Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

docker: cgroupdriver: runtime does not support docker cgroupdriver argument #596

Closed
grahamwhaley opened this issue Aug 17, 2018 · 3 comments · Fixed by #747
Closed

docker: cgroupdriver: runtime does not support docker cgroupdriver argument #596

grahamwhaley opened this issue Aug 17, 2018 · 3 comments · Fixed by #747
Assignees

Comments

@grahamwhaley
Copy link
Contributor

Description of problem

It has been reported that the kata runtime does not support the docker --exec-opt native.cgroupdriver=systemd runtime option. See
https://docs.docker.com/engine/reference/commandline/dockerd/#options-for-the-runtime

Expected result

I suspect as we use systemd inside the mini-OS where the agent uses the same library as the default docker runtime to set up the cgroups for the container (aiui), that this feature could be implemented by an enhancement to the agent.

We should probably discuss first if/what/are there any benefits to using systemd to control the cgroups. There may well be, as this topic came up in relation to the Project Atomic item, now referenced over at kata-containers/documentation#222

@grahamwhaley
Copy link
Contributor Author

/cc @xzr for bringing this to our attention, thanks!
/cc @devimc for thoughts on if this would be feasible via the agent etc.

I guess a minimum we should probably add an entry to the limitations document for a start.

@xzr
Copy link

xzr commented Aug 28, 2018

On Atomic and an older version of Docker:

[vagrant@localhost ~]$ sudo docker --version
Docker version 1.13.1, build dded712/1.13.1
[vagrant@localhost ~]$ sudo docker run --rm centos uname -a
Incorrect Usage. flag provided but not defined: -systemd-cgroup

time="2018-08-28T14:56:37Z" level=error msg="flag provided but not defined: -systemd-cgroup" arch=amd64 name=kata-runtime pid=2974 source=runtime
flag provided but not defined: -systemd-cgroup
NAME:
kata-runtime - kata-runtime runtime

kata-runtime is a command line program for running applications packaged
according to the Open Container Initiative (OCI).

USAGE:
kata-runtime [global options] command [command options] [arguments...]

VERSION:
kata-runtime : 1.2.0
commit : 0bcb32f
OCI specs: 1.0.1

COMMANDS:
create Create a container
delete Delete any resources held by one or more containers
exec Execute new process inside the container
kill Kill sends signals to the container's init process
list lists containers started by kata-runtime with the given root
pause suspend all processes in a container
ps ps displays the processes running inside a container
resume unpause all previously paused processes in a container
run create and run a container
spec create a new specification file
start executes the user defined process in a created container
state output the state of a container
update update container resource constraints
events display container events such as OOM notifications, cpu, memory, and IO usage statistics
version display version details
kata-check tests if system can run Kata Containers
kata-env display settings. Default to TOML
factory manage vm factory
help, h Shows a list of commands or help for one command

GLOBAL OPTIONS:
--kata-config value Kata Containers config file path
--log value set the log file path where internal debug information is written (default: "/dev/null")
--log-format value set the format used by logs ('text' (default), or 'json') (default: "text")
--root value root directory for storage of container state (this should be located in tmpfs) (default: "/var/run/kata-containers")
--kata-show-default-config-paths show config file paths that will be checked for (in order)
--help, -h show help
--version, -v print the version

NOTES:

  • Commands starting "kata-" and options starting "--kata-" are Kata Containers extensions.

URL:

The canonical URL for this project is: https://github.com/kata-containers

/usr/bin/docker-current: Error response from daemon: containerd: container not started.
ERRO[0000] error getting events from daemon: context canceled

On regular Centos 7 and latest Docker CE:

[vagrant@localhost ~]$ sudo docker --version
Docker version 18.06.1-ce, build e68fc7a
[vagrant@localhost ~]$ sudo docker run --rm centos uname -a
docker: Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/6133b291b26f03ca4e11f6d8be1946e7ac0986c5c1919fcc3048fc29d1c32b88/log.json: no such file or directory): /usr/bin/kata-runtime did not terminate sucessfully: unknown.

