From f5b566fabbc07464d3b3a9b506b890ce15b82e9a Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Wed, 7 Jul 2021 09:31:59 +0300
Subject: [PATCH] Limit Borg CPU usage on single vCPU servers to 50%

This is meant to address the daily HostHighCpuLoad alert triggered on
lists.archlinux.org, which due to the large number of files it has to
process (around 1.5 million). Machines with more than one virtual CPU
don't need this as Borg is currently single-threaded and thus limited
to one core.
---
 roles/borg_client/tasks/main.yml                       | 10 ++++++----
 roles/borg_client/templates/borg-backup-cpu-quota.j2   |  4 ++++
 .../borg-backup-offsite.service.j2}                    |  1 +
 .../borg-backup.service.j2}                            |  1 +
 4 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 roles/borg_client/templates/borg-backup-cpu-quota.j2
 rename roles/borg_client/{files/borg-backup-offsite.service => templates/borg-backup-offsite.service.j2} (78%)
 rename roles/borg_client/{files/borg-backup.service => templates/borg-backup.service.j2} (82%)

diff --git a/roles/borg_client/tasks/main.yml b/roles/borg_client/tasks/main.yml
index 6580c8c51..f356207d6 100644
--- a/roles/borg_client/tasks/main.yml
+++ b/roles/borg_client/tasks/main.yml
@@ -57,12 +57,14 @@
   template: src=backup-gitlab.sh.j2 dest=/usr/local/bin/backup-gitlab.sh owner=root group=root mode=0755
   when: inventory_hostname == "gitlab.archlinux.org"
 
-- name: install systemd timer and service for backup
-  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
+- name: install systemd services for backup
+  template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
   with_items:
-    - borg-backup.timer
     - borg-backup.service
     - borg-backup-offsite.service
 
-- name: activate systemd timers for backup
+- name: install systemd timer for backup
+  copy: src=borg-backup.timer dest=/etc/systemd/system/borg-backup.timer owner=root group=root mode=0644
+
+- name: activate systemd timer for backup
   systemd: name=borg-backup.timer enabled=yes state=started daemon-reload=yes
diff --git a/roles/borg_client/templates/borg-backup-cpu-quota.j2 b/roles/borg_client/templates/borg-backup-cpu-quota.j2
new file mode 100644
index 000000000..5d264b345
--- /dev/null
+++ b/roles/borg_client/templates/borg-backup-cpu-quota.j2
@@ -0,0 +1,4 @@
+{% if ansible_processor_vcpus == 1 %}
+{# Limit CPU usage to avoid triggering a HostHighCpuLoad alert #}
+CPUQuota=50%
+{% endif %}
diff --git a/roles/borg_client/files/borg-backup-offsite.service b/roles/borg_client/templates/borg-backup-offsite.service.j2
similarity index 78%
rename from roles/borg_client/files/borg-backup-offsite.service
rename to roles/borg_client/templates/borg-backup-offsite.service.j2
index 35a876231..cd4f59006 100644
--- a/roles/borg_client/files/borg-backup-offsite.service
+++ b/roles/borg_client/templates/borg-backup-offsite.service.j2
@@ -5,4 +5,5 @@ Description=Borg backup (offsite)
 Type=oneshot
 Restart=on-failure
 RestartSec=5m
+{% include 'borg-backup-cpu-quota.j2' %}
 ExecStart=/usr/local/bin/borg-backup-offsite.sh
diff --git a/roles/borg_client/files/borg-backup.service b/roles/borg_client/templates/borg-backup.service.j2
similarity index 82%
rename from roles/borg_client/files/borg-backup.service
rename to roles/borg_client/templates/borg-backup.service.j2
index fe49eec72..001eaaa45 100644
--- a/roles/borg_client/files/borg-backup.service
+++ b/roles/borg_client/templates/borg-backup.service.j2
@@ -7,4 +7,5 @@ Before=borg-backup-offsite.service
 Type=oneshot
 Restart=on-failure
 RestartSec=5m
+{% include 'borg-backup-cpu-quota.j2' %}
 ExecStart=/usr/local/bin/borg-backup.sh
-- 
GitLab