86f80f99c5
TL;DR: systemd does not require the performance-sensitive bits of Linux control groups enabled in the kernel. However, it does require some non-performance-sensitive bits of the control group logic. http://0pointer.de/blog/projects/cgroups-vs-cgroups.html The only controllers required for VyOS to function are the memory and PID controller required by the container feature. All other controlles can be disabled.
About
VyOS runs on a custom Linux Kernel (which is 4.19) at the time of this writing. This repository holds a Jenkins Pipeline which is used to build the Custom Kernel (x86_64/amd64 at the moment) and all required out-of tree modules.
VyOS does not utilize the build in Intel Kernel drivers for its NICs as those Kernels sometimes lack features e.g. configurable receive-side-scaling queues. On the other hand we ship additional not mainlined features as WireGuard VPN.
Kernel
The Kernel is build from the vanilla repositories hosted at https://git.kernel.org. VyOS requires two additional patches to work which are stored in the patches/kernel folder.
Config
The Kernel configuration used is x86_64_vyos_defconfig
which will be copied on demand during the Pipeline run into the arch/x86/configsi
direcotry of the Kernel source tree.
Other configurations can be added in the future easily.
Modules
VyOS utilizes several Out-of-Tree modules (e.g. WireGuard, Accel-PPP and Intel network interface card drivers). Module source code is retrieved from the upstream repository and - when needed - patched so it can be build using this pipeline.
In the past VyOS maintainers had a fork of the Linux Kernel, WireGuard and Accel-PPP. This is fine but increases maintenance effort. By utilizing vanilla repositories upgrading to new versions is very easy - only the branch/commit/tag used when cloning the repository via Jenkinsfile needs to be adjusted.