search

cneira / zcage

illumos zone manager
Mozilla Public License 2.0
38 stars 5 forks source link

docker container doesn't successfully boot #32

Closed bhechinger closed 4 years ago

bhechinger commented 4 years ago

Running this command: zcage create --net "nexus3|10.42.2.25/24|10.42.2.252" --docker sonatype/nexus3 latest --alias nexus3 --brand lx

Creates a zone that doesn't completely start. It very quickly gets to that last part and then it hangs.

[NOTICE: Zone booting up]
systemd 239 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy)
Detected virtualization container-other.
Detected architecture x86-64.

Welcome to Red Hat Enterprise Linux 8.0 (Ootpa)!

Set hostname to <localhost.localdomain>.
Failed to open netlink: Operation not permitted
Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Failed to get udev device from devnum 203:1: No such device
multi-user.target: Wants dependency dropin /etc/systemd/system/multi-user.target.wants/network.service target /etc/rc.d/init.d/network has different name
multi-user.target: Wants dependency dropin /etc/systemd/system/multi-user.target.wants/network.service target /etc/rc.d/init.d/network has different name
multi-user.target: Wants dependency dropin /etc/systemd/system/multi-user.target.wants/network.service target /etc/rc.d/init.d/network has different name
multi-user.target: Wants dependency dropin /etc/systemd/system/multi-user.target.wants/network.service target /etc/rc.d/init.d/network has different name
[  OK  ] Reached target Network is Online.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Listening on initctl Compatibility Named Pipe.
[  OK  ] Started Dispatch Password Requests to Console Directory Watch.
[  OK  ] Reached target Slices.
[  OK  ] Listening on Journal Socket (/dev/log).
[  OK  ] Listening on Journal Socket.
         Starting Journal Service...
         Starting Read and set NIS domainname from /etc/sysconfig/network...
[  OK  ] Started Forward Password Requests to Wall Directory Watch.
[  OK  ] Reached target Swap.
[  OK  ] Reached target Local File Systems.
[  OK  ] Listening on Process Core Dump Socket.
[  OK  ] Reached target Paths.
[  OK  ] Started Read and set NIS domainname from /etc/sysconfig/network.
[  OK  ] Started Journal Service.
         Starting Flush Journal to Persistent Storage...
<46>systemd-journald[3715]: Received request to flush runtime journal from PID 1
[  OK  ] Started Flush Journal to Persistent Storage.
         Starting Create Volatile Files and Directories...
[  OK  ] Started Create Volatile Files and Directories.
         Starting Update UTMP about System Boot/Shutdown...
[  OK  ] Started Update UTMP about System Boot/Shutdown.
[  OK  ] Reached target System Initialization.
[  OK  ] Started dnf makecache --timer.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Basic System.
[  OK  ] Started D-Bus System Message Bus.
         Starting Permit User Sessions...
[  OK  ] Started Daily Cleanup of Temporary Directories.
[  OK  ] Reached target Timers.
[  OK  ] Started Permit User Sessions.
[  OK  ] Reached target Multi-User System.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.
cneira commented 4 years ago

@bhechinger I'll take a look.

cneira commented 4 years ago

@bhechinger I just tested and is working on my side :

eirac@dazzler:~/zcage$ ./zcage list                                                                                                              
UUID                                 TYPE    STATE   RAM            ALIAS                CREATED
d1e4d266-da1f-6f02-e2e7-cbb9a4a3f45e LX     running  1024M      nexus3                
neirac@dazzler:~/zcage$ zlogin nexus3                                                                                                             
zlogin: You lack sufficient privilege to run this command (all privs required)
neirac@dazzler:~/zcage$ pfexec zlogin nexus3                                                                                                      
[Connected to zone 'nexus3' pts/3]
Last login: Wed Dec  4 10:29:45 from zone:global
[root@nexus3 ~]#

