search

containers / crun

A fast and lightweight fully featured OCI runtime and C library for running containers
GNU General Public License v2.0
2.99k stars 304 forks source link

Warning `Unit uses MemoryLimit=;` #1489

Closed MartinX3 closed 3 months ago

MartinX3 commented 6 months ago

Issue Description

Every day I get the journal warning Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon. about my podman pods.

Steps to reproduce the issue

Steps to reproduce the issue

  1. Have pods with memory limits.

Describe the results you received

Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon.

Describe the results you expected

The pods should use MemoryMax

podman info output

host:
  arch: amd64
  buildahVersion: 1.35.3
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: /usr/bin/conmon ist in conmon 1:2.1.10-1 enthalten
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: 2dcd736e46ded79a53339462bc251694b150f870'
  cpuUtilization:
    idlePercent: 99.37
    systemPercent: 0.59
    userPercent: 0.04
  cpus: 8
  databaseBackend: boltdb
  distribution:
    distribution: arch
    version: unknown
  eventLogger: journald
  freeLocks: 2012
  hostname: hostname
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.6.23-1-lts
  linkmode: dynamic
  logDriver: journald
  memFree: 1594126336
  memTotal: 33431990272
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: /usr/lib/podman/aardvark-dns ist in aardvark-dns 1.10.0-1 enthalten
      path: /usr/lib/podman/aardvark-dns
      version: aardvark-dns 1.10.0
    package: /usr/lib/podman/netavark ist in netavark 1.10.3-1 enthalten
    path: /usr/lib/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: /usr/bin/crun ist in crun 1.14.4-1 enthalten
    path: /usr/bin/crun
    version: |-
      crun version 1.14.4
      commit: a220ca661ce078f2c37b38c92e66cf66c012d9c1
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: /usr/bin/pasta ist in passt 2024_03_26.4988e2b-2 enthalten
    version: |
      pasta 2024_03_26.4988e2b
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 67607048192
  swapTotal: 67645722624
  uptime: 121h 4m 40.00s (Approximately 5.04 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries: {}
store:
  configFile: /home/hostname/.config/containers/storage.conf
  containerStore:
    number: 15
    paused: 0
    running: 13
    stopped: 2
  graphDriverName: btrfs
  graphOptions: {}
  graphRoot: /home/hostname/.local/share/containers/storage
  graphRootAllocated: 1965484457984
  graphRootUsed: 1344274178048
  graphStatus:
    Build Version: Btrfs v6.8
    Library Version: "102"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 73
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/hostname/.local/share/containers/storage/volumes
version:
  APIVersion: 5.0.1
  Built: 1712088128
  BuiltTime: Tue Apr  2 22:02:08 2024
  GitCommit: 946d055df324e4ed6c1e806b561af4740db4fea9-dirty
  GoVersion: go1.22.1
  Os: linux
  OsArch: linux/amd64
  Version: 5.0.1

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

Arch Linux with SystemD

Additional information

No response

Luap99 commented 6 months ago

I cannot find the string "MemoryLimit" in our code base at all which means podman is most likely not setting that.

I found it in crun so I guess crun configures the cgroup with that, @giuseppe PTAL

MartinX3 commented 5 months ago

I also see the warning cgroup compatibility translation between legacy and unified hierarchy settings activated. See cgroup-compat debug messages for details..

Arch Linux uses cgroup v2.

jasampson commented 5 months ago

I'm also having the same warnings.

I've using quadlet to generate files in /etc/container/systemd and in these files I see this line:

PodmanArgs=--memory 256m.

I can find a corresponding file in /run/systemd/transient, for example /run/systemd/transient/libpod-2edcbecbc2ac17882877dae8ba3f969b19476a7f0676b0c2d9c54cba9ed3e27f.scope.

In the .scope files in /run/systemd/transient there is a line like this which I think is the cause of the warning.

MemoryLimit=268435456

Luap99 commented 3 months ago

@giuseppe PTAL again

giuseppe commented 3 months ago

opened a PR: