search

kata-containers / kata-containers

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
Apache License 2.0
5.56k stars 1.07k forks source link

Can't restart container when sharing namespace with another container #4756

Open MVJosh opened 2 years ago

MVJosh commented 2 years ago

Description of problem

When running a container with the kata runtime (via docker), if --network container:<other_container_id> is specified the kata container can start initially, but if it is restarted (for example after a crash) docker returns an error Error response from daemon: Cannot restart container <container_id>: failed to create shim task: OCI runtime create failed: Failed to add qdisc for network index 2 : file exists: unknown.

Note: I can run kata containers with their own networking stack just fine, and they restart without problem. It's only when sharing a network namespace with another container that the problem arises.

Steps to reproduce:

# Start parent container
docker run -d --name parent gcr.io/google_containers/pause-amd64:3.1

# Run a standalone container with kata to confirm kata runtime is working - this succeeds
docker run -d --name kata-standalone --runtime kata-runtime gcr.io/google_containers/pause-amd64:3.1
# Standalone kata container can be restarted successfully
docker restart kata-standalone
docker stop kata-standalone && docker rm kata-standalone

# Run a non-kata container in the parent container's namespace - this succeeds
parent_id=$(docker inspect --format '{{.Id}}' parent)
docker run -d --name child --network container:$parent_id  gcr.io/google_containers/pause-amd64:3.1
# Restart non-kata container in shared namespace - this succeeds
docker restart child
docker stop child && docker rm child

# Run a kata container in the parent container's network namespace - this succeeds, but it can't be restarted
docker run -d --name kata-child --network container:$parent_id --runtime kata-runtime  gcr.io/google_containers/pause-amd64:3.1
# Attempt to restart kata container in shared network namespace
docker restart kata-child

# This errors with:
# Error response from daemon: Cannot restart container kata-child: failed to create shim task: OCI runtime create failed: Failed to add qdisc for network index 2 : file exists: unknown

# Clean up
docker stop kata-child && docker rm kata-child
docker stop parent && docker rm parent

Expected result

Kata container in shared network namespace should restart successfully

Actual result

Docker fails to restart Kata container in shared network namespace with:

Error response from daemon: Cannot restart container kata-child: failed to create shim task: OCI runtime create failed: Failed to add qdisc for network index 2 : file exists: unknown

Further information

This is motivated by trying to run Kata containers in HashiCorp Nomad (using the Docker task driver). Nomad runs containers in a shared network namespaces by starting a parent "pause" container, then starting the main task container in the parent's namespace.

