make install
cd -

# Install util-linux(https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/)
wget https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.30/util-linux-2.30.2.tar.gz
tar zxf util-linux-2.30.2.tar.gz && cd util-linux-2.30.2
./configure --disable-all-programs --enable-mount --enable-libmount --enable-libblkid --enable-libuuid
make && make install
cp mount /usr/bin/mount
cp umount /usr/bin/umount
ln /usr/lib/libmount.so /usr/lib64/libmount.so
cp ./libmount/mount.pc /usr/lib64/pkgconfig/mount.pc
cp ./libblkid/blkid.pc /usr/lib64/pkgconfig/blkid.pc
cp ./libuuid/uuid.pc   /usr/lib64/pkgconfig/uuid.pc
cd -

# Upgrade systemd 
wget https://github.com/systemd/systemd/archive/v247.tar.gz
tar -zxvf systemd-247.tar.gz && cd systemd-247
 ./configure && make && make install
 cd -

2. 2. Option 2: Upgrade by yum

Refer to systemd-231-latest-in-centos-7-thx-to-facebook, facebook provides a third-party Yum repository that allows you to upgrade systemd up to version 234.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
[copr:copr.fedorainfracloud.org:jsynacek:systemd-backports-for-centos-7]
name=Copr repo for systemd-backports-for-centos-7 owned by jsynacek
baseurl=https://download.copr.fedorainfracloud.org/results/jsynacek/systemd-backports-for-centos-7/epel-7-$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://download.copr.fedorainfracloud.org/results/jsynacek/systemd-backports-for-centos-7/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1

Note: Rebooting the server after upgrading systemd will cause the NIC device name to change, and users will need to reconfigure the NIC information.

After upgrading systemd, the user needs to recompile the system kernel to enable the new version of systemd. How to upgrade the kernel is not described in this article.

The current version of systemd can be viewed via the dmesg command.

dmesg

Enable CGroup V2

Compile the /etc/default/grub file, create the GRUB_CMDLINE_LINUX variable and add the cgroup_no_v1=all systemd.unified_cgroup_hierarchy=1 parameter, execute the following command to rebuild the grub file and restart the server.

1
grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

Determine if systemd is enabled properly with the following command.

1
stat -fc %T /sys/fs/cgroup/