@devimc
Copy link

devimc commented Sep 18, 2018

After having read coreos/bugs#1435 , https://www.freedesktop.org/wiki/Software/systemd/ControlGroupInterface/ and https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html , from my point of view it's worthless to use systemd's resource control in the VM, because nobody is able to control it by using systemctl set-property ... and there is no a docker service running in the VM, having said that I propose to support it but in the host, when we support cgroups in the host, by now these are the gaps that need to be closed to make dockerd --exec-opt native.cgroupdriver=systemd happy:

  • runtime: add systemd-cgroup option
  • runtime: translate systemd cgroupsPath to cgroupfs cgroupsPath, for example system.slice:docker:abc to /docker/abc

I'll be working on that

cc @bergwolf @grahamwhaley @xzr

devimc pushed a commit to devimc/kata-runtime that referenced this issue Sep 18, 2018
Add support for cgroup driver systemd.
systemd cgroup is not applied in the VM since in some cases like initrd images
there is no systemd running and nobody can update a systemd cgroup using
systemctl.

fixes kata-containers#596

Signed-off-by: Julio Montes <julio.montes@intel.com>
@devimc devimc self-assigned this Sep 18, 2018
devimc pushed a commit to devimc/kata-runtime that referenced this issue Sep 18, 2018
Add support for cgroup driver systemd.
systemd cgroup is not applied in the VM since in some cases like initrd images
there is no systemd running and nobody can update a systemd cgroup using
systemctl.

fixes kata-containers#596

Signed-off-by: Julio Montes <julio.montes@intel.com>
devimc pushed a commit to devimc/kata-runtime that referenced this issue Sep 18, 2018
Add support for cgroup driver systemd.
systemd cgroup is not applied in the VM since in some cases like initrd images
there is no systemd running and nobody can update a systemd cgroup using
systemctl.

fixes kata-containers#596

Signed-off-by: Julio Montes <julio.montes@intel.com>
devimc pushed a commit to devimc/kata-runtime that referenced this issue Sep 18, 2018
Add support for cgroup driver systemd.
systemd cgroup is not applied in the VM since in some cases like initrd images
there is no systemd running and nobody can update a systemd cgroup using
systemctl.

fixes kata-containers#596

Signed-off-by: Julio Montes <julio.montes@intel.com>
egernst pushed a commit to egernst/runtime that referenced this issue Feb 9, 2021
This updates openconatainer/runc (and its deps). Ref. opencontainers/runc#2065,
running a version before that fix will result in some strange behavior on
Aarch64 (Linux 5.0.X+).

This fixes kata-containers#596

Changes in opencontainers/runc:
    652297c7 Update dependency libseccomp-golang
    6770c869 Allow to define `COMMIT` by env
    b54fd85b libcontainer: change seccomp test for clone syscall
    6f77e35d Export list of HugePageSizeUnits
    c6445b1c Add tests for GetHugePageSize
    273e7b74 Fix cgroup hugetlb size prefix for kB
    65032b55 libcontainer: fix TestGetContainerState to check configs.NEWCGROUP
    8383c724 main: not reopen /dev/stderr
    46351eb3 Move systemd.Manager initialization into a function in that module
    62bd2593 VERSION: back to development
    425e105d VERSION: release 1.0.0-rc8
    8362cd02 Vendor in latest selinux code for keycreate errors
    a1460818 Write logs to stderr by default
    68b4ff5b Simplify bail logic & minor nsexec improvements
    17b37ea3 libcontainer: intelrdt: add missing destroy handler in defer func
    475aef10 Remove redundant log function
    ba3cabf9 Improve nsexec logging
    da5a2dd4 `r.destroy` can defer exec in `runner.run` method.
    8296826d specconv: always set "type: bind" in case of MS_BIND
    c486e3c4 Address comments in PR 1861
    feebfac3 Remove pipe close before exec.
    9a599f62 Support for logging from children processes
    3e6688f5 add selinux label for runc exec
    dcf994b4 Fix SELinux failures on disabled SELinux Machines
    6b5ee713 VERSION: back to development
    69ae5da6 VERSION: release v1.0.0-rc7
    eab53309 Fixes regression causing zombie runc:[1:CHILD] processes
    cd96170c Need to setup labeling of kernel keyrings.

