search

DOMjudge / domjudge-packaging

DOMjudge packaging for (Linux) distributions and live image
31 stars 37 forks source link

judgehost: create_cgroups fails when /sys/fs/cgroup is mounted with read-only option #193

Closed ir5 closed 2 months ago

ir5 commented 2 months ago

In the current instructions for launching judgehosts on DockerHub, it is specified that the /sys/fs/cgroup directory is mounted with read-only permission. 

docker run -it --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name judgehost-0 --link domserver:domserver --hostname judgedaemon-0 -e DAEMON_ID=0 domjudge/judgehost:latest

However, with this permission, the startup script does not seem to run successfully, especially when the host machine starts from scratch. In the file https://github.com/DOMjudge/domjudge/blob/main/judge/create_cgroups.in, there is a sequence of commands to create a new directory in /sys/fs/cgroup. This process does not complete successfully.

judgehost-0  | [..] Setting timezone
judgehost-0  |
judgehost-0  | Current default time zone: 'Asia/Tokyo'
judgehost-0  | Local time is now:      Sat Jul  6 23:53:32 JST 2024.
judgehost-0  | Universal Time is now:  Sat Jul  6 14:53:32 UTC 2024.
judgehost-0  |
judgehost-0  | [ok] Container timezone set to: Asia/Tokyo
judgehost-0  |
judgehost-0  | [..] Setting up restapi file
judgehost-0  | [ok] Restapi file set up
judgehost-0  |
judgehost-0  | [..] Setting up cgroups
judgehost-0  | mkdir: cannot create directory '/sys/fs/cgroup/cpuset/domjudge': Read-only file system
judgehost-0  | mkdir: cannot create directory '/sys/fs/cgroup/memory/domjudge': Read-only file system
judgehost-0  | chown: cannot access '/sys/fs/cgroup/*/domjudge': No such file or directory
judgehost-0  | bin/create_cgroups: 41: cannot create /sys/fs/cgroup/cpuset/domjudge/cpuset.cpus: Directory nonexistent
judgehost-0  | bin/create_cgroups: 42: cannot create /sys/fs/cgroup/cpuset/domjudge/cpuset.mems: Directory nonexistent

When I launch the judgehost container without read-only permission, it runs successfully. However, I'm not sure if this is intended because running with write permission may be a strong requirement. Therefore, I would like the maintainers to modify either:

I executed the docker commands with domjudge/judgehost:8.2.2 on Ubuntu 22.04.

vmcj commented 2 months ago

Can you output the contents of /proc/cmdline?

ir5 commented 2 months ago

Here is the result of cat /proc/cmdline in my environment.

BOOT_IMAGE=/boot/vmlinuz-6.5.0-1023-gcp root=PARTUUID=3730d483-5600-4b0e-97c8-c0dccea2257c ro quiet cgroup_enable=memory swapaccount=1 systemd.unified_cgroup_hierarchy=0 panic=-1