Document how to set up Kata with [project Atomic](https://www.projectatomic.io/)

[grahamwhaley]

Project Atomic lives on top of Docker, and thus should be able to work with Kata.
There may be some interesting 'wrinkles', as Atomic aiui is heavy on security and SELinux, but it has been show that it can be configured to work in a basic mode at least to some extent.
Let's document that, and then see where we can head with it next.

[xzr]

Steps for basic setup (Done on the Atomic Vagrant Libvirt image from the Atomic site):

Add the Kata repository

Paste the following to /etc/yum.repos.d/kata.repo (NOTE: gpg disabled for now)

[home_katacontainers_release]
name=Kata Containers official packages (CentOS_7)
type=rpm-md
baseurl=http://download.opensuse.org/repositories/home:/katacontainers:/release/CentOS_7/
gpgcheck=0
gpgkey=http://download.opensuse.org/repositories/home:/katacontainers:/release/CentOS_7/repodata/repomd.xml.key
enabled=1

Refresh metadata and install packages

sudo rpm-ostree refresh-md
sudo rpm-ostree pkg-add kata-runtime kata-proxy kata-shim

Reboot

sudo systemctl reboot

Modify Docker startup configurations

Enable hotfix mode:

sudo ostree admin unlock --hotfix

Disable SELinux by removing --selinux-enable from /etc/sysconfig/docker

Modify /usr/lib/systemd/system/docker.service:
Add line "--add-runtime docker-kata=/usr/bin/kata-runtime " after the other --add-runtime line.
Modify --default-runtime to docker-kata (replace docker-runc)

Reboot

sudo systemctl reboot

Test

[vagrant@localhost ~]$ sudo docker run --rm centos uname -a
Linux bc5442743148 4.14.51-134.1.container #1 SMP Wed Aug 15 16:20:50 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[vagrant@localhost ~]$ uname -a
Linux localhost.localdomain 3.10.0-862.3.2.el7.x86_64 #1 SMP Mon May 21 23:36:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

[xzr]

This was done on the default docker installation that comes along with Atomic (1.13.1).

I'll update once I manage to install latest Docker CE on it.

[jodh-intel]

Thanks for looking at this @xzr! Out of interest, what happens if you don't disable SELinux?

[xzr]

[vagrant@localhost ~]$ sudo docker run --rm centos uname -a
rpc error: code = Unknown desc = selinux label is specified in config, but selinux is disabled or not supported
/usr/bin/docker-current: Error response from daemon: oci runtime error: rpc error: code = Unknown desc = selinux label is specified in config, but selinux is disabled or not supported.

Planning on creating an issue for it once I grasp the whole setup a little better.

The behavior is the same on 1.13.1 and latest Docker CE

[jodh-intel]

Thanks @xzr - it would be great to get more details. If you enable full debug and then paste the output of sudo kata-collect-data.sh into a github issue, that will give us a lot more information.

The error you are seeing though is from:

• https://github.com/opencontainers/runc/blob/master/libcontainer/configs/validate/validator.go#L100

This checks to see if SELinux is enabled on the "host" (which for Kata is actually the VM guest). However, since none of the osbuilder images or guest kernels enable SELinux, the error you get makes sense.

It would be interesting if someone built a guest kernel with SELinux support and tried this out with Kata.

[xzr]

Hey, that does make sense, thanks!

I'll see if I can rebuild the kernel and test it out.

[jodh-intel]

Nice!

[xzr]

For future reference (I see the --security-opt option thing)

Output of kata-collect-data.sh:

Meta details

Running kata-collect-data.sh version 1.2.0 (commit 0bcb32f) at 2018-09-13.11:50:09.022449144+0000.

---

Runtime is /bin/kata-runtime.

kata-env

Output of "/bin/kata-runtime kata-env":

[Meta]
  Version = "1.0.13"

[Runtime]
  Debug = false
  [Runtime.Version]
    Semver = "1.2.0"
    Commit = "0bcb32f"
    OCI = "1.0.1"
  [Runtime.Config]
    Path = "/usr/share/defaults/kata-containers/configuration.toml"

[Hypervisor]
  MachineType = "pc"
  Version = "QEMU emulator version 2.11.0\nCopyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers"
  Path = "/usr/bin/qemu-lite-system-x86_64"
  BlockDeviceDriver = "virtio-scsi"
  Msize9p = 8192
  Debug = false
  UseVSock = false

[Image]
  Path = "/usr/share/kata-containers/kata-container-selinux.img"

[Kernel]
  Path = "/usr/share/kata-containers/bzImage"
  Parameters = "agent.log=debug initcall_debug"

[Initrd]
  Path = ""

[Proxy]
  Type = "kataProxy"
  Version = "kata-proxy version 1.2.0-1796218"
  Path = "/usr/libexec/kata-containers/kata-proxy"
  Debug = true

[Shim]
  Type = "kataShim"
  Version = "kata-shim version 1.2.0-0a37760"
  Path = "/usr/libexec/kata-containers/kata-shim"
  Debug = true

[Agent]
  Type = "kata"

[Host]
  Kernel = "3.10.0-862.11.6.el7.x86_64"
  Architecture = "amd64"
  VMContainerCapable = true
  [Host.Distro]
    Name = "CentOS Linux"
    Version = "7"
  [Host.CPU]
    Vendor = "GenuineIntel"
    Model = "Intel Core Processor (Skylake, IBRS)"

---

Runtime config files

Runtime default config files

/etc/kata-containers/configuration.toml
/usr/share/defaults/kata-containers/configuration.toml

Runtime config file contents

Config file /etc/kata-containers/configuration.toml not found
Output of "cat "/usr/share/defaults/kata-containers/configuration.toml"":

# Copyright (c) 2017-2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#

# XXX: WARNING: this file is auto-generated.
# XXX:
# XXX: Source file: "cli/config/configuration.toml.in"
# XXX: Project:
# XXX:   Name: Kata Containers
# XXX:   Type: kata

[hypervisor.qemu]
path = "/usr/bin/qemu-lite-system-x86_64"
kernel = "/usr/share/kata-containers/vmlinuz.container"
image = "/usr/share/kata-containers/kata-containers.img"
machine_type = "pc"