MVJosh commented 2 years ago
Show kata-collect-data.sh details

# Meta details Running `kata-collect-data.sh` version `1.13.0-alpha0 (commit )` at `2022-07-27.09:49:32.391809397+0000`. --- Runtime is `/usr/bin/kata-runtime`. # `kata-env` Output of "`/usr/bin/kata-runtime kata-env`": ```toml [Meta] Version = "1.0.24" [Runtime] Debug = false Trace = false DisableGuestSeccomp = true DisableNewNetNs = false SandboxCgroupOnly = false Path = "/usr/bin/kata-runtime" [Runtime.Version] OCI = "1.0.1-dev" [Runtime.Version.Version] Semver = "1.13.0-alpha0" Major = 1 Minor = 13 Patch = 0 Commit = "" [Runtime.Config] Path = "/usr/share/defaults/kata-containers/configuration.toml" [Hypervisor] MachineType = "pc" Version = "QEMU emulator version 5.0.0\nCopyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers" Path = "/usr/bin/qemu-vanilla-system-x86_64" BlockDeviceDriver = "virtio-scsi" EntropySource = "/dev/urandom" SharedFS = "virtio-9p" VirtioFSDaemon = "/usr/bin/virtiofsd" Msize9p = 8192 MemorySlots = 10 PCIeRootPort = 0 HotplugVFIOOnRootBus = false Debug = false UseVSock = false [Image] Path = "/usr/share/kata-containers/kata-containers-image_clearlinux_1.13.0-alpha0_agent_27b90c2690.img" [Kernel] Path = "/usr/share/kata-containers/vmlinuz-5.4.60.91-52.container" Parameters = "systemd.unit=kata-containers.target systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket scsi_mod.scan=none" [Initrd] Path = "" [Proxy] Type = "kataProxy" Path = "/usr/libexec/kata-containers/kata-proxy" Debug = false [Proxy.Version] Semver = "1.13.0-alpha0-5949d14" Major = 1 Minor = 13 Patch = 0 Commit = "<>" [Shim] Type = "kataShim" Path = "/usr/libexec/kata-containers/kata-shim" Debug = false [Shim.Version] Semver = "<>" Major = 0 Minor = 0 Patch = 0 Commit = "<>" [Agent] Type = "kata" Debug = false Trace = false TraceMode = "" TraceType = "" [Host] Kernel = "5.4.0-1081-aws" Architecture = "amd64" VMContainerCapable = true SupportVSocks = true [Host.Distro] Name = "Ubuntu" Version = "18.04" [Host.CPU] Vendor = "GenuineIntel" Model = "Intel(R) Xeon(R) Platinum 8124M CPU @ 3.00GHz" [Netmon] Path = "/usr/libexec/kata-containers/kata-netmon" Debug = false Enable = false [Netmon.Version] Semver = "1.13.0-alpha0" Major = 1 Minor = 13 Patch = 0 Commit = "<>" ``` --- # Runtime config files ## Runtime default config files ``` /etc/kata-containers/configuration.toml /usr/share/defaults/kata-containers/configuration.toml ``` ## Runtime config file contents Config file `/etc/kata-containers/configuration.toml` not found Output of "`cat "/usr/share/defaults/kata-containers/configuration.toml"`": ```toml # Copyright (c) 2017-2019 Intel Corporation # # SPDX-License-Identifier: Apache-2.0 # # XXX: WARNING: this file is auto-generated. # XXX: # XXX: Source file: "cli/config/configuration-qemu.toml.in" # XXX: Project: # XXX: Name: Kata Containers # XXX: Type: kata [hypervisor.qemu] path = "/usr/bin/qemu-vanilla-system-x86_64" kernel = "/usr/share/kata-containers/vmlinuz.container" image = "/usr/share/kata-containers/kata-containers.img" machine_type = "pc" # List of valid annotation names for the hypervisor # Each member of the list is a regular expression, which is the base name # of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path" # The default if not set is empty (all annotations rejected.) # Your distribution recommends: [".*"] enable_annotations = [".*"] # List of valid annotation values for the hypervisor path # Each member of the list is a path pattern as described by glob(3). # The default if not set is empty (all annotations rejected.) # Your distribution recommends: ["/usr/bin/qemu-vanilla-system-x86_64"] valid_hypervisor_paths = ["/usr/bin/qemu-vanilla-system-x86_64"] # Optional space-separated list of options to pass to the guest kernel. # For example, use `kernel_params = "vsyscall=emulate"` if you are having # trouble running pre-2.15 glibc. # # WARNING: - any parameter specified here will take priority over the default # parameter value of the same name used to start the virtual machine. # Do not set values here unless you understand the impact of doing so as you # may stop the virtual machine from booting. # To see the list of default parameters, enable hypervisor debug, create a # container and look for 'default-kernel-parameters' log entries. kernel_params = "" # Path to the firmware. # If you want that qemu uses the default firmware leave this option empty firmware = "" # Machine accelerators # comma-separated list of machine accelerators to pass to the hypervisor. # For example, `machine_accelerators = "nosmm,nosmbus,nosata,nopit,static-prt,nofw"` machine_accelerators="" # CPU features # comma-separated list of cpu features to pass to the cpu # For example, `cpu_features = "pmu=off,vmx=off" cpu_features="pmu=off" # Default number of vCPUs per SB/VM: # unspecified or 0 --> will be set to 1 # < 0 --> will be set to the actual number of physical cores # > 0 <= number of physical cores --> will be set to the specified number # > number of physical cores --> will be set to the actual number of physical cores default_vcpus = 1 # Default maximum number of vCPUs per SB/VM: # unspecified or == 0 --> will be set to the actual number of physical cores or to the maximum number # of vCPUs supported by KVM if that number is exceeded # > 0 <= number of physical cores --> will be set to the specified number # > number of physical cores --> will be set to the actual number of physical cores or to the maximum number # of vCPUs supported by KVM if that number is exceeded # WARNING: Depending of the architecture, the maximum number of vCPUs supported by KVM is used when # the actual number of physical cores is greater than it. # WARNING: Be aware that this value impacts the virtual machine's memory footprint and CPU # the hotplug functionality. For example, `default_maxvcpus = 240` specifies that until 240 vCPUs # can be added to a SB/VM, but the memory footprint will be big. Another example, with # `default_maxvcpus = 8` the memory footprint will be small, but 8 will be the maximum number of # vCPUs supported by the SB/VM. In general, we recommend that you do not edit this variable, # unless you know what are you doing. # NOTICE: on arm platform with gicv2 interrupt controller, set it to 8. default_maxvcpus = 0 # Bridges can be used to hot plug devices. # Limitations: # * Currently only pci bridges are supported # * Until 30 devices per bridge can be hot plugged. # * Until 5 PCI bridges can be cold plugged per VM. # This limitation could be a bug in qemu or in the kernel # Default number of bridges per SB/VM: # unspecified or 0 --> will be set to 1 # > 1 <= 5 --> will be set to the specified number # > 5 --> will be set to 5 default_bridges = 1 # Default memory size in MiB for SB/VM. # If unspecified then it will be set 2048 MiB. default_memory = 2048 # # Default memory slots per SB/VM. # If unspecified then it will be set 10. # This is will determine the times that memory will be hotadded to sandbox/VM. #memory_slots = 10 # The size in MiB will be plused to max memory of hypervisor. # It is the memory address space for the NVDIMM devie. # If