[XU4] [4.14.0] Missing CGroup features needed for Docker

[ripps818]

After following the directions in the wiki and rebooting, it seems my docker daemon failed to start. After trying to start it manually, I get this error:

$ sudo dockerd INFO[2017-11-14T13:02:32.041945780-06:00] libcontainerd: new containerd process, pid: 7443 WARN[0000] containerd: low RLIMIT_NOFILE changing to max current=1024 max=1048576 INFO[2017-11-14T13:02:33.060850420-06:00] [graphdriver] using prior storage driver: overlay2 INFO[2017-11-14T13:02:45.041801713-06:00] Graph migration to content-addressability took 0.00 seconds WARN[2017-11-14T13:02:45.042206002-06:00] Your kernel does not support cgroup memory limit WARN[2017-11-14T13:02:45.042253127-06:00] Unable to find cpu cgroup in mounts
WARN[2017-11-14T13:02:45.042290293-06:00] Unable to find blkio cgroup in mounts
WARN[2017-11-14T13:02:45.042322252-06:00] Unable to find cpuset cgroup in mounts
WARN[2017-11-14T13:02:45.042432542-06:00] mountpoint for pids not found
Error starting daemon: Devices cgroup isn't mounted

It seems that a bunch of cgroup features are no longer enabled in the .config that are required for docker to function. Seeing that docker worked in the previous 4.9 ubuntu kernel, this is clearly a misconfiguration or a regression.

Just to be sure, I ran the docker check-config.sh and I got this output:

$ bash check-config.sh
info: reading kernel config from /proc/config.gz ...

Generally Necessary:

• cgroup hierarchy: nonexistent?? (see https://github.com/tianon/cgroupfs-mount)
• CONFIG_NAMESPACES: enabled
• CONFIG_NET_NS: enabled
• CONFIG_PID_NS: enabled
• CONFIG_IPC_NS: enabled
• CONFIG_UTS_NS: enabled
• CONFIG_CGROUPS: enabled
• CONFIG_CGROUP_CPUACCT: missing
• CONFIG_CGROUP_DEVICE: missing
• CONFIG_CGROUP_FREEZER: missing
• CONFIG_CGROUP_SCHED: missing
• CONFIG_CPUSETS: missing
• CONFIG_MEMCG: missing
• CONFIG_KEYS: enabled
• CONFIG_VETH: enabled (as module)
• CONFIG_BRIDGE: enabled (as module)
• CONFIG_BRIDGE_NETFILTER: enabled (as module)
• CONFIG_NF_NAT_IPV4: enabled (as module)
• CONFIG_IP_NF_FILTER: enabled (as module)
• CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
• CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
• CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
• CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
• CONFIG_IP_NF_NAT: enabled (as module)
• CONFIG_NF_NAT: enabled (as module)
• CONFIG_NF_NAT_NEEDED: enabled
• CONFIG_POSIX_MQUEUE: enabled

I'm currently rebuilding the kernel with the the required features enabled. I'll post an update if docker works.

[ripps818]

Okay, apparently I was messing around with the kernels too much my system woudln't boot anymore. I did a quick reinstall of the OS and then reinstalled the 4.14 kernel with the missing flags enabled, and docker started right up.

[tobetter]

@ripps818 Ok, I was making a patch to enable CGROUP flags. Few flags blocks boot successfully, I tried to enable most of them and other patches, but it may not help. Are you going to make a patch?

[tobetter]

@ripps818, finally I made two patches to enable kernel features necessary for LXC and Docker. I'ven't to run Docket yet, but many kernel features are enabled except CONFIG_CGROUP_PIDS since it fails to boot for some reason. Do you have any chance to test these patches or compare with yours?

[1] https://github.com/tobetter/linux/commit/08384d67803c65068e415756a2284546fc141ed1 [2] https://github.com/tobetter/linux/commit/de8488ec907c24929ecfe4e93c9aa90e2b05caeb

[ripps818]

I simply switched the following in .config:

CONFIG_CGROUP_CPUACCT=y CONFIG_CGROUP_DEVICE=y CONFIG_CGROUP_FREEZER=y CONFIG_CGROUP_SCHED=y CONFIG_CPUSETS=y CONFIG_MEMCG=y

And then just kept any requested flags as the default option. Sorry, I'm not terribly familiar with git.

[tobetter]

@ripps818 No worries, my patches are merged. https://github.com/hardkernel/linux/commit/b3ce010128eed16b886b4194cae6e3cca896ba75 https://github.com/hardkernel/linux/commit/2622e2488eda194a56f0da189d74ebd3d2fb5ba9