Changes in seccomp/libseccomp-golang
    689e3c1 all: Update CHANGELOG for v0.9.1
    0353a0b golang: Add ActLog test
    798ec96 golang: Add support for SCMP_ACT_LOG
    23edf06 golang: Add filterAttrLog getter/setters test
    4b17538 golang: Add support for SCMP_FLTATR_CTL_LOG
    62d5d2b golang: Add API level bindings
    f6ec81d golang: add more info to errors with fmt.Errorf()
    da59163 golang: Fix unit test failures on 32-bit systems
    84e90a9 golang: Fix compile error on Debian
    06e7a29 golang: Resolve bug with handling of multiple argument rules
    fc02980 golang: Remove TSync functions, and set unconditionally
    9814e55 golang: Use `seccomp_version` API to obtain library version

Changes in sirupsen/logrus:
    839c75f Release 1.4.2
    744fc4c fix build break for plan9
    f2849a8 add full cross compilation in travis (kata-containers#963)
    1bc909a Add a checkTerminal for nacl to support running on play.golang.org
    1a601d2 remove go 1.10 from ci build matrix
    5521996 Update x/sys/unix to fix AIX support
    c1b6154 Fix solaris build
    8bdbc7b Release 1.4.1
    6c615e1 remove field if val is empty string for func and file field in text formatter
    ede5b63 Make isTerminal un-exported
    3e06420 Move files to main directory
    38bc297 return new entry for Entry.WithContext
    7d700cd Test more platforms
    c49ef1d Move terminal package
    5d8c3bf Updated travis.yml
    41ee4dd Moved moved unix-related parts into terminal
    7de3dd8 Removed golang.org/x/crypto refs
    10ff0d0 Got rid of IsTerminal call to reduce external dependencies
    c076594 Add Go 1.12 to Travis CI build matrix
    02141df Add CHANGELOG for v1.4.0
    68e41f6 Add WithContext
    cf1b9fd fix sync.Once usage instead of adding a mutex lock
    b9d4514 fix ReportCaller race condition
    99a5172 Add and example for CallerPrettyfier
    5c2b39a Remove debug trace
    ffec2f2 Add a CallerPrettyfier callback to the text formatter
    5e9b246 Add a CallerPrettyfier callback to the json formatter
    4f5fd63 Fix infinite recursion on unknown Level.String()
    c4e4882 prevent string formatting in Entry.Logf when log level is not enabled
    774bb8e Fix error formatting based on best practices from Code Review Comments
    4ea4861 Add a DeferExitHandler function
    68a2b57 Add nested-logrus-formatter to README.md
    f61e48b logger: fix wrong callback method
    0f544bf Add a unit test to ensure hook are called in their registration order
    a99ca47 Add an example hook which adds default fields
    78fb385 Remove unused variables in TextFormatter
    eef6b76 Update Changelog for 1.3.0
    bd9534b Test Log
    e8fd0ba Remove sensitivity to file line changes
    ff695da Implement TextUnmarshaller interface for Level type
    a6668e7 Add Generic Log functions with level via argument
    9abefb9 do not clear error formatting informative field
    d962013 respect ForceColor and environment variables over OS check
    08e8d65 Skip func pointer type value in fields
    0c5e33c Travis: fix checkout dir to help contributors run Travis on their fork
    f1b98e4 ignore expected color on windows
    e902658 Disable colored output on windows entirely
    eab2c44 fix hook example
    c7183bf fix missing parameter
    2cafb78 fix race condition caused by writing to entry.Data, using the same technique as JSONFormatter
    bcd833d v1.2.0 changelog
    d10c2f9 fix panic in text formatter
    5a78c38 make file name comparison os independant
    d2654b7 add file and line number in output when report caller is enabled