set block storage driver (block_device_driver) to "nvdimm", # should set memory_offset to the size of block device. # Default 0 #memory_offset = 0 # Specifies virtio-mem will be enabled or not. # Please note that this option should be used with the command # "echo 1 > /proc/sys/vm/overcommit_memory". # Default false #enable_virtio_mem = true # Disable block device from being used for a container's rootfs. # In case of a storage driver like devicemapper where a container's # root file system is backed by a block device, the block device is passed # directly to the hypervisor for performance reasons. # This flag prevents the block device from being passed to the hypervisor, # 9pfs is used instead to pass the rootfs. disable_block_device_use = false # Shared file system type: # - virtio-9p (default) # - virtio-fs shared_fs = "virtio-9p" # Path to vhost-user-fs daemon. virtio_fs_daemon = "/usr/bin/virtiofsd" # List of valid annotation values for the virtiofs daemon path # Each member of the list is a path pattern as described by glob(3). # The default if not set is empty (all annotations rejected.) # Your distribution recommends: ["/usr/bin/virtiofsd"] valid_virtio_fs_daemon_paths = ["/usr/bin/virtiofsd"] # Default size of DAX cache in MiB virtio_fs_cache_size = 0 # Extra args for virtiofsd daemon # # Format example: # ["-o", "arg1=xxx,arg2", "-o", "hello world", "--arg3=yyy"] # # see `virtiofsd -h` for possible options. virtio_fs_extra_args = [] # Cache mode: # # - none # Metadata, data, and pathname lookup are not cached in guest. They are # always fetched from host and any changes are immediately pushed to host. # # - auto # Metadata and pathname lookup cache expires after a configured amount of # time (default is 1 second). Data is cached while the file is open (close # to open consistency). # # - always # Metadata, data, and pathname lookup are cached in guest and never expire. virtio_fs_cache = "auto" # Block storage driver to be used for the hypervisor in case the container # rootfs is backed by a block device. This is virtio-scsi, virtio-blk # or nvdimm. block_device_driver = "virtio-scsi" # Specifies cache-related options will be set to block devices or not. # Default false #block_device_cache_set = true # Specifies cache-related options for block devices. # Denotes whether use of O_DIRECT (bypass the host page cache) is enabled. # Default false #block_device_cache_direct = true # Specifies cache-related options for block devices. # Denotes whether flush requests for the device are ignored. # Default false #block_device_cache_noflush = true # Enable iothreads (data-plane) to be used. This causes IO to be # handled in a separate IO thread. This is currently only implemented # for SCSI. # enable_iothreads = false # Enable pre allocation of VM RAM, default false # Enabling this will result in lower container density # as all of the memory will be allocated and locked # This is useful when you want to reserve all the memory # upfront or in the cases where you want memory latencies # to be very predictable # Default false #enable_mem_prealloc = true # Enable huge pages for VM RAM, default false # Enabling this will result in the VM memory # being allocated using huge pages. # This is useful when you want to use vhost-user network # stacks within the container. This will automatically # result in memory pre allocation #enable_hugepages = true # Enable vhost-user storage device, default false # Enabling this will result in some Linux reserved block type # major range 240-254 being chosen to represent vhost-user devices. enable_vhost_user_store = false # The base directory specifically used for vhost-user devices. # Its sub-path "block" is used for block devices; "block/sockets" is # where we expect vhost-user sockets to live; "block/devices" is where # simulated block device nodes for vhost-user devices to live. vhost_user_store_path = "/var/run/kata-containers/vhost-user" # Enable vIOMMU, default false # Enabling this will result in the VM having a vIOMMU device # This will also add the following options to the kernel's # command line: intel_iommu=on,iommu=pt #enable_iommu = true # Enable IOMMU_PLATFORM, default false # Enabling this will result in the VM device having iommu_platform=on set #enable_iommu_platform = true # List of valid annotation values for the vhost user store path # Each member of the list is a path pattern as described by glob(3). # The default if not set is empty (all annotations rejected.) # Your distribution recommends: ["/var/run/kata-containers/vhost-user"] valid_vhost_user_store_paths = ["/var/run/kata-containers/vhost-user"] # Enable file based guest memory support. The default is an empty string which # will disable this feature. In the case of virtio-fs, this is enabled # automatically and '/dev/shm' is used as the backing folder. # This option will be ignored if VM templating is enabled. #file_mem_backend = "" # List of valid annotation values for the file_mem_backend path # Each member of the list is a path pattern as described by glob(3). # The default if not set is empty (all annotations rejected.) # Your distribution recommends: [""] valid_file_mem_backends = [""] # Enable swap of vm memory. Default false. # The behaviour is undefined if mem_prealloc is also set to true #enable_swap = true # This option changes the default hypervisor and kernel parameters # to enable debug output where available. This extra output is added # to the proxy logs, but only when proxy debug is also enabled. # # Default false #enable_debug = true # Disable the customizations done in the runtime when it detects # that it is running on top a VMM. This will result in the runtime # behaving as it would when running on bare metal. # #disable_nesting_checks = true # This is the msize used for 9p shares. It is the number of bytes # used for 9p packet payload. #msize_9p = 8192 # If true and vsocks are supported, use vsocks to communicate directly # with the agent and no proxy is started, otherwise use unix # sockets and start a proxy to communicate with the agent. # Default false #use_vsock = true # If false and nvdimm is supported, use nvdimm device to plug guest image. # Otherwise virtio-block device is used. # Default is false #disable_image_nvdimm = true # VFIO devices are hotplugged on a bridge by default. # Enable hotplugging on root bus. This may be required for devices with # a large PCI bar, as this is a current limitation with hotplugging on # a bridge. This value is valid for "pc" machine type. # Default false #hotplug_vfio_on_root_bus = true # Before hot plugging a PCIe device, you need to add a pcie_root_port device. # Use this parameter when using some large PCI bar devices, such as Nvidia GPU # The value means the number of pcie_root_port # This value is valid when hotplug_vfio_on_root_bus is true and machine_type is "q35" # Default 0 #pcie_root_port = 2 # If vhost-net backend for virtio-net is not desired, set to true. Default is false, which trades off # security (vhost-net runs ring0) for network I/O performance. #disable_vhost_net = true # # Default entropy source. # The path to a