# Optional space-separated list of options to pass to the guest kernel.
# For example, use `kernel_params = "vsyscall=emulate"` if you are having
# trouble running pre-2.15 glibc.
#
# WARNING: - any parameter specified here will take priority over the default
# parameter value of the same name used to start the virtual machine.
# Do not set values here unless you understand the impact of doing so as you
# may stop the virtual machine from booting.
# To see the list of default parameters, enable hypervisor debug, create a
# container and look for 'default-kernel-parameters' log entries.
kernel_params = " agent.log=debug initcall_debug"

# Path to the firmware.
# If you want that qemu uses the default firmware leave this option empty
firmware = ""

# Machine accelerators
# comma-separated list of machine accelerators to pass to the hypervisor.
# For example, `machine_accelerators = "nosmm,nosmbus,nosata,nopit,static-prt,nofw"`
machine_accelerators=""

# Default number of vCPUs per SB/VM:
# unspecified or 0                --> will be set to 1
# < 0                             --> will be set to the actual number of physical cores
# > 0 <= number of physical cores --> will be set to the specified number
# > number of physical cores      --> will be set to the actual number of physical cores
default_vcpus = 1

# Default maximum number of vCPUs per SB/VM:
# unspecified or == 0             --> will be set to the actual number of physical cores or to the maximum number
#                                     of vCPUs supported by KVM if that number is exceeded
# > 0 <= number of physical cores --> will be set to the specified number
# > number of physical cores      --> will be set to the actual number of physical cores or to the maximum number
#                                     of vCPUs supported by KVM if that number is exceeded
# WARNING: Depending of the architecture, the maximum number of vCPUs supported by KVM is used when
# the actual number of physical cores is greater than it.
# WARNING: Be aware that this value impacts the virtual machine's memory footprint and CPU
# the hotplug functionality. For example, `default_maxvcpus = 240` specifies that until 240 vCPUs
# can be added to a SB/VM, but the memory footprint will be big. Another example, with
# `default_maxvcpus = 8` the memory footprint will be small, but 8 will be the maximum number of
# vCPUs supported by the SB/VM. In general, we recommend that you do not edit this variable,
# unless you know what are you doing.
default_maxvcpus = 0

# Bridges can be used to hot plug devices.
# Limitations:
# * Currently only pci bridges are supported
# * Until 30 devices per bridge can be hot plugged.
# * Until 5 PCI bridges can be cold plugged per VM.
#   This limitation could be a bug in qemu or in the kernel
# Default number of bridges per SB/VM:
# unspecified or 0   --> will be set to 1
# > 1 <= 5           --> will be set to the specified number
# > 5                --> will be set to 5
default_bridges = 1

# Default memory size in MiB for SB/VM.
# If unspecified then it will be set 2048 MiB.
#default_memory = 2048

# Disable block device from being used for a container's rootfs.
# In case of a storage driver like devicemapper where a container's 
# root file system is backed by a block device, the block device is passed
# directly to the hypervisor for performance reasons. 
# This flag prevents the block device from being passed to the hypervisor, 
# 9pfs is used instead to pass the rootfs.
disable_block_device_use = false

# Block storage driver to be used for the hypervisor in case the container
# rootfs is backed by a block device. This is either virtio-scsi or 
# virtio-blk.
block_device_driver = "virtio-scsi"

# Enable iothreads (data-plane) to be used. This causes IO to be
# handled in a separate IO thread. This is currently only implemented
# for SCSI.
#
enable_iothreads = false

# Enable pre allocation of VM RAM, default false
# Enabling this will result in lower container density
# as all of the memory will be allocated and locked
# This is useful when you want to reserve all the memory
# upfront or in the cases where you want memory latencies
# to be very predictable
# Default false
#enable_mem_prealloc = true

# Enable huge pages for VM RAM, default false
# Enabling this will result in the VM memory
# being allocated using huge pages.
# This is useful when you want to use vhost-user network
# stacks within the container. This will automatically 
# result in memory pre allocation
#enable_hugepages = true

# Enable swap of vm memory. Default false.
# The behaviour is undefined if mem_prealloc is also set to true
#enable_swap = true

# This option changes the default hypervisor and kernel parameters
# to enable debug output where available. This extra output is added
# to the proxy logs, but only when proxy debug is also enabled.
# 
# Default false
enable_debug = true

# Disable the customizations done in the runtime when it detects
# that it is running on top a VMM. This will result in the runtime
# behaving as it would when running on bare metal.
# 
#disable_nesting_checks = true

# This is the msize used for 9p shares. It is the number of bytes 
# used for 9p packet payload.
#msize_9p = 8192

# If true and vsocks are supported, use vsocks to communicate directly
# with the agent and no proxy is started, otherwise use unix
# sockets and start a proxy to communicate with the agent.
# Default false
#use_vsock = true

[factory]
# VM templating support. Once enabled, new VMs are created from template
# using vm cloning. They will share the same initial kernel, initramfs and
# agent memory by mapping it readonly. It helps speeding up new container
# creation and saves a lot of memory if there are many kata containers running
# on the same host.
#
# When disabled, new VMs are created from scratch.
#
# Default false
#enable_template = true

[proxy.kata]
path = "/usr/libexec/kata-containers/kata-proxy"

# If enabled, proxy messages will be sent to the system log
# (default: disabled)
enable_debug = true

[shim.kata]
path = "/usr/libexec/kata-containers/kata-shim"

# If enabled, shim messages will be sent to the system log
# (default: disabled)
enable_debug = true

[agent.kata]
# There is no field for this section. The goal is only to be able to
# specify which type of agent the user wants to use.