    fa01b53 move test functions and test utils functions in their own package
    ec57031 store a runtime.Frame in Entry instead of the caller function name
    975c406 Use a sync.Once to init the reportCaller data
    5fcd19e add a SetReportCaller on Logger object
    0c52582 Add GELF to third party formatters
    5c1f2cd Make logrus.Level implement encoding.TextUnmarshaler
    bb98c6c Fix the version of windows coloring library dependency
    ed3ffa0 PR#844: Added Trace to TestLogLevelEnabled() (requested by @dgsb)
    b54cafe Addresses @stevvooe's backward compatibility concerns.
    ef9d84e Added trace log level.
    c7a33dc Add Trace level logging
    4981d81 Added TRACE level logging.
    9c7692c disable colors on hook example
    f2ab87f Add an example for tracing global variable with hook
    ff92509 Attempt to fix build break on aix
    a13c5db Fix typo in comment
    4346c76 Remove unnecessary wrapper function on `os.Exit`
    99bc300 Add a method Exit on Logger that calls `os.Exit` or alternate exit function.
    ad15b42 Update changelog for v1.1.1 release
    3f90cee Rationalize os specific build constraints
    2be6202 Add option to panic in `test.NewNullLogger` to allow testing of calls to `Fatal*`
    7b467df Skip func type value in fields.
    a67f783 Update changelog for v1.1.0 release
    73bc94e Add custom sorting function in text formatter
    5a88d3c Add missing module dependency for windows build
    629982b DisableColors in two tests to fix AppEngine configuration
    0a8fc8d Add AppEngine test configurations to travis to a void regression
    f1ce1ba Fix copypasta
    90501cf Fix AppEngine builds
    98c898c Fix gopherjs build constraint name
    eed7c22 Fix travis build for go 1.11 with modules
    66895ce Fix module name and remove unused dependencies
    88eb166 Fix spelling in Entry.Buffer comment
    f75951b Add go module support
    4bcb47b commit to trigger appveyor build
    8b12043 Fix example build on windows
    7556e24 Use syslog instead of airbrake as syslog example
    e58aa84 bump go toolchain version in travis
    98d0f31 Add previously forgotten v1.0.6 description in changelog
    90bf2e7 feat(LogLevel): taking in account code review from David Bariod
    13d10d8 return old hooks from RelplaceHooks
    7a0120e logger.ReplaceHooks
    b5e6fae Cleanup on unit test on isColored
    cadf2ce Add unit test for TextFormatter.isColored
    eb968b6 Fix for CLICOLOR_FORCE handling
    8a6a17c Fixed missing brace after wrong merge
    d950ecd Remove unnecessary text_formatter file
    da39da2 Keep terminal check naming convention
    37d651c Add CLICOLOR support
    179037f Ensure a new entry data fields are empty
    d316277 Add logger benchmark
    54db2bb limit the build/test matrix to the two latest stable version
    6999e59 properly fix the hooks race test
    725f3be Adds WithTime to Logger and Entry types, as well as a pure module-level function.
    52b92f5 Allows overriding Entry.Time.
    fc9bbf2 [kata-containers#241] Allow to set writer during logger usage.
    eed1c0f Fix GopherJS build tags
    2ce6c0c Support for Entry data under nested JSON dictionary.
    6b28c2c error message
    5d60369 Fixed prefixFieldClashes for TextFormatter and added coverage
    4225d69 feat: new methods to check enabled log level
    070c81d Revert the change introduced in kata-containers#707 and do the proper fix. Fixes #_729
    098a5a7 Move the hook services list to a wiki page
    caed59e Fix Logger.WithField doscription
    aa6766a PERF: use buffer pool in json formatter
    b1e82be Update go versions in travis configuration.