host source of entropy (including a real hardware RNG) # /dev/urandom and /dev/random are two main options. # Be aware that /dev/random is a blocking source of entropy. If the host # runs out of entropy, the VMs boot time will increase leading to get startup # timeouts. # The source of entropy /dev/urandom is non-blocking and provides a # generally acceptable source of entropy. It should work well for pretty much # all practical purposes. #entropy_source= "/dev/urandom" # Path to OCI hook binaries in the *guest rootfs*. # This does not affect host-side hooks which must instead be added to # the OCI spec passed to the runtime. # # You can create a rootfs with hooks by customizing the osbuilder scripts: # https://github.com/kata-containers/osbuilder # # Hooks must be stored in a subdirectory of guest_hook_path according to their # hook type, i.e. "guest_hook_path/{prestart,postart,poststop}". # The agent will scan these directories for executable files and add them, in # lexicographical order, to the lifecycle of the guest container. # Hooks are executed in the runtime namespace of the guest. See the official documentation: # https://github.com/opencontainers/runtime-spec/blob/v1.0.1/config.md#posix-platform-hooks # Warnings will be logged if any error is encountered will scanning for hooks, # but it will not abort container execution. #guest_hook_path = "/usr/share/oci/hooks" [factory] # VM templating support. Once enabled, new VMs are created from template # using vm cloning. They will share the same initial kernel, initramfs and # agent memory by mapping it readonly. It helps speeding up new container # creation and saves a lot of memory if there are many kata containers running # on the same host. # # When disabled, new VMs are created from scratch. # # Note: Requires "initrd=" to be set ("image=" is not supported). # # Default false #enable_template = true # Specifies the path of template. # # Default "/run/vc/vm/template" #template_path = "/run/vc/vm/template" # The number of caches of VMCache: # unspecified or == 0 --> VMCache is disabled # > 0 --> will be set to the specified number # # VMCache is a function that creates VMs as caches before using it. # It helps speed up new container creation. # The function consists of a server and some clients communicating # through Unix socket. The protocol is gRPC in protocols/cache/cache.proto. # The VMCache server will create some VMs and cache them by factory cache. # It will convert the VM to gRPC format and transport it when gets # requestion from clients. # Factory grpccache is the VMCache client. It will request gRPC format # VM and convert it back to a VM. If VMCache function is enabled, # kata-runtime will request VM from factory grpccache when it creates # a new sandbox. # # Default 0 #vm_cache_number = 0 # Specify the address of the Unix socket that is used by VMCache. # # Default /var/run/kata-containers/cache.sock #vm_cache_endpoint = "/var/run/kata-containers/cache.sock" # -pflash can add image file to VM. The arguments of it should be in format # of ["/path/to/flash0.img", "/path/to/flash1.img"] #pflashes = [] [proxy.kata] path = "/usr/libexec/kata-containers/kata-proxy" # If enabled, proxy messages will be sent to the system log # (default: disabled) #enable_debug = true [shim.kata] path = "/usr/libexec/kata-containers/kata-shim" # If enabled, shim messages will be sent to the system log # (default: disabled) #enable_debug = true # If enabled, the shim will create opentracing.io traces and spans. # (See https://www.jaegertracing.io/docs/getting-started). # # Note: By default, the shim runs in a separate network namespace. Therefore, # to allow it to send trace details to the Jaeger agent running on the host, # it is necessary to set 'disable_new_netns=true' so that it runs in the host # network namespace. # # (default: disabled) #enable_tracing = true [agent.kata] # If enabled, make the agent display debug-level messages. # (default: disabled) #enable_debug = true # Enable agent tracing. # # If enabled, the default trace mode is "dynamic" and the # default trace type is "isolated". The trace mode and type are set # explicity with the `trace_type=` and `trace_mode=` options. # # Notes: # # - Tracing is ONLY enabled when `enable_tracing` is set: explicitly # setting `trace_mode=` and/or `trace_type=` without setting `enable_tracing` # will NOT activate agent tracing. # # - See https://github.com/kata-containers/agent/blob/master/TRACING.md for # full details. # # (default: disabled) #enable_tracing = true # #trace_mode = "dynamic" #trace_type = "isolated" # Comma separated list of kernel modules and their parameters. # These modules will be loaded in the guest kernel using modprobe(8). # The following example can be used to load two kernel modules with parameters # - kernel_modules=["e1000e InterruptThrottleRate=3000,3000,3000 EEE=1", "i915 enable_ppgtt=0"] # The first word is considered as the module name and the rest as its parameters. # Container will not be started when: # * A kernel module is specified and the modprobe command is not installed in the guest # or it fails loading the module. # * The module is not available in the guest or it doesn't met the guest kernel # requirements, like architecture and version. # kernel_modules=[] [netmon] # If enabled, the network monitoring process gets started when the # sandbox is created. This allows for the detection of some additional # network being added to the existing network namespace, after the # sandbox has been created. # (default: disabled) #enable_netmon = true # Specify the path to the netmon binary. path = "/usr/libexec/kata-containers/kata-netmon" # If enabled, netmon messages will be sent to the system log # (default: disabled) #enable_debug = true [runtime] # If enabled, the runtime will log additional debug messages to the # system log # (default: disabled) #enable_debug = true # # Internetworking model # Determines how the VM should be connected to the # the container network interface # Options: # # - macvtap # Used when the Container network interface can be bridged using # macvtap. # # - none # Used when customize network. Only creates a tap device. No veth pair. # # - tcfilter # Uses tc filter rules to redirect traffic from the network interface # provided by plugin to a tap interface connected to the VM. # internetworking_model="tcfilter" # disable guest seccomp # Determines whether container seccomp profiles are passed to the virtual # machine and applied by the kata agent. If set to true, seccomp is not applied # within the guest # (default: true) disable_guest_seccomp=true # If enabled, the runtime will create opentracing.io traces and spans. # (See https://www.jaegertracing.io/docs/getting-started). # (default: disabled) #enable_tracing = true # If enabled, the runtime will not create a network namespace for shim and hypervisor processes. # This option may have some potential impacts to your host. It should only be used when you know what you're doing. # `disable_new_netns` conflicts with `enable_netmon` # `disable_new_netns` conflicts with `internetworking_model=tcfilter` and `internetworking_model=macvtap`. It works only # with `internetworking_model=none`. The tap device will be in the host network namespace and can connect to a bridge # (like OVS) directly. # If you are using docker, `disable_new_netns` only works with `docker run --net=none` # (default: false) #disable_new_netns = true # if enabled, the runtime will add all the kata processes inside one dedicated cgroup. # The container cgroups in the host are not created, just one single cgroup per sandbox. # The runtime caller is free to restrict or collect cgroup stats of the overall Kata sandbox. # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. # The sandbox cgroup is constrained if there is no container type annotation. # See: https://godoc.org/github.com/kata-containers/runtime/virtcontainers#ContainerType sandbox_cgroup_only=false # Enabled experimental feature list, format: ["a", "b"]. # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: # (default: []) experimental=[] # If enabled, containers are allowed to join the pid namespace of the agent # when the env variable KATA_AGENT_PIDNS is set for a container. # Use this with caution and only when required, as this option allows the container # to access the agent process. It is recommended to enable this option # only in debug scenarios and with containers with lowered priveleges. #enable_agent_pidns = true ``` --- # KSM throttler ## version Output of "`/usr/libexec/kata-ksm-throttler/kata-ksm-throttler --version`": ``` kata-ksm-throttler version 1.13.0-alpha0-aaf0821 ``` ## systemd service # Image details ```yaml --- osbuilder: url: "https://github.com/kata-containers/osbuilder" version: "unknown" rootfs-creation-time: "2021-01-16T05:41:04.050832329+0000Z" description: "osbuilder rootfs" file-format-version: "0.0.2" architecture: "x86_64" base-distro: name: "Clear" version: "34170" packages: default: - "chrony" - "iptables-bin" - "kmod-bin" - "libudev0-shim" - "systemd" - "util-linux-bin" extra: agent: url: "https://github.com/kata-containers/agent" name: "kata-agent" version: "1.13.0-alpha0-27b90c26909ba4b196b84156a4577a587c090285" agent-is-init-daemon: "no" ``` --- # Initrd details No initrd --- # Logfiles ## Runtime logs Recent runtime problems found in system journal: ``` time="2022-07-27T09:08:39.788376305Z" level=error msg="Failed to add qdisc for network index 3 : file exists" arch=amd64 command=create container=5aca087604b6d0d19c582c908192ca851a6fba9da427763dd883c9cf6152c5ee name=kata-runtime pid=14866 source=runtime time="2022-07-27T09:08:39.865047694Z" level=warning msg="Failed to get container, force will not fail: Container ID (5aca087604b6d0d19c582c908192ca851a6fba9da427763dd883c9cf6152c5ee) does not exist" arch=amd64 command=delete container=5aca087604b6d0d19c582c908192ca851a6fba9da427763dd883c9cf6152c5ee name=kata-runtime pid=14881 source=runtime time="2022-07-27T09:09:31.195913203Z" level=error msg="Error bridging virtual endpoint" arch=amd64 command=create container=5aca087604b6d0d19c582c908192ca851a6fba9da427763dd883c9cf6152c5ee error="Failed to add qdisc for network index 3 : file exists" name=kata-runtime pid=15104 source=virtcontainers subsystem=network time="2022-07-27T09:09:31.196025028Z" level=warning msg="sandbox cgroups path is empty" arch=amd64 command=create container=5aca087604b6d0d19c582c908192ca851a6fba9da427763dd883c9cf6152c5ee name=kata-runtime pid=15104 sandbox=5aca087604b6d0d19c582c908192ca851a6fba9da427763dd883c9cf6152c5ee source=virtcontainers subsystem=sandbox time="2022-07-27T09:09:31.196744791Z" level=error msg="Failed to add qdisc for network index 3 : file exists" arch=amd64 command=create container=5aca087604b6d0d19c582c908192ca851a6fba9da427763dd883c9cf6152c5ee name=kata-runtime pid=15104 source=runtime time="2022-07-27T09:09:31.269537141Z" level=warning msg="Failed to get container, force will not fail: Container ID (5aca087604b6d0d19c582c908192ca851a6fba9da427763dd883c9cf6152c5ee) does not exist" arch=amd64 command=delete container=5aca087604b6d0d19c582c908192ca851a6fba9da427763dd883c9cf6152c5ee name=kata-runtime pid=15121 source=runtime time="2022-07-27T09:33:40.478603848Z" level=info msg="scanner return error: read unix @->/run/vc/vm/1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4/qmp.sock: use of closed network connection" arch=amd64 command=create container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 name=kata-runtime pid=16886 source=virtcontainers subsystem=qmp time="2022-07-27T09:33:41.077830842Z" level=warning msg="sandbox's cgroup won't be updated: cgroup path is empty" arch=amd64 command=create container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 name=kata-runtime pid=16886 sandbox=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 source=virtcontainers subsystem=sandbox time="2022-07-27T09:33:41.078902027Z" level=info msg="scanner return error: read unix @->/run/vc/vm/1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4/qmp.sock: use of closed network connection" arch=amd64 command=create container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 name=kata-runtime pid=16886 source=virtcontainers subsystem=qmp time="2022-07-27T09:33:42.538690493Z" level=warning msg="Could not remove container share dir" arch=amd64 command=delete container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 error="no such file or directory" name=kata-runtime pid=16951 sandbox=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 share-dir=/run/kata-containers/shared/sandboxes/1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4/1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 source=virtcontainers subsystem=container time="2022-07-27T09:33:42.564223849Z" level=info msg="scanner return error: read unix @->/run/vc/vm/1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4/qmp.sock: use of closed network connection" arch=amd64 command=delete container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 name=kata-runtime pid=16951 sandbox=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 source=virtcontainers subsystem=qmp time="2022-07-27T09:33:42.574110879Z" level=error msg="Could not read qemu pid file" arch=amd64 command=delete container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 error="open /run/vc/vm/1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4/pid: no such file or directory" name=kata-runtime pid=16951 sandbox=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 source=virtcontainers subsystem=qemu time="2022-07-27T09:33:42.574470228Z" level=warning msg="sandbox cgroups path is empty" arch=amd64 command=delete container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 name=kata-runtime pid=16951 sandbox=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 source=virtcontainers subsystem=sandbox time="2022-07-27T09:33:42.626357067Z" level=warning msg="Failed to get container, force will not fail: Container ID (1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4) does not exist" arch=amd64 command=delete container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 name=kata-runtime pid=16991 source=runtime time="2022-07-27T09:33:55.583754506Z" level=error