Try running with debug 

$ zcage create --debug --net "nexus3|10.42.2.25/24|10.42.2.252" --docker sonatype/nexus3 latest --alias nexus3 --brand lx
bhechinger commented 4 years ago

Here is the output with debugging:

wonko@basket:~/lx_images$ zcage create --debug --net "nexus3|10.42.2.25/24|10.42.2.252" --docker sonatype/nexus3 latest --alias nexus3 --brand lx
CreateOptions  {
    "brand": "lx",
    "ram": "1gb",
    "quota": "10G",
    "debug": true,
    "net": [
        "nexus3|10.42.2.25/24|10.42.2.252"
    ],
    "docker": [
        "sonatype/nexus3",
        "latest"
    ],
    "alias": "nexus3"
}
return rc =  true
[ 'nexus3|10.42.2.25/24|10.42.2.252' ]
network is  [ { physical: 'nexus3',
    address: '10.42.2.25',
    netmask: '255.255.255.0',
    gateway: '10.42.2.252' } ]
addrctl for undefined {
    "brand": "lx",
    "ram": "1gb",
    "quota": "10G",
    "debug": true,
    "net": [
        {
            "physical": "nexus3",
            "address": "10.42.2.25",
            "netmask": "255.255.255.0",
            "gateway": "10.42.2.252"
        }
    ],
    "docker": [
        "sonatype/nexus3",
        "latest"
    ],
    "zonepath": "/zcage/vms/nexus3",
    "alias": "nexus3"
}
rctl object {
    "max-physical-memory": "1073741824",
    "max-locked-memory": "1073741824",
    "max-swap": "2147483648",
    "cpu-shares": "2048",
    "max-lwps": "3000",
    "quota": "10G"
}
createOptions:  {
    "brand": "lx",
    "debug": true,
    "net": [
        {
            "physical": "nexus3",
            "address": "10.42.2.25",
            "netmask": "255.255.255.0",
            "gateway": "10.42.2.252"
        }
    ],
    "docker": [
        "sonatype/nexus3",
        "latest"
    ],
    "zonepath": "/zcage/vms/nexus3",
    "alias": "nexus3",
    "rctl": {
        "max-physical-memory": "1073741824",
        "max-locked-memory": "1073741824",
        "max-swap": "2147483648",
        "cpu-shares": "2048",
        "max-lwps": "3000",
        "quota": "10G"
    }
}
spec {
    "zonepath": "/zcage/vms/nexus3",
    "brand": "lx",
    "ip-type": "exclusive",
    "dns-domain": "",
    "resolvers": [
        "8.8.8.8",
        "8.8.8.4"
    ],
    "autoboot": false,
    "debug": true,
    "net": [
        {
            "physical": "nexus3",
            "address": "10.42.2.25",
            "netmask": "255.255.255.0",
            "gateway": "10.42.2.252"
        }
    ],
    "docker": [
        "sonatype/nexus3",
        "latest"
    ],
    "alias": "nexus3",
    "rctl": {
        "max-physical-memory": "1073741824",
        "max-locked-memory": "1073741824",
        "max-swap": "2147483648",
        "cpu-shares": "2048",
        "max-lwps": "3000",
        "quota": "10G"
    }
}
VM undefined
spec2script [ 'create',
  'add attr',
  'set name=kernel-version',
  'set type=string',
  'set value=3.16.0',
  'end',
  ' set zonepath=/zcage/vms/nexus3',
  ' set brand=lx',
  ' set ip-type=exclusive',
  'add attr',
  'set name=resolvers',
  'set type=string',
  'set value=8.8.8.8,8.8.8.4',
  'end',
  ' set autoboot=false',
  ' add net ',
  'set physical=nexus3',
  'set allowed-address=10.42.2.25/24',
  '',
  'set defrouter=10.42.2.252',
  ' end',
  'add rctl',
  'set name=zone.max-physical-memory',
  'add value (priv=privileged,limit=1073741824,action=deny)',
  'end',
  ' add rctl',
  'set name=zone.max-locked-memory',
  'add value (priv=privileged,limit=1073741824,action=deny)',
  'end',
  ' add rctl',
  'set name=zone.max-swap',
  'add value (priv=privileged,limit=2147483648,action=deny)',
  'end',
  ' set cpu-shares=2048',
  'add rctl',
  'set name=zone.max-lwps',
  'add value (priv=privileged,limit=3000,action=deny)',
  'end',
  ' add attr',
  ' set name=quota',
  'set type=string',
  ' set value=10G',
  'end',
  '',
  'verify',
  ' commit',
  '' ]
zone_spec: {
    "zonepath": "/zcage/vms/nexus3",
    "brand": "lx",
    "ip-type": "exclusive",
    "dns-domain": "",
    "resolvers": [
        "8.8.8.8",
        "8.8.8.4"
    ],
    "autoboot": false,
    "debug": true,
    "net": [
        {
            "physical": "nexus3",
            "address": "10.42.2.25",
            "netmask": "255.255.255.0",
            "gateway": "10.42.2.252"
        }
    ],
    "docker": [
        "sonatype/nexus3",
        "latest"
    ],
    "alias": "nexus3",
    "rctl": {
        "max-physical-memory": "1073741824",
        "max-locked-memory": "1073741824",
        "max-swap": "2147483648",
        "cpu-shares": "2048",
        "max-lwps": "3000",
        "quota": "10G"
    }
}
spec2script: create;add attr;set name=kernel-version;set type=string;set value=3.16.0;end; set zonepath=/zcage/vms/nexus3; set brand=lx; set ip-type=exclusive;add attr;set name=resolvers;set type=string;set value=8.8.8.8,8.8.8.4;end; set autoboot=false; add net ;set physical=nexus3;set allowed-address=10.42.2.25/24;;set defrouter=10.42.2.252; end;add rctl;set name=zone.max-physical-memory;add value (priv=privileged,limit=1073741824,action=deny);end; add rctl;set name=zone.max-locked-memory;add value (priv=privileged,limit=1073741824,action=deny);end; add rctl;set name=zone.max-swap;add value (priv=privileged,limit=2147483648,action=deny);end; set cpu-shares=2048;add rctl;set name=zone.max-lwps;add value (priv=privileged,limit=3000,action=deny);end; add attr; set name=quota;set type=string; set value=10G;end;;verify; commit;
configuring zone  
docker tags installing  [ 'sonatype/nexus3', 'latest' ]
docker image pulled: /zcage/images/docker-nexus3-latest-6f5541a1-5751-695a-a3cc-986aa71bf283.gz

