search

google / gvisor-containerd-shim

containerd shim for gVisor
https://gvisor.dev
Apache License 2.0
79 stars 30 forks source link

Abnormal termination with `plugins.cri.systemd_cgroup = true` #41

Closed asyncmax closed 4 years ago

asyncmax commented 4 years ago

A configuration as below:

cat > /etc/containerd/config.toml <<EOF
disabled_plugins = ["restart"]

# This `plugins.cri.systemd_cgroup = true`  setting causes a problem in gvisor-containerd-shim
[plugins.cri]
  systemd_cgroup = true

[plugins.linux]
  shim = "/usr/local/bin/gvisor-containerd-shim"
  shim_debug = true

[plugins.cri.containerd.runtimes.runsc]
  runtime_type = "io.containerd.runtime.v1.linux"
  runtime_engine = "/usr/local/bin/runsc"
  runtime_root = "/run/containerd/runsc"
EOF

ends up with an abnormal termination of the shim as below:

Oct 25 16:44:59 ip-10-252-91-13 containerd[672]: flag provided but not defined: -systemd-cgroup
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]: Usage of /usr/local/bin/gvisor-containerd-shim:
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:   -address string
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:             grpc address back to main containerd
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:   -config string
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:             path to the shim configuration file (default "/etc/containerd/gvisor-containerd-shim.toml")
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:   -containerd-binary containerd publish
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:             path to containerd binary (used for containerd publish) (default "containerd")
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:   -debug
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:             enable debug output in logs
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:   -namespace string
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:             namespace that owns the shim
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:   -runtime-root string
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:             root directory for the runtime (default "/run/containerd/runc")
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:   -socket string
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:             abstract socket path to serve
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:   -workdir string
Oct 25 16:44:59 ip-10-252-91-13 containerd[672]:             path used to storge large temporary data

If I remove the plugins.cri.systemd_cgroup = true setting, everything works fine.

I used the following versions for testing:

ianlewis commented 4 years ago

Hi, runsc doesn't support systemd cgroups currently. We currently only support cgroupfs.

https://github.com/google/gvisor/issues/193

asyncmax commented 4 years ago

Thank you!

ianlewis commented 4 years ago

This should work when https://github.com/google/gvisor/issues/193 is fixed so I'm going to close this. Please follow https://github.com/google/gvisor/issues/193 for updates.