msg="Error bridging virtual endpoint" arch=amd64 command=create container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 error="Failed to add qdisc for network index 2 : file exists" name=kata-runtime pid=17081 source=virtcontainers subsystem=network time="2022-07-27T09:33:55.583864958Z" level=warning msg="sandbox cgroups path is empty" arch=amd64 command=create container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 name=kata-runtime pid=17081 sandbox=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 source=virtcontainers subsystem=sandbox time="2022-07-27T09:33:55.58462362Z" level=error msg="Failed to add qdisc for network index 2 : file exists" arch=amd64 command=create container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 name=kata-runtime pid=17081 source=runtime time="2022-07-27T09:33:55.661061063Z" level=warning msg="Failed to get container, force will not fail: Container ID (1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4) does not exist" arch=amd64 command=delete container=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 name=kata-runtime pid=17099 source=runtime time="2022-07-27T09:35:05.307800193Z" level=error msg="Error bridging virtual endpoint" arch=amd64 command=create container=17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59 error="Failed to add qdisc for network index 2 : file exists" name=kata-runtime pid=17606 source=virtcontainers subsystem=network time="2022-07-27T09:35:05.307911057Z" level=warning msg="sandbox cgroups path is empty" arch=amd64 command=create container=17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59 name=kata-runtime pid=17606 sandbox=17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59 source=virtcontainers subsystem=sandbox time="2022-07-27T09:35:05.308554059Z" level=error msg="Failed to add qdisc for network index 2 : file exists" arch=amd64 command=create container=17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59 name=kata-runtime pid=17606 source=runtime time="2022-07-27T09:35:05.383814448Z" level=warning msg="Failed to get container, force will not fail: Container ID (17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59) does not exist" arch=amd64 command=delete container=17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59 name=kata-runtime pid=17622 source=runtime time="2022-07-27T09:38:29.332282964Z" level=info msg="scanner return error: read unix @->/run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/qmp.sock: use of closed network connection" arch=amd64 command=create container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=17867 source=virtcontainers subsystem=qmp time="2022-07-27T09:38:29.957027842Z" level=warning msg="sandbox's cgroup won't be updated: cgroup path is empty" arch=amd64 command=create container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=17867 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=sandbox time="2022-07-27T09:38:29.95803055Z" level=info msg="scanner return error: read unix @->/run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/qmp.sock: use of closed network connection" arch=amd64 command=create container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=17867 source=virtcontainers subsystem=qmp time="2022-07-27T09:38:31.4553661Z" level=warning msg="Could not remove container share dir" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 error="no such file or directory" name=kata-runtime pid=18099 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 share-dir=/run/kata-containers/shared/sandboxes/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=container time="2022-07-27T09:38:31.529213251Z" level=info msg="scanner return error: " arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18099 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=qmp time="2022-07-27T09:38:31.588396913Z" level=error msg="Could not read qemu pid file" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 error="open /run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/pid: no such file or directory" name=kata-runtime pid=18099 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=qemu time="2022-07-27T09:38:31.588782852Z" level=warning msg="sandbox cgroups path is empty" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18099 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=sandbox time="2022-07-27T09:38:31.641349764Z" level=warning msg="Failed to get container, force will not fail: Container ID (e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303) does not exist" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18130 source=runtime time="2022-07-27T09:38:41.846256462Z" level=info msg="scanner return error: read unix @->/run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/qmp.sock: use of closed network connection" arch=amd64 command=create container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18274 source=virtcontainers subsystem=qmp time="2022-07-27T09:38:42.448643426Z" level=warning msg="sandbox's cgroup won't be updated: cgroup path is empty" arch=amd64 command=create container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18274 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=sandbox time="2022-07-27T09:38:42.449655025Z" level=info msg="scanner return error: read unix @->/run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/qmp.sock: use of closed network connection" arch=amd64 command=create container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18274 source=virtcontainers subsystem=qmp time="2022-07-27T09:38:43.831016239Z" level=warning msg="Could not remove container share dir" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 error="no such file or directory" name=kata-runtime pid=18516 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 share-dir=/run/kata-containers/shared/sandboxes/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=container time="2022-07-27T09:38:43.904719934Z" level=info msg="scanner return error: " arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18516 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=qmp time="2022-07-27T09:38:43.965371968Z" level=error msg="Could not read qemu pid file" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 error="open /run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/pid: no such file or directory" name=kata-runtime pid=18516 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=qemu time="2022-07-27T09:38:43.965819044Z" level=warning msg="sandbox cgroups path is empty" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18516 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=sandbox time="2022-07-27T09:38:44.022041434Z" level=warning msg="Failed to get container, force will not fail: Container ID (e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303) does not exist" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18539 source=runtime time="2022-07-27T09:38:49.811095206Z" level=info msg="scanner return error: read unix @->/run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/qmp.sock: use of closed network connection" arch=amd64 command=create