zoneadm: install returned   A ZFS file system has been created for this zone.

Setting quota=10G on dataset tank/zcage/vms/nexus3
setting zfs quota 
Adding metadata: add attr; set type=string;set name=CreatedAt;set value=2019-12-04T17:55:45.830Z;end;verify;commit
Adding metadata: add attr; set type=string;set name=UpdatedAt;set value=2019-12-04T17:55:45.928Z;end;verify;commit
nexus3 created [OK] 
nexus3 started [OK] 
starting zone

But I get nothing on the console:

wonko@basket:~/lx_images$ pfexec zlogin nexus3
[Connected to zone 'nexus3' pts/4]
login: timed out after 60 seconds
[Connection to zone 'nexus3' pts/4 closed]
bhechinger commented 4 years ago 
wonko@basket:$ uname -a
SunOS basket 5.11 omnios-r151032-702376803e i86pc i386 i86pc illumos

In case this ends up being version specific.

cneira commented 4 years ago

@bhechinger Is 10.42.2.252 your gateway? I'm unable to reproduce your issue.

bhechinger commented 4 years ago

Yes it is.

cneira commented 4 years ago

@bhechinger

Have you tried this again? could you pull master I just tried using your exact arguments and I'm able to login into the zone.

bhechinger commented 4 years ago

Ok, it works now. You must have tweaked something along the way. Woo!