[opensuse-kubic] MicroOS error when setting container memory limit
Hi, On a fresh MicroOS install with podman, when I want to set memory limit for a container (using the -m flag) I get the following error: Error: container_linux.go:367: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: cannot set memory limit: container could not join or create cgroup: OCI runtime error I am not able to understand the nature of the error. Searching around, I found similar issue where adding cgroup_enable=memory parameter to boot settings in Grub might solve the issue. Is that correct ? If so, what is the proper way to update Grub config on a RO filesystem ? podman version 2.0.4 podman info (ociRuntime part): ociRuntime: name: runc package: runc-1.0.0~rc91-1.2.x86_64 path: /usr/bin/runc version: |- runc version 1.0.0-rc91 spec: 1.0.2-dev Regards, -- Sébastien 'sogal' Poher
When there's no more room at school, the dumb will walk the Earth!
On Thu, Aug 27, Sébastien 'sogal' Poher wrote:
Hi,
On a fresh MicroOS install with podman, when I want to set memory limit for a container (using the -m flag) I get the following error:
Error: container_linux.go:367: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: cannot set memory limit: container could not join or create cgroup: OCI runtime error
I am not able to understand the nature of the error. Searching around, I found similar issue where adding cgroup_enable=memory parameter to boot settings in Grub might solve the issue. Is that correct ?
I don't know.
If so, what is the proper way to update Grub config on a RO filesystem ?
vi /etc/default/grub transactional-update grub.cfg -> reboot should do it. Thorsten
podman version 2.0.4 podman info (ociRuntime part): ociRuntime: name: runc package: runc-1.0.0~rc91-1.2.x86_64 path: /usr/bin/runc version: |- runc version 1.0.0-rc91 spec: 1.0.2-dev
Regards,
-- Sébastien 'sogal' Poher
When there's no more room at school, the dumb will walk the Earth!
-- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg) -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org
Hi Thorsten, Le vendredi 28 août 2020 à 08:28 +0200, Thorsten Kukuk a écrit :
On Thu, Aug 27, Sébastien 'sogal' Poher wrote:
Hi,
On a fresh MicroOS install with podman, when I want to set memory limit for a container (using the -m flag) I get the following error:
Error: container_linux.go:367: starting container process caused: process_linux.go:459: container init caused: process_linux.go:422: setting cgroup config for procHooks process caused: cannot set memory limit: container could not join or create cgroup: OCI runtime error
I am not able to understand the nature of the error. Searching around, I found similar issue where adding cgroup_enable=memory parameter to boot settings in Grub might solve the issue. Is that correct ?
I don't know.
If so, what is the proper way to update Grub config on a RO filesystem ?
vi /etc/default/grub transactional-update grub.cfg -> reboot
should do it.
Thank you for your answer about Grub. The issue with memory limit is still here. The same command works on Fedora where: podman info | grep -i cgroup cgroupVersion: v2 whereas in MicroOS: podman info | grep -i cgroup cgroupVersion: v1 Could this issue be related to cgroup version ? Will MicroOS use cgroup v2 by default in a near future ? -- Sébastien 'sogal' Poher
When there's no more room at school, the dumb will walk the Earth! -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org
On Fri, Aug 28, Sébastien 'sogal' Poher wrote:
Could this issue be related to cgroup version ? Will MicroOS use cgroup v2 by default in a near future ?
Could be very well that cgroup1 does not support this. MicroOS as the rest of openSUSE will switch to v2 if all workload can scope with it. To my knowledge, kubernetes couldn't. Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg) -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org
Le vendredi 28 août 2020 à 11:22 +0200, Thorsten Kukuk a écrit :
On Fri, Aug 28, Sébastien 'sogal' Poher wrote:
Could this issue be related to cgroup version ? Will MicroOS use cgroup v2 by default in a near future ?
Could be very well that cgroup1 does not support this. MicroOS as the rest of openSUSE will switch to v2 if all workload can scope with it. To my knowledge, kubernetes couldn't.
Got it, thank you for your answer. I have enabled cgroup v2 by passing 'systemd.unified_cgroup_hierarchy=1' to Grub but this requires crun to be installed which is not present in openSUSE (yet ?). I'll keep digging this issue. Have a nice day. -- Sébastien 'sogal' Poher
When there is no more room at school, the dumb will walk the Earth. -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org
On Fri, 2020-08-28 at 11:28 +0200, Sébastien 'sogal' Poher wrote:
Le vendredi 28 août 2020 à 11:22 +0200, Thorsten Kukuk a écrit :
On Fri, Aug 28, Sébastien 'sogal' Poher wrote:
Could this issue be related to cgroup version ? Will MicroOS use cgroup v2 by default in a near future ?