[runtime]
# If enabled, the runtime will log additional debug messages to the
# system log
# (default: disabled)
enable_debug = true
#
# Internetworking model
# Determines how the VM should be connected to the
# the container network interface
# Options:
#
#   - bridged
#     Uses a linux bridge to interconnect the container interface toRateLimitInterval=0s
RateLimitBurst=0
#     the VM. Works for most cases except macvlan and ipvlan.
#
#   - macvtap
#     Used when the Container network interface can be bridged using
#     macvtap.
internetworking_model="macvtap"

---

Image details

---
osbuilder:
  url: "https://github.com/kata-containers/osbuilder"
  version: "unknown"
rootfs-creation-time: "2018-09-10T13:29:39.684304838+0000Z"
description: "osbuilder rootfs"
file-format-version: "0.0.2"
architecture: "x86_64"
base-distro:
  name: "Centos"
  version: "7"
  packages:
    default:
      - "iptables"
      - "systemd"
    extra:
      - "policycoreutils"
      - "selinux-policy"
agent:
  url: "https://github.com/kata-containers/agent"
  name: "kata-agent"
  version: "1.2.0-1818587b62906fa7b2943f471c694f8e88992dd6"
  agent-is-init-daemon: "no"

---

Initrd details

No initrd

---

Logfiles

Runtime logs

Recent runtime problems found in system journal:

time="2018-09-11T10:18:28.432521212Z" level=error msg="Container not ready, running or paused, impossible to signal the container" arch=amd64 command=kill container=f2f9b4053aaa245ac7515b5d2c418b5ce3064cad8f282518a6e5fa5d86d43214 name=kata-runtime pid=5055 sandbox=f2f9b4053aaa245ac7515b5d2c418b5ce3064cad8f282518a6e5fa5d86d43214 source=runtime
time="2018-09-11T10:18:28.504523835Z" level=error msg="Container ID (f2f9b4053aaa245ac7515b5d2c418b5ce3064cad8f282518a6e5fa5d86d43214) does not exist" arch=amd64 command=delete container=f2f9b4053aaa245ac7515b5d2c418b5ce3064cad8f282518a6e5fa5d86d43214 name=kata-runtime pid=5083 source=runtime
time="2018-09-11T10:35:50.895690671Z" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c error="open /run/vc/sbs/0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c/devices.json: no such file or directory" name=kata-runtime pid=6796 sandbox=0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c sandboxid=0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c source=virtcontainers subsystem=sandbox
time="2018-09-11T10:35:53.384597954Z" level=warning msg="unsupported address" address="fe80::42:acff:fe11:2/64" arch=amd64 command=create container=0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c name=kata-runtime pid=6796 source=virtcontainers subsystem=kata_agent unsupported-address-type=ipv6
time="2018-09-11T10:35:53.384708784Z" level=warning msg="unsupported route" arch=amd64 command=create container=0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c destination="fe80::/64" name=kata-runtime pid=6796 source=virtcontainers subsystem=kata_agent unsupported-route-type=ipv6
time="2018-09-11T10:35:53.530785331Z" level=error msg="rpc error: code = Unknown desc = selinux label is specified in config, but selinux is disabled or not supported" arch=amd64 command=create container=0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c name=kata-runtime pid=6796 source=runtime
time="2018-09-11T10:35:53.655207733Z" level=error msg="Container ID (0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c) does not exist" arch=amd64 command=delete container=0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c name=kata-runtime pid=6873 source=runtime
time="2018-09-11T10:35:53.689903933Z" level=error msg="Container ID (0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c) does not exist" arch=amd64 command=delete container=0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c name=kata-runtime pid=6881 source=runtime
time="2018-09-11T11:05:14.208580261Z" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128 error="open /run/vc/sbs/13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128/devices.json: no such file or directory" name=kata-runtime pid=7042 sandbox=13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128 sandboxid=13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128 source=virtcontainers subsystem=sandbox
time="2018-09-11T11:05:16.059029591Z" level=warning msg="unsupported address" address="fe80::42:acff:fe11:2/64" arch=amd64 command=create container=13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128 name=kata-runtime pid=7042 source=virtcontainers subsystem=kata_agent unsupported-address-type=ipv6
time="2018-09-11T11:05:16.05913292Z" level=warning msg="unsupported route" arch=amd64 command=create container=13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128 destination="fe80::/64" name=kata-runtime pid=7042 source=virtcontainers subsystem=kata_agent unsupported-route-type=ipv6
time="2018-09-11T11:05:16.198780416Z" level=error msg="rpc error: code = Unknown desc = selinux label is specified in config, but selinux is disabled or not supported" arch=amd64 command=create container=13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128 name=kata-runtime pid=7042 source=runtime
time="2018-09-11T11:05:16.321750072Z" level=error msg="Container ID (13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128) does not exist" arch=amd64 command=delete container=13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128 name=kata-runtime pid=7111 source=runtime
time="2018-09-11T11:05:16.357522818Z" level=error msg="Container ID (13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128) does not exist" arch=amd64 command=delete container=13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128 name=kata-runtime pid=7119 source=runtime
time="2018-09-11T11:06:48.119387951Z" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a error="open /run/vc/sbs/d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a/devices.json: no such file or directory" name=kata-runtime pid=7374 sandbox=d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a sandboxid=d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a source=virtcontainers subsystem=sandbox
time="2018-09-11T11:06:49.822206672Z" level=warning msg="unsupported address" address="fe80::42:acff:fe11:2/64" arch=amd64 command=create container=d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a name=kata-runtime pid=7374 source=virtcontainers subsystem=kata_agent unsupported-address-type=ipv6
time="2018-09-11T11:06:49.822342344Z" level=warning msg="unsupported route" arch=amd64 command=create container=d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a destination="fe80::/64" name=kata-runtime pid=7374 source=virtcontainers subsystem=kata_agent unsupported-route-type=ipv6
time="2018-09-11T11:06:50.173383436Z" level=error msg="Container not ready, running or paused, impossible to signal the container" arch=amd64 command=kill container=d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a name=kata-runtime pid=7444 sandbox=d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a source=runtime
time="2018-09-11T11:06:50.23861399Z" level=error msg="Container ID (d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a) does not exist" arch=amd64 command=delete container=d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a name=kata-runtime pid=7471 source=runtime
time="2018-09-11T11:07:31.343571468Z" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a error="open /run/vc/sbs/9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a/devices.json: no such file or directory" name=kata-runtime pid=7569 sandbox=9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a sandboxid=9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a source=virtcontainers subsystem=sandbox
time="2018-09-11T11:07:33.094799474Z" level=warning msg="unsupported address" address="fe80::42:acff:fe11:2/64" arch=amd64 command=create container=9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a name=kata-runtime pid=7569 source=virtcontainers subsystem=kata_agent unsupported-address-type=ipv6
time="2018-09-11T11:07:33.094893583Z" level=warning msg="unsupported route" arch=amd64 command=create container=9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a destination="fe80::/64" name=kata-runtime pid=7569 source=virtcontainers subsystem=kata_agent unsupported-route-type=ipv6
time="2018-09-11T11:07:33.51411319Z" level=error msg="Container not ready, running or paused, impossible to signal the container" arch=amd64 command=kill container=9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a name=kata-runtime pid=7655 sandbox=9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a source=runtime
time="2018-09-11T11:07:33.585297807Z" level=error msg="Container ID (9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a) does not exist" arch=amd64 command=delete container=9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a name=kata-runtime pid=7680 source=runtime
time="2018-09-13T11:26:18.107905061Z" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67 error="open /run/vc/sbs/add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67/devices.json: no such file or directory" name=kata-runtime pid=2610 sandbox=add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67 sandboxid=add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67 source=virtcontainers subsystem=sandbox
time="2018-09-13T11:26:20.675865486Z" level=warning msg="unsupported address" address="fe80::42:acff:fe11:2/64" arch=amd64 command=create container=add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67 name=kata-runtime pid=2610 source=virtcontainers subsystem=kata_agent unsupported-address-type=ipv6
time="2018-09-13T11:26:20.67596544Z" level=warning msg="unsupported route" arch=amd64 command=create container=add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67 destination="fe80::/64" name=kata-runtime pid=2610 source=virtcontainers subsystem=kata_agent unsupported-route-type=ipv6
time="2018-09-13T11:26:20.785662928Z" level=error msg="rpc error: code = Unknown desc = selinux label is specified in config, but selinux is disabled or not supported" arch=amd64 command=create container=add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67 name=kata-runtime pid=2610 source=runtime
time="2018-09-13T11:26:20.896950489Z" level=error msg="Container ID (add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67) does not exist" arch=amd64 command=delete container=add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67 name=kata-runtime pid=2685 source=runtime
time="2018-09-13T11:26:20.936040749Z" level=error msg="Container ID (add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67) does not exist" arch=amd64 command=delete container=add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67 name=kata-runtime pid=2693 source=runtime
time="2018-09-13T11:26:40.672332667Z" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d error="open /run/vc/sbs/d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d/devices.json: no such file or directory" name=kata-runtime pid=2757 sandbox=d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d sandboxid=d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d source=virtcontainers subsystem=sandbox
time="2018-09-13T11:26:42.359155358Z" level=warning msg="unsupported address" address="fe80::42:acff:fe11:2/64" arch=amd64 command=create container=d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d name=kata-runtime pid=2757 source=virtcontainers subsystem=kata_agent unsupported-address-type=ipv6
time="2018-09-13T11:26:42.359253946Z" level=warning msg="unsupported route" arch=amd64 command=create container=d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d destination="fe80::/64" name=kata-runtime pid=2757 source=virtcontainers subsystem=kata_agent unsupported-route-type=ipv6
time="2018-09-13T11:26:42.475576994Z" level=error msg="rpc error: code = Unknown desc = selinux label is specified in config, but selinux is disabled or not supported" arch=amd64 command=create container=d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d name=kata-runtime pid=2757 source=runtime
time="2018-09-13T11:26:42.584915942Z" level=error msg="Container ID (d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d) does not exist" arch=amd64 command=delete container=d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d name=kata-runtime pid=2829 source=runtime
time="2018-09-13T11:26:42.626280576Z" level=error msg="Container ID (d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d) does not exist" arch=amd64 command=delete container=d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d name=kata-runtime pid=2837 source=runtime
time="2018-09-13T11:32:06.075399804Z" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13 error="open /run/vc/sbs/3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13/devices.json: no such file or directory" name=kata-runtime pid=2973 sandbox=3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13 sandboxid=3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13 source=virtcontainers subsystem=sandbox
time="2018-09-13T11:32:07.973636021Z" level=warning msg="unsupported address" address="fe80::42:acff:fe11:2/64" arch=amd64 command=create container=3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13 name=kata-runtime pid=2973 source=virtcontainers subsystem=kata_agent unsupported-address-type=ipv6
time="2018-09-13T11:32:07.973740435Z" level=warning msg="unsupported route" arch=amd64 command=create container=3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13 destination="fe80::/64" name=kata-runtime pid=2973 source=virtcontainers subsystem=kata_agent unsupported-route-type=ipv6
time="2018-09-13T11:32:08.105638938Z" level=error msg="rpc error: code = Unknown desc = selinux label is specified in config, but selinux is disabled or not supported" arch=amd64 command=create container=3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13 name=kata-runtime pid=2973 source=runtime
time="2018-09-13T11:32:08.204667234Z" level=error msg="Container ID (3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13) does not exist" arch=amd64 command=delete container=3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13 name=kata-runtime pid=3042 source=runtime
time="2018-09-13T11:32:08.241330862Z" level=error msg="Container ID (3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13) does not exist" arch=amd64 command=delete container=3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13 name=kata-runtime pid=3050 source=runtime
time="2018-09-13T11:37:24.628737453Z" level=debug msg="Could not retrieve anything from storage" arch=amd64 command=create container=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f name=kata-runtime pid=3194 source=virtcontainers subsystem=kata_agent
time="2018-09-13T11:37:24.628792032Z" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f error="open /run/vc/sbs/44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f/devices.json: no such file or directory" name=kata-runtime pid=3194 sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f sandboxid=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=virtcontainers subsystem=sandbox
time="2018-09-13T11:37:24.710605703Z" level=debug arch=amd64 command=create container=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f default-kernel-parameters="tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k console=hvc0 console=hvc1 iommu=off cryptomgr.notests net.ifnames=0 pci=lastbus=0 root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 debug systemd.show_status=true systemd.log_level=debug" name=kata-runtime pid=3194 source=virtcontainers subsystem=qemu
time="2018-09-13T11:37:28.63297596Z" level=warning msg="unsupported address" address="fe80::42:acff:fe11:2/64" arch=amd64 command=create container=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f name=kata-runtime pid=3194 source=virtcontainers subsystem=kata_agent unsupported-address-type=ipv6
time="2018-09-13T11:37:28.6330773Z" level=warning msg="unsupported route" arch=amd64 command=create container=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f destination="fe80::/64" name=kata-runtime pid=3194 source=virtcontainers subsystem=kata_agent unsupported-route-type=ipv6
time="2018-09-13T11:37:28.970620557Z" level=error msg="rpc error: code = Unknown desc = selinux label is specified in config, but selinux is disabled or not supported" arch=amd64 command=create container=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f name=kata-runtime pid=3194 source=runtime
time="2018-09-13T11:37:29.104767083Z" level=error msg="Container ID (44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f) does not exist" arch=amd64 command=delete container=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f name=kata-runtime pid=3267 source=runtime
time="2018-09-13T11:37:29.134699447Z" level=error msg="Container ID (44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f) does not exist" arch=amd64 command=delete container=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f name=kata-runtime pid=3275 source=runtime

