search

google / gvisor-containerd-shim

containerd shim for gVisor
https://gvisor.dev
Apache License 2.0
79 stars 30 forks source link

Not able to start container in runsc #45

Closed alexcpn closed 4 years ago

alexcpn commented 4 years ago

I followed the instruction here https://github.com/google/gvisor-containerd-shim/blob/master/docs/runtime-handler-shim-v2-quickstart.md

( Installed continerd, conteinerd shim, and runsc - all are in the path, service is running)

I am getting the following error

[root@azuretest-2 ~]# sudo crictl -D  runp --runtime runsc sandbox.json 
DEBU[0000] RunPodSandboxRequest: &RunPodSandboxRequest{Config:&PodSandboxConfig{Metadata:&PodSandboxMetadata{Name:nginx-sandbox2,Uid:hdishd83djaidwnduwk28bcsb,Namespace:default,Attempt:1,},Hostname:,LogDirectory:/tmp,DnsConfig:nil,PortMappings:[],Labels:map[string]string{},Annotations:map[string]string{},Linux:&LinuxPodSandboxConfig{CgroupParent:,SecurityContext:nil,Sysctls:map[string]string{},},},RuntimeHandler:runsc,} 
DEBU[0000] RunPodSandboxResponse: nil                   
FATA[0000] run pod sandbox failed: rpc error: code = Unknown desc = failed to create containerd task: OCI runtime create failed: creating container: Sandbox: fork/exec /proc/self/exe: invalid argument: unknown

More logs

Jan 29 13:14:45 azuretest-2 containerd[22949]: time="2020-01-29T13:14:45.472182074+05:30" level=info msg="RunPodsandbox for &PodSandboxMetadata{Name:nginx-sandbox2,Uid:hdishd83djaidwnduwk28bcsb,Namespace:default,Attempt:1,}"
Jan 29 13:14:45 azuretest-2 containerd[22949]: time="2020-01-29T13:14:45.587956757+05:30" level=info msg="starting signal loop" namespace=k8s.io path=/run/containerd/io.containerd.runtime.v2.task/k8s.io/ed1cbf546456dafb50aa85018eba6c7161fddd2f1911b0fbbe895f19d43f7ca1 pid=31166
Jan 29 13:14:45 azuretest-2 containerd[22949]: time="2020-01-29T13:14:45.733567999+05:30" level=info msg="shim disconnected" id=ed1cbf546456dafb50aa85018eba6c7161fddd2f1911b0fbbe895f19d43f7ca1
Jan 29 13:14:45 azuretest-2 containerd[22949]: time="2020-01-29T13:14:45.836475312+05:30" level=error msg="RunPodSandbox for &PodSandboxMetadata{Name:nginx-sandbox2,Uid:hdishd83djaidwnduwk28bcsb,Namespace:default,Attempt:1,} failed, error" error="failed to create containerd task: OCI runtime create failed: creating container: Sandbox: fork/exec /proc/self/exe: invalid argument: unknown"

Note - with runc I am able to start the container (not sure if it is some permission issue?) sudo crictl -D runp --runtime runc sandbox.json

ianlewis commented 4 years ago

Hi,

The problem is likely that the runsc binary doesn't have the right permissions.

sudo chown root:root /path/to/runsc
sudo chmod 0755 /path/to/runsc

Let me know if that fixes it.

alexcpn commented 4 years ago

Thanks I tried that, did not help. I guess root cause is linux version

We require a Linux 3.17+ kernel. It looks like you are on 3.10. https://github.com/google/gvisor/issues/55#issuecomment-390713423

Mine is Centos which is on 3.10 uname -r 3.10.0-957.27.2.el7.x86_64

Thanks

ianlewis commented 4 years ago

@alexcpn Ok, thanks for the follow up!