    8369e2f Fix a race condition in TestLoggingWithHooksRace
    507c822 add mysql hook
    e63a8df added Anexia CloudLog to list of hooks
    5513c60 Improve documentation for Fatal* class functions
    2f58bc8 Unified terminal initialization code handling
    9bc59a5 Fixed initTerminal() was run for non-terminals
    cf5eba7 Simplified file structure
    c9a46a1 Added terminal check on Windows
    7d2a521 Extended conditions to include non-native builds
    f142d81 Improved building of non-windows code
    bb487e0 Added support for text coloring on Windows 10
    19b9c9e delete dead link
    b537da5 Fix run-on sentence
    723dd3c changed prettyprinting to use spaces as opposed to /t
    c155da1 changelog: add 1.0.5
    91b159d Add Kafka REST Proxy hook to README
    c840e59 add gopherjs build tag
    1893e9a Fixed: comment
    f4118d2 reamde: add logrus-clickhouse-hook
    efab7f3 Have prefixFieldClashes respect the JSON FieldMap
    be56909 Make fireHooks() method receive a copy of Entry structure to avoid race conditions
    178041e Fix typo in README.md
    828a649 rename fieldLogger to entry
    eeb6535 Lock mutex before formatting to avoid race
    efbfdb5 Add failing test for using a FieldLogger with hooks inside goroutines
    0cf9f0b Made text consistent with other hooks
    516f6c1 Add Application Insights hook to README
    977e033 Fix deadlock on panics at Entry.log
    92aece5 TextFormatter behaviour aligned with stdlib log (fixes #_167)
    eb15690 remove .gitignore changes and update AddHook
    20cc8e2 remove .gitignore changes
    0c03a05 mirror and wrap Logger instance methods in exported.go
    d682213 changelog: 1.0.4
    b9eceae fix example
    bf1fb70 Add FieldMap support to TestFormatter
    73a1342 Fix typo in README.md
    10d6a5b removed useless line from readme
    639325f added pretty print option for json logs
    9700beb Update README.md
    1858a85 Adds `logbeat` hook to README
    c44d524 Fix typo in docstring
    4844e58 Add promrus to list of hooks.
    7d3ddc6 Split terminal check to add build tags to support App Engine.
    cd1114d Added reference to AzureTableHook
    9bc52e3 Fix test assertion
    c830992 Take lock on mutex when firing hooks
    66230b2 Add test for race condition in hooks
    3d1341c Add AddHook method for logger
    5efed00 Update README.md to fix link to Kafka hook
    3bd397e Add Telegram hook to README.md.
    e3d1776 MD formatting
    9ce1c9e add github path to log message in readme
    b1db1b9 regex assertion rather than literal, for github path
    3cb9e18 test updates
    bc6d984 add caller logic to DisableTimestamp case
    1f59c9a Add DisableLevelTruncation description to README
    88dd8df responses to code review
    d8fd234 add syntax hilighting to new example blocks
    2e7c40e README formatting tweak
    802fba1 add note on caller-reporting overhead to README
    306956c tweak timing tests to handle slower VMs and older GoLang
    65f3af3 simplify hasCaller check
    a5c845c responses to review comments
    4575b7a revert slight added complexity in NewEntry()
    05a8f4d fix test description
    348bace doc updates, and relabel ReportMethod
    1e21450 push compilation even higher, to reduce to one call
    8161d93 performance: precompile regex before iterating
    473c344 Add README notes and CHANGELOG entries
    93af604 First cut at adding calling method
    e5b6713 Added testing for DisableLevelTruncation
    7a1f601 Added ability to disable level text truncation. Fixes #_406

Signed-off-by: Odin Ugedal <odin@ugedal.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants