Add kernel parameter reporting to hypervisor status

anokfireball · anokfireball · commit 1631fd4820f6 · 2026-02-23T15:19:44.000+01:00
This enables the operator to report kernel boot parameters in the
Hypervisor status, allowing users to verify kernel configuration
across the fleet.
diff --git a/config/crd/bases/kvm.cloud.sap_hypervisors.yaml b/config/crd/bases/kvm.cloud.sap_hypervisors.yaml
@@ -459,6 +459,10 @@ spec:
                   hardwareVendor:
                     description: HardwareVendor
                     type: string
+                  kernelCommandLine:
+                    description: KernelCommandLine contains the raw kernel boot
+                      parameters from /proc/cmdline.
+                    type: string
                   kernelName:
                     description: KernelName
                     type: string
diff --git a/go.mod b/go.mod
@@ -14,6 +14,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.28.1
 	github.com/onsi/gomega v1.39.1
 	github.com/sapcc/go-api-declarations v1.19.0
+	github.com/stretchr/testify v1.11.1
 	k8s.io/api v0.35.0
 	k8s.io/apimachinery v0.35.0
 	k8s.io/client-go v0.35.0
@@ -104,6 +105,7 @@ require (
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.35.0 // indirect
 	k8s.io/apiserver v0.35.0 // indirect
 	k8s.io/component-base v0.35.0 // indirect
diff --git a/internal/controller/hypervisor_controller.go b/internal/controller/hypervisor_controller.go
@@ -38,6 +38,7 @@ import (
 
 	"github.com/cobaltcore-dev/kvm-node-agent/internal/certificates"
 	"github.com/cobaltcore-dev/kvm-node-agent/internal/evacuation"
+	"github.com/cobaltcore-dev/kvm-node-agent/internal/kernel"
 	"github.com/cobaltcore-dev/kvm-node-agent/internal/libvirt"
 	"github.com/cobaltcore-dev/kvm-node-agent/internal/sys"
 	"github.com/cobaltcore-dev/kvm-node-agent/internal/systemd"
@@ -46,11 +47,13 @@ import (
 // HypervisorReconciler reconciles a Hypervisor object
 type HypervisorReconciler struct {
 	client.Client
-	Scheme  *runtime.Scheme
-	Systemd systemd.Interface
-	Libvirt libvirt.Interface
+	Scheme       *runtime.Scheme
+	Systemd      systemd.Interface
+	Libvirt      libvirt.Interface
+	KernelReader kernel.Interface
 
 	osDescriptor     *systemd.Descriptor
+	kernelParameters *kernel.Parameters
 	evacuateOnReboot bool
 
 	// Channel that can be used to trigger reconcile events.
@@ -149,6 +152,11 @@ func (r *HypervisorReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 			hypervisor.Status.OperatingSystem.FirmwareDate = metav1.NewTime(time.UnixMicro(r.osDescriptor.FirmwareDate))
 		}
 
+		if r.kernelParameters != nil &&
+			hypervisor.Status.OperatingSystem.KernelCommandLine == "" {
+			hypervisor.Status.OperatingSystem.KernelCommandLine = r.kernelParameters.CommandLine
+		}
+
 		if hypervisor.Spec.EvacuateOnReboot != r.evacuateOnReboot {
 			if hypervisor.Spec.EvacuateOnReboot {
 				e := &evacuation.EvictionController{Client: r.Client}
@@ -360,6 +368,13 @@ func (r *HypervisorReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		return fmt.Errorf("unable to get Systemd hostname describe(): %w", err)
 	}
 
+	if r.KernelReader == nil {
+		r.KernelReader = kernel.NewSystemReader()
+	}
+	if r.kernelParameters, err = r.KernelReader.ReadParameters(); err != nil {
+		return fmt.Errorf("unable to read kernel parameters: %w", err)
+	}
+
 	// Prepare an event channel that will trigger a reconcile event.
 	r.reconcileCh = make(chan event.GenericEvent)
 	src := source.Channel(r.reconcileCh, &handler.EnqueueRequestForObject{})
diff --git a/internal/controller/hypervisor_controller_test.go b/internal/controller/hypervisor_controller_test.go
@@ -35,6 +35,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
+	"github.com/cobaltcore-dev/kvm-node-agent/internal/kernel"
 	"github.com/cobaltcore-dev/kvm-node-agent/internal/libvirt"
 	"github.com/cobaltcore-dev/kvm-node-agent/internal/sys"
 	"github.com/cobaltcore-dev/kvm-node-agent/internal/systemd"
@@ -127,13 +128,22 @@ var _ = Describe("Hypervisor Controller", func() {
 	})
 