container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18649 source=virtcontainers subsystem=qmp time="2022-07-27T09:38:50.430679171Z" level=warning msg="sandbox's cgroup won't be updated: cgroup path is empty" arch=amd64 command=create container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18649 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=sandbox time="2022-07-27T09:38:50.431681629Z" level=info msg="scanner return error: read unix @->/run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/qmp.sock: use of closed network connection" arch=amd64 command=create container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18649 source=virtcontainers subsystem=qmp time="2022-07-27T09:38:51.787810829Z" level=warning msg="Could not remove container share dir" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 error="no such file or directory" name=kata-runtime pid=18749 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 share-dir=/run/kata-containers/shared/sandboxes/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=container time="2022-07-27T09:38:51.849026172Z" level=info msg="scanner return error: " arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18749 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=qmp time="2022-07-27T09:38:51.90861417Z" level=error msg="Could not read qemu pid file" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 error="open /run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/pid: no such file or directory" name=kata-runtime pid=18749 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=qemu time="2022-07-27T09:38:51.909016507Z" level=warning msg="sandbox cgroups path is empty" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18749 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=virtcontainers subsystem=sandbox time="2022-07-27T09:38:51.962889019Z" level=warning msg="Failed to get container, force will not fail: Container ID (e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303) does not exist" arch=amd64 command=delete container=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 name=kata-runtime pid=18791 source=runtime time="2022-07-27T09:42:06.959899839Z" level=error msg="Error bridging virtual endpoint" arch=amd64 command=create container=17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59 error="Failed to add qdisc for network index 2 : file exists" name=kata-runtime pid=19032 source=virtcontainers subsystem=network time="2022-07-27T09:42:06.960011726Z" level=warning msg="sandbox cgroups path is empty" arch=amd64 command=create container=17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59 name=kata-runtime pid=19032 sandbox=17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59 source=virtcontainers subsystem=sandbox time="2022-07-27T09:42:06.960585537Z" level=error msg="Failed to add qdisc for network index 2 : file exists" arch=amd64 command=create container=17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59 name=kata-runtime pid=19032 source=runtime time="2022-07-27T09:42:07.032992302Z" level=warning msg="Failed to get container, force will not fail: Container ID (17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59) does not exist" arch=amd64 command=delete container=17e01f71094aba88bbe4c7c64dee84d0f27dd47af615e443a4e6b117efb0db59 name=kata-runtime pid=19050 source=runtime ``` ## Proxy logs Recent proxy problems found in system journal: ``` time="2022-07-21T14:21:15.019982528Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/d3526b7ba58a229c5ab91a0e68051db547d2eb5abe223ca20fc787b65b5ac42e/proxy.sock: use of closed network connection" name=kata-proxy pid=29121 sandbox=d3526b7ba58a229c5ab91a0e68051db547d2eb5abe223ca20fc787b65b5ac42e source=proxy time="2022-07-21T14:22:24.272239108Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/3dfa5f35ddc48900028e6554721904d6c30161e8c951fe16870a1149c971edba/kata.sock: use of closed network connection" name=kata-proxy pid=29778 sandbox=3dfa5f35ddc48900028e6554721904d6c30161e8c951fe16870a1149c971edba source=proxy time="2022-07-21T14:24:51.963247882Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/3b283dd74bc9755866016e14df1484f3c47b2e3680eed99a5ac49e56175a943d/kata.sock: use of closed network connection" name=kata-proxy pid=30632 sandbox=3b283dd74bc9755866016e14df1484f3c47b2e3680eed99a5ac49e56175a943d source=proxy time="2022-07-21T14:25:54.425132053Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/b3f7b70de73e2122efcf2d7dc9a35d0189d5930b1572b4f86ee1d8ab2b91e5b0/kata.sock: use of closed network connection" name=kata-proxy pid=31241 sandbox=b3f7b70de73e2122efcf2d7dc9a35d0189d5930b1572b4f86ee1d8ab2b91e5b0 source=proxy time="2022-07-21T14:29:05.030607494Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/c1c695801cdca9a9988d75265d46de93d5c27e34a55fcbbaa0550cfd38803df7/proxy.sock: use of closed network connection" name=kata-proxy pid=32439 sandbox=c1c695801cdca9a9988d75265d46de93d5c27e34a55fcbbaa0550cfd38803df7 source=proxy time="2022-07-21T14:55:30.436266359Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/27c5c9a22e0d8c39acaa274019f7600bdcd8a7604a39cef38286cba339cb7ceb/proxy.sock: use of closed network connection" name=kata-proxy pid=41312 sandbox=27c5c9a22e0d8c39acaa274019f7600bdcd8a7604a39cef38286cba339cb7ceb source=proxy time="2022-07-22T14:54:24.712470881Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/732577cbee4a6aa72368cb495fb2817223bb374c5c1a4d87305e74c3dca559f5/kata.sock: use of closed network connection" name=kata-proxy pid=21953 sandbox=732577cbee4a6aa72368cb495fb2817223bb374c5c1a4d87305e74c3dca559f5 source=proxy time="2022-07-22T15:01:16.18957956Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/5cd251fb35716cae95a6d3eb74da5ecb20be88ca6a9c09e9b13815a54be5acf1/kata.sock: use of closed network connection" name=kata-proxy pid=23734 sandbox=5cd251fb35716cae95a6d3eb74da5ecb20be88ca6a9c09e9b13815a54be5acf1 source=proxy time="2022-07-22T15:06:14.72071895Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/b991c0c5b2f66dca9e3b227b3fa0500538659a6945d3d37de5d4ca06b2df6c5a/proxy.sock: use of closed network connection" name=kata-proxy pid=25913 sandbox=b991c0c5b2f66dca9e3b227b3fa0500538659a6945d3d37de5d4ca06b2df6c5a source=proxy time="2022-07-25T16:27:25.107034643Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/fe378fc5a5c4ff0269e7e3b1f5807ba12dc67726edf9ef408c8321faa554cb12/kata.sock: use of closed network connection" name=kata-proxy pid=22125 sandbox=fe378fc5a5c4ff0269e7e3b1f5807ba12dc67726edf9ef408c8321faa554cb12 source=proxy time="2022-07-25T16:37:58.795703132Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/a865bbac7823c4b8bf55f46a6f7aab2e2e171b8c2831ab17ce5ca3762a7d172b/kata.sock: use of closed network connection" name=kata-proxy pid=25695 sandbox=a865bbac7823c4b8bf55f46a6f7aab2e2e171b8c2831ab17ce5ca3762a7d172b source=proxy time="2022-07-25T16:39:47.842375517Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/c9785e54aed08de46053791e3507099b8a5b6b221d2afbfefe8ffb8ae82836c5/kata.sock: use of closed network connection" name=kata-proxy pid=26870 sandbox=c9785e54aed08de46053791e3507099b8a5b6b221d2afbfefe8ffb8ae82836c5 