Proxy logs

Recent proxy problems found in system journal:

time="2018-09-04T15:39:09.574727275Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/d9511d360cc835329117efa92a1e1c52595e9feddb09e274450ca7af58a48615/kata.sock: use of closed network connection" name=kata-proxy pid=6530 sandbox=d9511d360cc835329117efa92a1e1c52595e9feddb09e274450ca7af58a48615 source=proxy
time="2018-09-04T15:39:43.316549791Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/109781e26e322a46d509c0454b543866e61e6914b626542ab1293dc9bf80e974/kata.sock: use of closed network connection" name=kata-proxy pid=6713 sandbox=109781e26e322a46d509c0454b543866e61e6914b626542ab1293dc9bf80e974 source=proxy
time="2018-09-04T15:50:15.332600197Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/fb65be77fd76b81a69c129dc0854ac53bfc18aa238b45d24229b72e6dc98960b/proxy.sock: use of closed network connection" name=kata-proxy pid=2110 sandbox=fb65be77fd76b81a69c129dc0854ac53bfc18aa238b45d24229b72e6dc98960b source=proxy
time="2018-09-06T09:27:05.887523352Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/e24a782de29cee70ed15ec09cb800a40d3b828f61a1ed41fb7675f3a1558f272/proxy.sock: use of closed network connection" name=kata-proxy pid=2197 sandbox=e24a782de29cee70ed15ec09cb800a40d3b828f61a1ed41fb7675f3a1558f272 source=proxy
time="2018-09-06T10:10:01.897119358Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/b35220d9ee9cfa68408f0ae6608a037b4391abf46039e5605c1895a08cb5a547/kata.sock: use of closed network connection" name=kata-proxy pid=2494 sandbox=b35220d9ee9cfa68408f0ae6608a037b4391abf46039e5605c1895a08cb5a547 source=proxy
time="2018-09-06T10:12:36.657824104Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/f17022d4fbf9a73f05ed8d97f68cfc589b7d512073e0d51fad2cca75fe285709/kata.sock: use of closed network connection" name=kata-proxy pid=2685 sandbox=f17022d4fbf9a73f05ed8d97f68cfc589b7d512073e0d51fad2cca75fe285709 source=proxy
time="2018-09-06T10:13:14.660481004Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/b1e88e1390afe240f2610f9ad643c20d76d1d44ca39e5858d9c8e5c82b63bd40/proxy.sock: use of closed network connection" name=kata-proxy pid=2871 sandbox=b1e88e1390afe240f2610f9ad643c20d76d1d44ca39e5858d9c8e5c82b63bd40 source=proxy
time="2018-09-06T10:14:15.410995826Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/8229914b990d5206374ca82fed1be054d1084124c6e5dc22d51dff6749497574/proxy.sock: use of closed network connection" name=kata-proxy pid=3057 sandbox=8229914b990d5206374ca82fed1be054d1084124c6e5dc22d51dff6749497574 source=proxy
time="2018-09-06T10:15:11.14116634Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/df2dc40337084c473c2236404b592b761f4b08545d1a1605c76f7b6f97134032/kata.sock: use of closed network connection" name=kata-proxy pid=3240 sandbox=df2dc40337084c473c2236404b592b761f4b08545d1a1605c76f7b6f97134032 source=proxy
time="2018-09-06T10:15:51.562527265Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/ef7ed276513d252fd8bf9f7e0a291d6cdcfcd99b637d9554022c5233b0900609/kata.sock: use of closed network connection" name=kata-proxy pid=3428 sandbox=ef7ed276513d252fd8bf9f7e0a291d6cdcfcd99b637d9554022c5233b0900609 source=proxy
time="2018-09-06T10:17:54.359484012Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/091b344812909c1f08f2e40908609c6158c8608c53c5ef73558345464e5ce317/kata.sock: use of closed network connection" name=kata-proxy pid=3618 sandbox=091b344812909c1f08f2e40908609c6158c8608c53c5ef73558345464e5ce317 source=proxy
time="2018-09-06T10:19:26.497090662Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/c2105483c9421109308994c9c89ba6761363d31a05ebe16d7f06968c66b17404/kata.sock: use of closed network connection" name=kata-proxy pid=3810 sandbox=c2105483c9421109308994c9c89ba6761363d31a05ebe16d7f06968c66b17404 source=proxy
time="2018-09-06T10:19:48.266337279Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/ee903171fce5a4673eb37a1e36d87f4ff04cbb76ea03b242391b8f79bf723e08/kata.sock: use of closed network connection" name=kata-proxy pid=3999 sandbox=ee903171fce5a4673eb37a1e36d87f4ff04cbb76ea03b242391b8f79bf723e08 source=proxy
time="2018-09-06T10:20:31.484354041Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/91646f067ed69d38d54628e142955c693328107dab6077035c95ddb9ef0df34f/kata.sock: use of closed network connection" name=kata-proxy pid=4179 sandbox=91646f067ed69d38d54628e142955c693328107dab6077035c95ddb9ef0df34f source=proxy
time="2018-09-06T10:22:19.217671524Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/653480ca94e1fa6472deaa69cb312a6471b411043fbab373ecc83789e0445661/kata.sock: use of closed network connection" name=kata-proxy pid=4382 sandbox=653480ca94e1fa6472deaa69cb312a6471b411043fbab373ecc83789e0445661 source=proxy
time="2018-09-06T10:22:35.685073611Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/3dbbed8b920d805ac21bf427c3245a5fd80513243cf520678431510a9b64a20f/kata.sock: use of closed network connection" name=kata-proxy pid=4571 sandbox=3dbbed8b920d805ac21bf427c3245a5fd80513243cf520678431510a9b64a20f source=proxy
time="2018-09-06T10:26:53.356213103Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/d23352428772ab2922cbeb7a9a9f193e674da401dde43058cba660ee6ea6ad16/proxy.sock: use of closed network connection" name=kata-proxy pid=4755 sandbox=d23352428772ab2922cbeb7a9a9f193e674da401dde43058cba660ee6ea6ad16 source=proxy
time="2018-09-06T10:31:47.373137067Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/eb2be6e752ccc933114d51ed0b32e83661740c6cd075f56d05cb449fb4ed1c4a/kata.sock: use of closed network connection" name=kata-proxy pid=4934 sandbox=eb2be6e752ccc933114d51ed0b32e83661740c6cd075f56d05cb449fb4ed1c4a source=proxy
time="2018-09-06T10:39:47.963070648Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/db8196e014bc316738c5602e81ab53aa525132821b0e30609d27ca44bf8d68eb/kata.sock: use of closed network connection" name=kata-proxy pid=5150 sandbox=db8196e014bc316738c5602e81ab53aa525132821b0e30609d27ca44bf8d68eb source=proxy
time="2018-09-06T10:48:47.595675167Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/b3329215015d892b3c3a7c3d4bd2c02e88f558e123cc974aa5df811b25f55e52/proxy.sock: use of closed network connection" name=kata-proxy pid=5337 sandbox=b3329215015d892b3c3a7c3d4bd2c02e88f558e123cc974aa5df811b25f55e52 source=proxy
time="2018-09-06T10:55:59.306069892Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/4876b3a5aac3842f2d0956f3caebb663befb162dc662372f2fcc2614e837971c/kata.sock: use of closed network connection" name=kata-proxy pid=5526 sandbox=4876b3a5aac3842f2d0956f3caebb663befb162dc662372f2fcc2614e837971c source=proxy
time="2018-09-06T11:09:04.395120518Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/097a7aea82f12572065f204914175807ce69e85e208c507d44abef62167afc17/kata.sock: use of closed network connection" name=kata-proxy pid=5789 sandbox=097a7aea82f12572065f204914175807ce69e85e208c507d44abef62167afc17 source=proxy
time="2018-09-06T11:09:14.545970572Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/c39c2df82cb20446c01018cc95e36238f573ca915b4c1360cf4f00161eb35a02/kata.sock: use of closed network connection" name=kata-proxy pid=5964 sandbox=c39c2df82cb20446c01018cc95e36238f573ca915b4c1360cf4f00161eb35a02 source=proxy
time="2018-09-06T11:09:23.379394223Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/0be561dfafea956f9d924baaf22ce2343b09c64f85d8b14fe155be7e6a818d36/proxy.sock: use of closed network connection" name=kata-proxy pid=6140 sandbox=0be561dfafea956f9d924baaf22ce2343b09c64f85d8b14fe155be7e6a818d36 source=proxy