 	Context("When testing SetupWithManager method", func() {
-		It("should successfully setup controller with manager", func() {
+		It("should successfully setup controller with manager and read kernel parameters", func() {
 			// Create a test manager
 			mgr, err := ctrl.NewManager(cfg, ctrl.Options{
 				Scheme: k8sClient.Scheme(),
 			})
 			Expect(err).NotTo(HaveOccurred())
 
+			// Use mock kernel reader
+			mockKernelReader := &kernel.InterfaceMock{
+				ReadParametersFunc: func() (*kernel.Parameters, error) {
+					return &kernel.Parameters{
+						CommandLine: "quiet splash console=ttyS0 intel_iommu=on",
+					}, nil
+				},
+			}
+
 			controllerReconciler := &HypervisorReconciler{
 				Client: k8sClient,
 				Scheme: k8sClient.Scheme(),
@@ -156,13 +166,21 @@ var _ = Describe("Hypervisor Controller", func() {
 						}, nil
 					},
 				},
+				KernelReader: mockKernelReader,
 			}
 
 			err = controllerReconciler.SetupWithManager(mgr)
 			Expect(err).NotTo(HaveOccurred())
 			Expect(controllerReconciler.reconcileCh).NotTo(BeNil())
 			Expect(controllerReconciler.osDescriptor).NotTo(BeNil())
 			Expect(controllerReconciler.osDescriptor.OperatingSystemReleaseData).To(HaveLen(2))
+
+			// Verify that kernel reader was called and parameters were stored
+			Expect(mockKernelReader.ReadParametersCalls()).To(HaveLen(1))
+			Expect(controllerReconciler.kernelParameters).NotTo(BeNil())
+			Expect(
+				controllerReconciler.kernelParameters.CommandLine,
+			).To(Equal("quiet splash console=ttyS0 intel_iommu=on"))
 		})
 
 		It("should fail when systemd Describe returns error", func() {
@@ -172,9 +190,16 @@ var _ = Describe("Hypervisor Controller", func() {
 			})
 			Expect(err).NotTo(HaveOccurred())
 
+			mockKernelReader := &kernel.InterfaceMock{
+				ReadParametersFunc: func() (*kernel.Parameters, error) {
+					return &kernel.Parameters{CommandLine: "quiet splash"}, nil
+				},
+			}
+
 			controllerReconciler := &HypervisorReconciler{
-				Client: k8sClient,
-				Scheme: k8sClient.Scheme(),
+				Client:       k8sClient,
+				Scheme:       k8sClient.Scheme(),
+				KernelReader: mockKernelReader,
 				Systemd: &systemd.InterfaceMock{
 					DescribeFunc: func(ctx context.Context) (*systemd.Descriptor, error) {
 						return nil, errors.New("systemd describe failed")
@@ -187,6 +212,39 @@ var _ = Describe("Hypervisor Controller", func() {
 			Expect(err.Error()).To(ContainSubstring("unable to get Systemd hostname describe()"))
 			Expect(err.Error()).To(ContainSubstring("systemd describe failed"))
 		})
+
+		It("should fail when kernel parameters cannot be read", func() {
+			// Create a test manager
+			mgr, err := ctrl.NewManager(cfg, ctrl.Options{
+				Scheme: k8sClient.Scheme(),
+			})
+			Expect(err).NotTo(HaveOccurred())
+
+			mockKernelReader := &kernel.InterfaceMock{
+				ReadParametersFunc: func() (*kernel.Parameters, error) {
+					return nil, errors.New("failed to read /proc/cmdline")
+				},
+			}
+
+			controllerReconciler := &HypervisorReconciler{
+				Client:       k8sClient,
+				Scheme:       k8sClient.Scheme(),
+				KernelReader: mockKernelReader,
+				Systemd: &systemd.InterfaceMock{
+					DescribeFunc: func(ctx context.Context) (*systemd.Descriptor, error) {
+						return &systemd.Descriptor{
+							KernelVersion: "6.1.0",
+						}, nil
+					},
+				},
+			}
+
+			err = controllerReconciler.SetupWithManager(mgr)
+			Expect(err).To(HaveOccurred())
+			Expect(err.Error()).To(ContainSubstring("unable to read kernel parameters"))
+			Expect(err.Error()).To(ContainSubstring("failed to read /proc/cmdline"))
+			Expect(mockKernelReader.ReadParametersCalls()).To(HaveLen(1))
+		})
 	})
 
