Closed acziryak closed 1 year ago
Not sure how cephcsi is deployed, you need to use root user and privileged access to run cephcsi
@Madhu-1 per the Instructions followed in https://docs.ceph.com/en/latest/rbd/rbd-nomad/
I am running quay.io/cephcsi/cephcsi
.
This results in the following processes:
root 1541944 1541923 0 Feb17 ? 00:00:12 /sbin/docker-init -- /usr/local/bin/cephcsi --type=rbd --drivername=rbd.csi.ceph.com --nodeserver=true --endpoint=unix://csi/csi.sock --nodeid=ind-test-nomad-worker11 --instanceid=ind-test-nomad-worker11-nodes --pidlimit=-1 --logtostderr=true --v=5 --metricsport=27522
root 1541956 1541944 0 Feb17 ? 00:00:59 /usr/local/bin/cephcsi --type=rbd --drivername=rbd.csi.ceph.com --nodeserver=true --endpoint=unix://csi/csi.sock --nodeid=ind-test-nomad-worker11 --instanceid=ind-test-nomad-worker11-nodes --pidlimit=-1 --logtostderr=true --v=5 --metricsport=27522
EDIT: This is with user namespacing enabled. Is this plugin incompatible with that?
Docker logs seem to indicate that this was created with the UsernsMode
as host
:
Feb 21 11:50:06 ind-test-nomad-worker12 dockerd[1888307]: time="2023-02-21T11:50:06.389976821-05:00" level=debug msg="form data: {\"Cmd\":[\"--type=rbd\",\"--drivername=rbd.csi.ceph.com\",\"--nodeserver=true\",\"--endpoint=unix://csi/csi.sock\",\"--nodeid=ind-test-nomad-worker12\",\"--instanceid=ind-test-nomad-worker12-nodes\",\"--pidlimit=-1\",\"--logtostderr=true\",\"--v=5\",\"--metricsport=22039\"],\"Entrypoint\":null,\"Env\":[\"CSI_ENDPOINT=unix:///csi/csi.sock\",\"NOMAD_ADDR_metrics=10.2.42.209:22039\",\"NOMAD_ALLOC_DIR=/alloc\",\"NO
MAD_ALLOC_ID=e4fb0742-5d96-c08a-b10e-13195a0a9c3a\",\"NOMAD_ALLOC_INDEX=0\",\"NOMAD_ALLOC_NAME=ceph-csi-nodes-cephcsi-us-ind-test.ceph-csi-nodes-cephcsi-us-ind-test[0]\",\"NOMAD_ALLOC_PORT_metrics=22039\",\"NOMAD_CPU_LIMIT=500\",\"NOMAD_DC=ind-nonprod2\",\"NOMAD_GROUP_NAM
E=ceph-csi-nodes-cephcsi-us-ind-test\",\"NOMAD_HOST_ADDR_metrics=10.2.42.209:22039\",\"NOMAD_HOST_IP_metrics=10.2.42.209\",\"NOMAD_HOST_PORT_metrics=22039\",\"NOMAD_IP_metrics=10.2.42.209\",\"NOMAD_JOB_ID=ceph-csi-nodes-cephcsi-us-ind-test\",\"NOMAD_JOB_NAME=ceph-csi-nodes-cephcsi-us-ind-test\",\"NOMAD_MEMORY_LIMIT=256\",\"NOMAD_NAMESPACE=test\",\"NOMAD_PARENT_CGROUP=nomad.slice\",\"NOMAD_PORT_metrics=22039\",\"NOMAD_REGION=us\",\"NOMAD_SECRETS_DIR=/secrets\",\"NOMAD_SHORT_ALLOC_ID=e4fb0742\",\"NOMAD_TASK_DIR=/local\",\"NOMAD_TASK_NAME=ce
ph-csi-nodes-cephcsi-us-ind-test\"],\"HostConfig\":{\"Binds\":[\"/opt/nomad/data/alloc/e4fb0742-5d96-c08a-b10e-13195a0a9c3a/alloc:/alloc\",\"/opt/nomad/data/alloc/e4fb0742-5d96-c08a-b10e-13195a0a9c3a/ceph-csi-nodes-cephcsi-us-ind-test/local:/local\",\"/opt/nomad/data/allo
c/e4fb0742-5d96-c08a-b10e-13195a0a9c3a/ceph-csi-nodes-cephcsi-us-ind-test/secrets:/secrets\",\"/opt/nomad/data/alloc/e4fb0742-5d96-c08a-b10e-13195a0a9c3a/ceph-csi-nodes-cephcsi-us-ind-test/local/config.json:/etc/ceph-csi-config/config.json\"],\"CapDrop\":[\"net_raw\"],\"C
groupParent\":\"nomad.slice\",\"ConsoleSize\":[0,0],\"CpuShares\":500,\"LogConfig\":{\"Config\":{\"max-file\":\"2\",\"max-size\":\"2m\"},\"Type\":\"json-file\"},\"Memory\":268435456,\"MemorySwap\":268435456,\"MemorySwappiness\":0,\"Mounts\":[{\"Target\":\"/tmp/csi/keys\",
\"TmpfsOptions\":{\"SizeBytes\":1000000},\"Type\":\"tmpfs\"},{\"BindOptions\":{},\"Source\":\"/sys\",\"Target\":\"/sys\",\"Type\":\"bind\"},{\"BindOptions\":{\"Propagation\":\"rshared\"},\"Source\":\"/opt/nomad/data/client/csi/plugins/e4fb0742-5d96-c08a-b10e-13195a0a9c3a\",\"Target\":\"/csi\",\"Type\":\"bind\"},{\"BindOptions\":{\"Propagation\":\"rshared\"},\"Source\":\"/opt/nomad/data/client/csi/node/ceph-csi\",\"Target\":\"/local/csi\",\"Type\":\"bind\"},{\"BindOptions\":{\"Propagation\":\"rprivate\"},\"Source\":\"/dev\",\"Target\":\"/d
ev\",\"Type\":\"bind\"}],\"NetworkMode\":\"host\",\"PidsLimit\":0,\"Privileged\":true,\"RestartPolicy\":{},\"UsernsMode\":\"host\"},\"Image\":\"quay.io/cephcsi/cephcsi:v3.7.2\",\"Labels\":{\"com.hashicorp.nomad.alloc_id\":\"e4fb0742-5d96-c08a-b10e-13195a0a9c3a\"},\"User\"
:\"root\"}"
Per https://github.com/moby/moby/issues/28986, it does not seem like it is possible to run ceph-csi where the docker daemon has user namespacing (userns-remap
) enabled.
might be the issue not an expert on this, as its env issue nothing can be done in cephcsi for it.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in a week if no further activity occurs. Thank you for your contributions.
This issue has been automatically closed due to inactivity. Please re-open if this still requires investigation.
Describe the bug
csi_hook failed on container
Environment details
fuse
orkernel
. for rbd itskrbd
orrbd-nbd
) : krbdSteps to reproduce
Steps to reproduce the behavior:
Actual results
The Job does not even register as having started.
Expected behavior
The container should mount the volume and start up.
Logs
Nomad client logs:
CSI Node logs:
Additional context
Nomad Volume:
Nomad Job:
May be relevant: https://docs.docker.com/engine/security/userns-remap/#user-namespace-known-limitations
Instructions followed: https://docs.ceph.com/en/latest/rbd/rbd-nomad/