time="2018-09-06T11:10:17.712331334Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/51225040dd0479067cbafe196666e84cc2645f724a75b86d44319a214b92e22e/kata.sock: use of closed network connection" name=kata-proxy pid=6318 sandbox=51225040dd0479067cbafe196666e84cc2645f724a75b86d44319a214b92e22e source=proxy
time="2018-09-10T13:40:57.792629323Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/695c3e443aadf540c89669eede132618453e006c8f64485f14297a6e4c9fb247/kata.sock: use of closed network connection" name=kata-proxy pid=2107 sandbox=695c3e443aadf540c89669eede132618453e006c8f64485f14297a6e4c9fb247 source=proxy
time="2018-09-10T13:41:07.307130111Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/e7b0cfeb0bfb230a80730f4b3e5173700f8ca6e5ca2d1a341e1f9b094a63f20f/kata.sock: use of closed network connection" name=kata-proxy pid=2287 sandbox=e7b0cfeb0bfb230a80730f4b3e5173700f8ca6e5ca2d1a341e1f9b094a63f20f source=proxy
time="2018-09-10T13:42:31.722130227Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/a58a10ed1cb1831ba9eed430b334362e89470ceef9bc00468ea0bc7b00ce1735/kata.sock: use of closed network connection" name=kata-proxy pid=2468 sandbox=a58a10ed1cb1831ba9eed430b334362e89470ceef9bc00468ea0bc7b00ce1735 source=proxy
time="2018-09-10T13:44:09.043348121Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/11bcc28255f3a10dc0b9efc175903877b440413734cb993463852220ba025867/proxy.sock: use of closed network connection" name=kata-proxy pid=2682 sandbox=11bcc28255f3a10dc0b9efc175903877b440413734cb993463852220ba025867 source=proxy
time="2018-09-10T13:51:31.418854504Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/3d078ff16c85037d72e2a4b725de7130a84b5ae913e58966083ed1f0be9bd703/kata.sock: use of closed network connection" name=kata-proxy pid=2150 sandbox=3d078ff16c85037d72e2a4b725de7130a84b5ae913e58966083ed1f0be9bd703 source=proxy
time="2018-09-10T13:52:05.591950616Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/d7930ab8b527252e4d704ef34143b8394d5b20ee13ffcb5f8874262d94db356a/kata.sock: use of closed network connection" name=kata-proxy pid=2335 sandbox=d7930ab8b527252e4d704ef34143b8394d5b20ee13ffcb5f8874262d94db356a source=proxy
time="2018-09-10T13:52:59.275038499Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/45d8462d5246d30fd73e4eabf15f484b870c22749be61837db2fc116701ee636/kata.sock: use of closed network connection" name=kata-proxy pid=2523 sandbox=45d8462d5246d30fd73e4eabf15f484b870c22749be61837db2fc116701ee636 source=proxy
time="2018-09-10T13:53:54.765727073Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/5950e7c973c7d43216957920157a904a8b0d1421433d106df1e43ea2b1932414/kata.sock: use of closed network connection" name=kata-proxy pid=2731 sandbox=5950e7c973c7d43216957920157a904a8b0d1421433d106df1e43ea2b1932414 source=proxy
time="2018-09-11T10:18:28.464480174Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/f2f9b4053aaa245ac7515b5d2c418b5ce3064cad8f282518a6e5fa5d86d43214/proxy.sock: use of closed network connection" name=kata-proxy pid=5028 sandbox=f2f9b4053aaa245ac7515b5d2c418b5ce3064cad8f282518a6e5fa5d86d43214 source=proxy
time="2018-09-11T10:35:53.510817964Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c/proxy.sock: use of closed network connection" name=kata-proxy pid=6861 sandbox=0e9d77809617c459698239f1e213064652bb8ee6f9fa06767ce02cb6c5e5f77c source=proxy
time="2018-09-11T11:05:16.18512685Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128/kata.sock: use of closed network connection" name=kata-proxy pid=7100 sandbox=13381c491206f93236242421e908e94e66c2a65c8741ca6d4ab02ae0d4277128 source=proxy
time="2018-09-11T11:06:50.201318817Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a/proxy.sock: use of closed network connection" name=kata-proxy pid=7417 sandbox=d4854a0ca249aa669ace0df09b281c577d63bee30fa4b64c90111d1d0fd23d4a source=proxy
time="2018-09-11T11:07:33.546397584Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a/kata.sock: use of closed network connection" name=kata-proxy pid=7627 sandbox=9d89b25cdb8ed62fa39822f5e54f4e1812ea78825c970804b63081f694cef70a source=proxy
time="2018-09-13T11:26:20.772095112Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67/proxy.sock: use of closed network connection" name=kata-proxy pid=2673 sandbox=add7e4f23b1d7c031bd187d97743f52c5ba49bc750d1413a7fc562088d496b67 source=proxy
time="2018-09-13T11:26:42.464602475Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d/proxy.sock: use of closed network connection" name=kata-proxy pid=2818 sandbox=d5e6b6a76067fd1b6eb6f47013c9660d91eafa51b3024533dc1fb8d32731ea5d source=proxy
time="2018-09-13T11:32:08.09405472Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13/proxy.sock: use of closed network connection" name=kata-proxy pid=3031 sandbox=3c927c644811e912c92e52223ecab36eebcc8a8983a654407a3a4f42b426ec13 source=proxy
time="2018-09-13T11:37:27.370797428Z" level=info msg="[    1.861912] EXT4-fs (pmem0p1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk\n" name=kata-proxy pid=3254 sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent
time="2018-09-13T11:37:27.373460286Z" level=info msg="[    1.866643] EXT4-fs (pmem0p1): mounted filesystem with ordered data mode. Opts: dax,data=ordered,errors=remount-ro\n" name=kata-proxy pid=3254 sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent
time="2018-09-13T11:37:27.669684568Z" level=info msg="[    2.162518] systemd-journald[72]: no db file to read /run/udev/data/+acpi:PNP0A03:00: No such file or directory\n" name=kata-proxy pid=3254 sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent
time="2018-09-13T11:37:27.67415227Z" level=info msg="[    2.167275] systemd-journald[72]: no db file to read /run/udev/data/+acpi:PNP0A03:00: No such file or directory\n" name=kata-proxy pid=3254 sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent
time="2018-09-13T11:37:27.677635797Z" level=info msg="[    2.167918] systemd-journald[72]: no db file to read /run/udev/data/+acpi:PNP0A03:00: No such file or directory\n" name=kata-proxy pid=3254 sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent
time="2018-09-13T11:37:28.743106215Z" level=info msg="time=\"2018-09-13T11:37:28.701290598Z\" level=debug msg=\"request end\" duration=17.575433ms name=kata-agent pid=117 request=/grpc.AgentService/CreateSandbox resp=\"&Empty{}\" sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent\n" name=kata-proxy pid=3254 sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent
time="2018-09-13T11:37:28.86186251Z" level=info msg="time=\"2018-09-13T11:37:28.819881708Z\" level=debug msg=\"request end\" duration=80.917741ms error=\"selinux label is specified in config, but selinux is disabled or not supported\" name=kata-agent pid=117 request=/grpc.AgentService/CreateContainer resp=\"&Empty{}\" sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent\n" name=kata-proxy pid=3254 sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent
time="2018-09-13T11:37:28.950920362Z" level=info msg="time=\"2018-09-13T11:37:28.909181284Z\" level=debug msg=\"request end\" duration=31.308542ms name=kata-agent pid=117 request=/grpc.AgentService/DestroySandbox resp=\"&Empty{}\" sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent\n" name=kata-proxy pid=3254 sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=agent
time="2018-09-13T11:37:28.952791394Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f/proxy.sock: use of closed network connection" name=kata-proxy pid=3254 sandbox=44d173bbc8ef8728718c448b2ad6074d469bbaffe4e7fa7e763a6f0fad5f806f source=proxy