 	Context("When reconciling a resource", func() {
@@ -227,8 +285,9 @@ var _ = Describe("Hypervisor Controller", func() {
 			By("Cleanup the specific resource instance Hypervisor")
 			Expect(k8sClient.Delete(ctx, resource)).To(Succeed())
 		})
-		It("should successfully reconcile the resource", func() {
+		It("should successfully reconcile the resource with kernel parameters", func() {
 			By("Reconciling the created resource")
+
 			controllerReconciler := &HypervisorReconciler{
 				Client: k8sClient,
 				Scheme: k8sClient.Scheme(),
@@ -289,6 +348,9 @@ var _ = Describe("Hypervisor Controller", func() {
 						"VARIANT_ID=metal-sci_usi-amd64",
 					},
 				},
+				kernelParameters: &kernel.Parameters{
+					CommandLine: "quiet splash console=ttyS0 intel_iommu=on",
+				},
 			}
 
 			_, err := controllerReconciler.Reconcile(ctx, reconcile.Request{
@@ -321,6 +383,9 @@ var _ = Describe("Hypervisor Controller", func() {
 			Expect(hypervisor.Status.OperatingSystem.GardenLinuxCommitID).To(Equal("abcdef1234567890"))
 			Expect(hypervisor.Status.OperatingSystem.GardenLinuxFeatures).To(Equal([]string{"_rescue", "log", "sap"}))
 			Expect(hypervisor.Status.OperatingSystem.VariantID).To(Equal("metal-sci_usi-amd64"))
+			Expect(
+				hypervisor.Status.OperatingSystem.KernelCommandLine,
+			).To(Equal("quiet splash console=ttyS0 intel_iommu=on"))
 		})
 	})
 })
diff --git a/internal/kernel/interface_mock.go b/internal/kernel/interface_mock.go
diff --git a/internal/kernel/parameters.go b/internal/kernel/parameters.go
@@ -0,0 +1,72 @@
+/*
+SPDX-FileCopyrightText: Copyright 2024 SAP SE or an SAP affiliate company and cobaltcore-dev contributors
+SPDX-License-Identifier: Apache-2.0
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package kernel provides functions to read kernel parameters from the system.
+package kernel
+
+import (
+	"os"
+	"strings"
+)
+
+// DefaultCmdlinePath is the default path to the kernel command line.
+const DefaultCmdlinePath = "/proc/cmdline"
+
+// Parameters holds kernel boot parameters.
+type Parameters struct {
+	// CommandLine contains the raw kernel boot parameters from /proc/cmdline.
+	CommandLine string
+}
+
+// Interface provides an interface for reading kernel parameters.
+type Interface interface {
+	// ReadParameters reads and returns kernel parameters from the system.
+	ReadParameters() (*Parameters, error)
+}
+
+// SystemReader reads kernel parameters from the actual system files.
+type SystemReader struct {
+	cmdlinePath string
+}
+
+// NewSystemReader creates a new SystemReader with the default cmdline path.
+func NewSystemReader() *SystemReader {
+	return &SystemReader{
+		cmdlinePath: DefaultCmdlinePath,
+	}
+}
+
+// NewSystemReaderWithPath creates a new SystemReader with a custom cmdline path.
+// This is useful for testing.
+func NewSystemReaderWithPath(cmdlinePath string) *SystemReader {
+	return &SystemReader{
+		cmdlinePath: cmdlinePath,
+	}
+}
+
+// ReadParameters reads kernel parameters from /proc/cmdline and returns them
+// as a Parameters struct with the raw command line content.
+func (r *SystemReader) ReadParameters() (*Parameters, error) {
+	data, err := os.ReadFile(r.cmdlinePath)
+	if err != nil {
+		return nil, err
+	}
+
+	cmdline := strings.TrimSpace(string(data))
+
+	return &Parameters{CommandLine: cmdline}, nil
+}
diff --git a/internal/kernel/parameters_test.go b/internal/kernel/parameters_test.go
