search

btholt / complete-intro-to-containers

The Complete Intro to Containers! As taught on Frontend Masters.
https://frontendmasters.com/courses/complete-intro-containers/
Other
941 stars 186 forks source link

`cgcreate` fails. Cgroup not mounted. #87

Open DrOptix opened 7 months ago

DrOptix commented 7 months ago

I created this script to automate the cgroups creation:

#!/bin/bash

# Create a new cgroup
cgcreate -g cpu,memory,blkio,devices,freezer:/sandbox

# Add the jail to the cgroup
# TODO: Find a way to get the jail PID automatically
cgclassify -g cpu,memory,blkio,devices,freezer:sandbox $1

# List tasks associated to the sandbox cgroup, we should
# see the above PID
cat /sys/fs/cgroup/cpu/sandbox/tasks

# Limit usage at 5% for a multi core system
cgset -r cpu.cfs_period_us=100000 \
    -r cpu.cfs_quota_us=$[ 5000 * $(getconf _NPROCESSORS_ONLN) ] \
    sandbox

# Set a limit of 80M
cgset -r memory.limit_in_bytes=80M sandbox

It fails with:

root@30dc1f2265b2:/work/chroot# ./setup_cgroups.sh
cgcreate: libcgroup initialization failed: Cgroup is not mounted
cgclassify: libcgroup initialization failed: Cgroup is not mounted
cat: /sys/fs/cgroup/cpu/sandbox/tasks: No such file or directory
cgset: libcgroup initialization failed: Cgroup is not mounted
cgset: libcgroup initialization failed: Cgroup is not mounted

I don't get why it's going mad. I'm using also an Ubuntu Bionic base image for my chroot.

codemaestro commented 5 months ago

I was going to suggest that based on the cgroups lesson page, the course was last reviewed 5 years ago. But that shouldn't be a problem if we're all running within an ubuntu:bionic container. I'm skipping these manual lessons and moving ahead to the pre-configured stuff.

DrOptix commented 5 months ago

It's a bit of both. From my research it seems to be something related to cgroups vs cgroups v2. I did not have time to fully wrap my head around it so I dropped this research.

Also you have to keep in mind that containers are not VMs, they use the underling host kernel. Because of this if the host kernel does not provide something or has a regression introduced, your container won't work.

I have a case like this at work where I have to stay on Kernel 6.6.x because after that a regression was introduced and because of that I could not launch Docker images of Microsoft SQL Server, mcr.microsoft.com/mssql/server:2019-latest to be exact. Periodically I boot a newer kernel to see if they fixed, but no luck so far.

I'll keep this issue open. If @btholt decided to close it I'm fine with closing it.

btholt commented 5 months ago

This is indeed broken. I tried to fix it for v1 of this course but it was so different that I'm actually heading back to re-record it in May.

btholt commented 4 months ago

I just finished rewriting the section for v2 if you want to preview the next version of the course

https://containers-v2.holt.courses/lessons/crafting-containers-by-hand/cgroups