diff --git a/services/crypto/xmr-miner/configmap-sources.yaml b/services/crypto/xmr-miner/configmap-sources.yaml index 53350018..16538439 100644 --- a/services/crypto/xmr-miner/configmap-sources.yaml +++ b/services/crypto/xmr-miner/configmap-sources.yaml @@ -10,11 +10,6 @@ data: # OPTIONAL: p2pool SHA256 (exact 64-hex chars). Leave blank to skip verification. P2POOL_SHA256: "" - # REQUIRED: set to the official xmrig ARM64 tarball URL (static build preferred) - XMRIG_URL: "https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-arm64.tar.gz" - # OPTIONAL: xmrig SHA256. Leave blank to skip verification. - XMRIG_SHA256: "" - # Threads for xmrig (default 1 to avoid RAM spikes; override after testing) XMRIG_THREADS: "1" # Extra args for xmrig if you want (space-separated) diff --git a/services/crypto/xmr-miner/deployment.yaml b/services/crypto/xmr-miner/deployment.yaml index 31db7ce9..b06d2a91 100644 --- a/services/crypto/xmr-miner/deployment.yaml +++ b/services/crypto/xmr-miner/deployment.yaml @@ -6,7 +6,7 @@ metadata: namespace: crypto labels: app: monero-p2pool - atlas.bstein.dev/workload-profile: light + atlas.bstein.dev/workload-profile: heavy spec: replicas: 1 selector: @@ -15,7 +15,7 @@ spec: metadata: labels: app: monero-p2pool - atlas.bstein.dev/workload-profile: light + atlas.bstein.dev/workload-profile: heavy annotations: vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/role: "crypto" @@ -35,14 +35,14 @@ spec: - matchExpressions: - key: hardware operator: In - values: ["rpi4","rpi5"] + values: ["rpi5"] preferredDuringSchedulingIgnoredDuringExecution: - weight: 50 preference: matchExpressions: - key: hardware operator: In - values: ["rpi4"] + values: ["rpi5"] initContainers: - name: fetch-p2pool image: alpine:3.20 @@ -93,11 +93,11 @@ spec: periodSeconds: 10 resources: requests: - cpu: 100m - memory: 128Mi - limits: cpu: 500m - memory: 512Mi + memory: 3Gi + limits: + cpu: 1500m + memory: 4Gi volumeMounts: - { name: p2pool-bin, mountPath: /opt/p2pool } volumes: diff --git a/services/crypto/xmr-miner/xmrig-daemonset.yaml b/services/crypto/xmr-miner/xmrig-daemonset.yaml index f36f832e..e48dd36b 100644 --- a/services/crypto/xmr-miner/xmrig-daemonset.yaml +++ b/services/crypto/xmr-miner/xmrig-daemonset.yaml @@ -30,7 +30,7 @@ spec: values: ["rpi4","rpi5"] containers: - name: xmrig - image: ghcr.io/tari-project/xmrig@sha256:80defbfd0b640d604c91cb5101d3642db7928e1e68ee3c6b011289b3565a39d9 + image: ghcr.io/tari-project/xmrig@sha256:d590a41613fea974f155280920095ea10c3710f55ecf16fc38fd3a1c18718129 imagePullPolicy: IfNotPresent env: - name: XMRIG_THREADS @@ -43,8 +43,12 @@ spec: set -eu THR="${XMRIG_THREADS:-1}" EXTRA="${XMRIG_EXTRA_ARGS:-}" + IO_PREFIX="" + if command -v ionice >/dev/null 2>&1; then + IO_PREFIX="ionice -c3" + fi # p2pool ignores wallet user; use 'x' or fixed difficulty with x+ - exec nice -n 19 ionice -c3 xmrig \ + exec nice -n 19 ${IO_PREFIX} xmrig \ -o p2pool.crypto.svc.cluster.local:3333 \ -u x \ -k \ diff --git a/services/maintenance/scripts/rpi_resource_reservation.sh b/services/maintenance/scripts/rpi_resource_reservation.sh index dda7e7bf..65a67042 100644 --- a/services/maintenance/scripts/rpi_resource_reservation.sh +++ b/services/maintenance/scripts/rpi_resource_reservation.sh @@ -6,6 +6,8 @@ unit="k3s-agent" unit_file="${host_root}/etc/systemd/system/${unit}.service" config_dir="${host_root}/etc/rancher/k3s/config.yaml.d" config_file="${config_dir}/90-atlas-rpi-reservations.yaml" +kubelet_config_dir="${host_root}/var/lib/rancher/k3s/agent/etc/kubelet.conf.d" +kubelet_config_file="${kubelet_config_dir}/90-atlas-rpi-reservations.conf" if [ ! -f "${unit_file}" ]; then echo "k3s-agent unit not found; this guardrail only manages worker agents" @@ -17,7 +19,7 @@ cat > "${tmp_file}" <<'EOF' # Managed by Flux via services/maintenance/scripts/rpi_resource_reservation.sh. # Keep RPi workers below saturation so kubelet and the OS keep enough headroom # to evict or recover before the board wedges. -kubelet-arg+: +kubelet-arg: - "system-reserved=cpu=250m,memory=384Mi,ephemeral-storage=1Gi" - "kube-reserved=cpu=150m,memory=256Mi,ephemeral-storage=1Gi" - "eviction-hard=memory.available<512Mi,nodefs.available<10%,imagefs.available<10%" @@ -34,9 +36,43 @@ if [ ! -f "${config_file}" ] || ! cmp -s "${tmp_file}" "${config_file}"; then fi rm -f "${tmp_file}" +kubelet_tmp_file="$(mktemp)" +cat > "${kubelet_tmp_file}" <<'EOF' +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +systemReserved: + cpu: 250m + memory: 384Mi + ephemeral-storage: 1Gi +kubeReserved: + cpu: 150m + memory: 256Mi + ephemeral-storage: 1Gi +evictionHard: + memory.available: 512Mi + nodefs.available: 10% + imagefs.available: 10% +evictionSoft: + memory.available: 768Mi + nodefs.available: 15% + imagefs.available: 15% +evictionSoftGracePeriod: + memory.available: 1m + nodefs.available: 2m + imagefs.available: 2m +evictionMaxPodGracePeriod: 60 +EOF + +if [ ! -f "${kubelet_config_file}" ] || ! cmp -s "${kubelet_tmp_file}" "${kubelet_config_file}"; then + mkdir -p "${kubelet_config_dir}" + install -m 0644 "${kubelet_tmp_file}" "${kubelet_config_file}" + changed=1 +fi +rm -f "${kubelet_tmp_file}" + if [ "${changed}" -eq 1 ]; then delay="$(( (RANDOM % 420) + 30 ))" - echo "updated ${config_file}; restarting ${unit} after ${delay}s" + echo "updated RPi kubelet reservations; restarting ${unit} after ${delay}s" sleep "${delay}" chroot "${host_root}" /bin/systemctl daemon-reload chroot "${host_root}" /bin/systemctl restart "${unit}"