Could be very well that cgroup1 does not support this. MicroOS as the rest of openSUSE will switch to v2 if all workload can scope with it. To my knowledge, kubernetes couldn't.
Got it, thank you for your answer. I have enabled cgroup v2 by passing 'systemd.unified_cgroup_hierarchy=1' to Grub but this requires crun to be installed which is not present in openSUSE (yet ?). I'll keep digging this issue.
Have a nice day.
Indeed, we're mostly invested in runc support over crun on account of having at least one prominant runc developer in the Kubic community. I'm not opposed to moving to crun but my personal preference would be to stick with runc and hope that runc's cgroupv2 support appears before the day we really, really, really need it. -- Richard Brown Linux Distribution Engineer - Future Technology Team Phone +4991174053-361 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, D-90409 Nuernberg (HRB 36809, AG Nürnberg) Geschäftsführer: Felix Imendörffer -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org
Hi Richard, Le vendredi 28 août 2020 à 11:32 +0200, Richard Brown a écrit :
On Fri, 2020-08-28 at 11:28 +0200, Sébastien 'sogal' Poher wrote:
Le vendredi 28 août 2020 à 11:22 +0200, Thorsten Kukuk a écrit :
On Fri, Aug 28, Sébastien 'sogal' Poher wrote:
Could this issue be related to cgroup version ? Will MicroOS use cgroup v2 by default in a near future ?
Could be very well that cgroup1 does not support this. MicroOS as the rest of openSUSE will switch to v2 if all workload can scope with it. To my knowledge, kubernetes couldn't.
Got it, thank you for your answer. I have enabled cgroup v2 by passing 'systemd.unified_cgroup_hierarchy=1' to Grub but this requires crun to be installed which is not present in openSUSE (yet ?). I'll keep digging this issue.
Have a nice day.
Indeed, we're mostly invested in runc support over crun on account of having at least one prominant runc developer in the Kubic community.
I'm not opposed to moving to crun but my personal preference would be to stick with runc and hope that runc's cgroupv2 support appears before the day we really, really, really need it.
Thank you for your complementary answser. I achieved what I wanted to do (i.e. using Podman on MicroOS with memory/cpu limits) by passing the 'systemd.unified_cgroup_hierarchy=1' parameter and installing crun manually. It's just a few more steps that I'll automate. It could be nice to have 'crun' in the official repos as an alternative runtime. I am not at all an expert in that domain but I'll see if I can contribute and make it available in the repos. -- 'When there is no more room at school, the dumb will walk the Earth.' Sébastien 'sogal' Poher -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org
On Fri, 2020-08-28 at 14:22 +0200, Sébastien 'sogal' Poher wrote:
Le vendredi 28 août 2020 à 11:32 +0200, Richard Brown a écrit :
It could be nice to have 'crun' in the official repos as an alternative runtime.
Unrelated to this discussion but, yes, it indeed would be very nice to have it, as AFAIUI, crun already supports libkrun: https://github.com/containers/libkrun https://devconfcz2021.sched.com/event/gmPG/libkrun-kvm-based-isolation-for-y... And give libkrun is already being packaged in openSUSE (in review right in these days), crun is pretty much the only missing piece for being able to start containers with string HW/VMM isolation.
I am not at all an expert in that domain but I'll see if I can contribute and make it available in the repos.
Would be wonderful... And I'm also not an expert of this, but I'll be happy to help. :-) Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)
On Fri, 2020-08-28 at 14:22 +0200, Sébastien 'sogal' Poher wrote:
It could be nice to have 'crun' in the official repos as an alternative runtime. I am not at all an expert in that domain but I'll see if I can contribute and make it available in the repos.
BTW, if you (or anyone :-)) are still interested, I'm playing with crun here: https://build.opensuse.org/package/show/home:dfaggioli:Virtualization/crun I do intend to submit this to Factory (well, to the Virtualization devel project first, and then from there to factory), as soon as I find the time to double check a few things. But in the meanwhile, it's there. Any contributions/suggestions/ideas for improvements welcome. :-) Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)
On Fri, Aug 28, Richard Brown wrote:
I'm not opposed to moving to crun but my personal preference would be to stick with runc and hope that runc's cgroupv2 support appears before the day we really, really, really need it.
According to various sources, runc has cgroupv2 support since last November except for rootless mode modulo some issues. See for status of today: https://github.com/opencontainers/runc/issues/2315 Do we need some compile time switches to enable support for it in runc? Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg) -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org
participants (5)
-
Dario Faggioli -
Richard Brown -
Sébastien 'sogal' Poher -
Thorsten Kukuk -
Walddys Emmanuel Dorrejo Céspedes