Shim logs

No recent shim problems found in system journal.

---

Container manager details

Have docker

Docker

Output of "docker version":

Client:
 Version:         1.13.1
 API version:     1.26
 Package version: docker-1.13.1-68.gitdded712.el7.centos.x86_64
 Go version:      go1.9.4
 Git commit:      dded712/1.13.1
 Built:           Tue Jul 17 18:34:48 2018
 OS/Arch:         linux/amd64

Server:
 Version:         1.13.1
 API version:     1.26 (minimum version 1.12)
 Package version: docker-1.13.1-68.gitdded712.el7.centos.x86_64
 Go version:      go1.9.4
 Git commit:      dded712/1.13.1
 Built:           Tue Jul 17 18:34:48 2018
 OS/Arch:         linux/amd64
 Experimental:    false

Output of "docker info":

Containers: 32
 Running: 0
 Paused: 0
 Stopped: 32
Images: 4
Server Version: 1.13.1
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: journald
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: docker-kata docker-runc runc
Default Runtime: docker-kata
Init Binary: /usr/libexec/docker/docker-init-current
containerd version:  (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: 0bcb32f (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: fec3683b971d9c3ef73f284f176672c44b448662 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
 seccomp
  WARNING: You're not using the default seccomp profile
  Profile: /etc/docker/seccomp.json
 selinux
Kernel Version: 3.10.0-862.11.6.el7.x86_64
Operating System: CentOS Linux 7.1807 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 2
Total Memory: 3.701 GiB
Name: localhost.localdomain
ID: QNJB:CYLT:GBVI:EJXG:KTK5:OIWR:G2UO:NLGD:EUAP:QLYA:GOUO:6NVI
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Registries: docker.io (secure)

Output of "systemctl show docker":

Type=notify
Restart=on-abnormal
NotifyAccess=all
RestartUSec=100ms
TimeoutStartUSec=0
TimeoutStopUSec=1min 30s
WatchdogUSec=0
WatchdogTimestamp=Thu 2018-09-13 11:26:06 UTC
WatchdogTimestampMonotonic=340463553
StartLimitInterval=10000000
StartLimitBurst=5
StartLimitAction=none
FailureAction=none
PermissionsStartOnly=no
RootDirectoryStartOnly=no
RemainAfterExit=no
GuessMainPID=yes
MainPID=2470
ControlPID=0
FileDescriptorStoreMax=0
StatusErrno=0
Result=success
ExecMainStartTimestamp=Thu 2018-09-13 11:26:04 UTC
ExecMainStartTimestampMonotonic=338825410
ExecMainExitTimestampMonotonic=0
ExecMainPID=2470
ExecMainCode=0
ExecMainStatus=0
ExecStart={ path=/usr/bin/dockerd-current ; argv[]=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --add-runtime docker-kata=/usr/bin/kata-runtime --default-runtime=docker-kata --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES ; ignore_errors=no ; start_time=[Thu 2018-09-13 11:26:04 UTC] ; stop_time=[n/a] ; pid=2470 ; code=(null) ; status=0/0 }
ExecReload={ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
Slice=system.slice
ControlGroup=/system.slice/docker.service
MemoryCurrent=18446744073709551615
TasksCurrent=18446744073709551615
Delegate=no
CPUAccounting=no
CPUShares=18446744073709551615
StartupCPUShares=18446744073709551615
CPUQuotaPerSecUSec=infinity
BlockIOAccounting=no
BlockIOWeight=18446744073709551615
StartupBlockIOWeight=18446744073709551615
MemoryAccounting=no
MemoryLimit=18446744073709551615
DevicePolicy=auto
TasksAccounting=no
TasksMax=18446744073709551615
Environment=GOTRACEBACK=crash DOCKER_HTTP_HOST_COMPAT=1 PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
EnvironmentFile=/run/containers/registries.conf (ignore_errors=yes)
EnvironmentFile=/etc/sysconfig/docker (ignore_errors=yes)
EnvironmentFile=/etc/sysconfig/docker-storage (ignore_errors=yes)
EnvironmentFile=/etc/sysconfig/docker-network (ignore_errors=yes)
EnvironmentFile=/run/flannel/docker (ignore_errors=yes)
UMask=0022
LimitCPU=18446744073709551615
LimitFSIZE=18446744073709551615
LimitDATA=18446744073709551615
LimitSTACK=18446744073709551615
LimitCORE=18446744073709551615
LimitRSS=18446744073709551615
LimitNOFILE=1048576
LimitAS=18446744073709551615
LimitNPROC=1048576
LimitMEMLOCK=65536
LimitLOCKS=18446744073709551615
LimitSIGPENDING=14963
LimitMSGQUEUE=819200
LimitNICE=0
LimitRTPRIO=0
LimitRTTIME=18446744073709551615
OOMScoreAdjust=0
Nice=0
IOScheduling=0
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
TimerSlackNSec=50000
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardOutput=journal
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SecureBits=0
CapabilityBoundingSet=18446744073709551615
AmbientCapabilities=0
MountFlags=0
PrivateTmp=no
PrivateNetwork=no
PrivateDevices=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=no
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=0
RuntimeDirectoryMode=0755
KillMode=process
KillSignal=15
SendSIGKILL=yes
SendSIGHUP=no
Id=docker.service
Names=docker.service
Requires=docker-cleanup.timer basic.target
Wants=system.slice docker-storage-setup.service
RequiredBy=docker-cleanup.service
WantedBy=multi-user.target
Conflicts=shutdown.target
Before=multi-user.target shutdown.target
After=registries.service network.target basic.target rhel-push-plugin.socket docker-storage-setup.service systemd-journald.socket system.slice
Documentation=http://docs.docker.com
Description=Docker Application Container Engine
LoadState=loaded
ActiveState=active
SubState=running
FragmentPath=/usr/lib/systemd/system/docker.service
DropInPaths=/usr/lib/systemd/system/docker.service.d/flannel.conf
UnitFileState=enabled
UnitFilePreset=disabled
InactiveExitTimestamp=Thu 2018-09-13 11:26:04 UTC
InactiveExitTimestampMonotonic=338825812
ActiveEnterTimestamp=Thu 2018-09-13 11:26:06 UTC
ActiveEnterTimestampMonotonic=340463705
ActiveExitTimestamp=Thu 2018-09-13 11:26:03 UTC
ActiveExitTimestampMonotonic=337691603
InactiveEnterTimestamp=Thu 2018-09-13 11:26:04 UTC
InactiveEnterTimestampMonotonic=338709218
CanStart=yes
CanStop=yes
CanReload=yes
CanIsolate=no
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
OnFailureJobMode=replace
IgnoreOnIsolate=no
IgnoreOnSnapshot=no
NeedDaemonReload=no
JobTimeoutUSec=0
JobTimeoutAction=none
ConditionResult=yes
AssertResult=yes
ConditionTimestamp=Thu 2018-09-13 11:26:04 UTC
ConditionTimestampMonotonic=338824712
AssertTimestamp=Thu 2018-09-13 11:26:04 UTC
AssertTimestampMonotonic=338824713
Transient=no

No kubectl

---

Packages

No dpkg
Have rpm
Output of "rpm -qa|egrep "(cc-oci-runtimecc-runtimerunv|kata-proxy|kata-runtime|kata-shim|kata-containers-image|linux-container|qemu-)"":

qemu-lite-data-2.11.0+git.a39e0b3e82-47.1.x86_64
qemu-vanilla-2.11.2+git.a39e0b3e82-44.1.x86_64
kata-runtime-1.2.0+git.0bcb32f-45.1.x86_64
qemu-vanilla-data-2.11.2+git.a39e0b3e82-44.1.x86_64
qemu-lite-bin-2.11.0+git.a39e0b3e82-47.1.x86_64
qemu-vanilla-bin-2.11.2+git.a39e0b3e82-44.1.x86_64
kata-shim-bin-1.2.0+git.0a37760-33.1.x86_64
kata-linux-container-4.14.51.7-134.1.x86_64
kata-containers-image-1.2.0-32.1.x86_64
kata-proxy-1.2.0+git.1796218-32.1.x86_64
qemu-lite-2.11.0+git.a39e0b3e82-47.1.x86_64
kata-shim-1.2.0+git.0a37760-33.1.x86_64
kata-proxy-bin-1.2.0+git.1796218-32.1.x86_64

---