source=proxy time="2022-07-27T08:57:25.874172103Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/30be267e2c6c812d23ab1693b19c9175c54d272e206230769c48a7b5e8ed3d52/kata.sock: use of closed network connection" name=kata-proxy pid=8828 sandbox=30be267e2c6c812d23ab1693b19c9175c54d272e206230769c48a7b5e8ed3d52 source=proxy time="2022-07-27T09:01:10.732315069Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/2322f1d68a2cd56363396a3d4b10d250b7e3f789bbbc820ad277d79dc167f882/kata.sock: use of closed network connection" name=kata-proxy pid=10585 sandbox=2322f1d68a2cd56363396a3d4b10d250b7e3f789bbbc820ad277d79dc167f882 source=proxy time="2022-07-27T09:07:31.707198617Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/6cc28e7c83d8ce1c6a54fd0745d108076d10248002e6316323f51582391d7029/kata.sock: use of closed network connection" name=kata-proxy pid=13118 sandbox=6cc28e7c83d8ce1c6a54fd0745d108076d10248002e6316323f51582391d7029 source=proxy time="2022-07-27T09:07:49.792126155Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/6cc28e7c83d8ce1c6a54fd0745d108076d10248002e6316323f51582391d7029/kata.sock: use of closed network connection" name=kata-proxy pid=13554 sandbox=6cc28e7c83d8ce1c6a54fd0745d108076d10248002e6316323f51582391d7029 source=proxy time="2022-07-27T09:08:02.703508995Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/6cc28e7c83d8ce1c6a54fd0745d108076d10248002e6316323f51582391d7029/proxy.sock: use of closed network connection" name=kata-proxy pid=13953 sandbox=6cc28e7c83d8ce1c6a54fd0745d108076d10248002e6316323f51582391d7029 source=proxy time="2022-07-27T09:08:21.688852501Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/330e3a539d61dc6dec23b1c40797cd6178c1d169826e6f16ebc34e24a6f20834/kata.sock: use of closed network connection" name=kata-proxy pid=14392 sandbox=330e3a539d61dc6dec23b1c40797cd6178c1d169826e6f16ebc34e24a6f20834 source=proxy time="2022-07-27T09:33:42.560650217Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4/kata.sock: use of closed network connection" name=kata-proxy pid=16910 sandbox=1636b486f2addfc16352adac036fdce4920a1daad0b6184ba12b3de7a0ce99b4 source=proxy time="2022-07-27T09:38:31.47698681Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/kata.sock: use of closed network connection" name=kata-proxy pid=18014 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=proxy time="2022-07-27T09:38:43.852091585Z" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/kata.sock: use of closed network connection" name=kata-proxy pid=18424 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=proxy time="2022-07-27T09:38:51.807541393Z" level=fatal msg="channel error" error="accept unix /run/vc/sbs/e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303/proxy.sock: use of closed network connection" name=kata-proxy pid=18707 sandbox=e620d4d78d0565e5fce5709fa76d6c0e9e83595c1084b7f3d5e0134caacd3303 source=proxy ``` ## Shim logs No recent shim problems found in system journal. ## Throttler logs No recent throttler problems found in system journal. --- # Container manager details Have `docker` ## Docker Output of "`docker version`": ``` Client: Docker Engine - Community Version: 20.10.17 API version: 1.41 Go version: go1.17.11 Git commit: 100c701 Built: Mon Jun 6 23:02:56 2022 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.17 API version: 1.41 (minimum version 1.12) Go version: go1.17.11 Git commit: a89b842 Built: Mon Jun 6 23:01:02 2022 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.6 GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1 runc: Version: 1.1.2 GitCommit: v1.1.2-0-ga916309 docker-init: Version: 0.19.0 GitCommit: de40ad0 ``` Output of "`docker info`": ``` Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Docker Buildx (Docker Inc., v0.8.2-docker) compose: Docker Compose (Docker Inc., v2.6.0) scan: Docker Scan (Docker Inc., v0.17.0) Server: Containers: 2 Running: 1 Paused: 0 Stopped: 1 Images: 4 Server Version: 20.10.17 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux kata-runtime runc Default Runtime: runc Init Binary: docker-init containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1 runc version: v1.1.2-0-ga916309 init version: de40ad0 Security Options: apparmor seccomp Profile: default Kernel Version: 5.4.0-1081-aws Operating System: Ubuntu 18.04.6 LTS OSType: linux Architecture: x86_64 CPUs: 72 Total Memory: 188.5GiB Name: ip-10-0-2-38 ID: GF33:MKZO:XLCL:BKZD:NSQY:GMNH:C7T3:P52C:PVN2:HB3Q:Z3IP:GRJJ Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: No swap limit support ``` Output of "`systemctl show docker`": ``` Type=notify Restart=always NotifyAccess=main RestartUSec=2s TimeoutStartUSec=infinity TimeoutStopUSec=infinity RuntimeMaxUSec=infinity WatchdogUSec=0 WatchdogTimestamp=Wed 2022-07-27 09:01:02 UTC WatchdogTimestampMonotonic=524371262979 PermissionsStartOnly=no RootDirectoryStartOnly=no RemainAfterExit=no GuessMainPID=yes MainPID=10124 ControlPID=0 FileDescriptorStoreMax=0 NFileDescriptorStore=0 StatusErrno=0 Result=success UID=[not set] GID=[not set] NRestarts=0 ExecMainStartTimestamp=Wed 2022-07-27 09:01:02 UTC ExecMainStartTimestampMonotonic=524370880875 ExecMainExitTimestampMonotonic=0 ExecMainPID=10124 ExecMainCode=0 ExecMainStatus=0 ExecStart={ path=/usr/bin/dockerd ; argv[]=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ; ignore_errors=no ; start_time=[Wed 2022-07-27 09:01:02 UTC] ; stop_time=[n/a] ; pid=10124 ; code=(null) ; status=0/0 } ExecReload={ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 } Slice=system.slice ControlGroup=/system.slice/docker.service MemoryCurrent=[not set] CPUUsageNSec=[not set] TasksCurrent=72 IPIngressBytes=18446744073709551615 IPIngressPackets=18446744073709551615 IPEgressBytes=18446744073709551615 IPEgressPackets=18446744073709551615 Delegate=yes DelegateControllers=cpu cpuacct io blkio memory devices pids CPUAccounting=no CPUWeight=[not set] StartupCPUWeight=[not set] CPUShares=[not set] StartupCPUShares=[not set] CPUQuotaPerSecUSec=infinity IOAccounting=no IOWeight=[not set] StartupIOWeight=[not set] BlockIOAccounting=no BlockIOWeight=[not set] StartupBlockIOWeight=[not set] MemoryAccounting=no MemoryLow=0 MemoryHigh=infinity MemoryMax=infinity MemorySwapMax=infinity MemoryLimit=infinity DevicePolicy=auto TasksAccounting=yes TasksMax=infinity IPAccounting=no UMask=0022 LimitCPU=infinity LimitCPUSoft=infinity LimitFSIZE=infinity LimitFSIZESoft=infinity LimitDATA=infinity LimitDATASoft=infinity LimitSTACK=infinity LimitSTACKSoft=8388608 LimitCORE=infinity LimitCORESoft=infinity LimitRSS=infinity LimitRSSSoft=infinity LimitNOFILE=infinity LimitNOFILESoft=infinity LimitAS=infinity LimitASSoft=infinity LimitNPROC=infinity LimitNPROCSoft=infinity LimitMEMLOCK=67108864 LimitMEMLOCKSoft=67108864 LimitLOCKS=infinity LimitLOCKSSoft=infinity LimitSIGPENDING=772134 LimitSIGPENDINGSoft=772134 LimitMSGQUEUE=819200 LimitMSGQUEUESoft=819200 LimitNICE=0 LimitNICESoft=0 LimitRTPRIO=0 LimitRTPRIOSoft=0 LimitRTTIME=infinity LimitRTTIMESoft=infinity OOMScoreAdjust=-500 Nice=0 IOSchedulingClass=0 IOSchedulingPriority=0 CPUSchedulingPolicy=0 CPUSchedulingPriority=0 TimerSlackNSec=50000 CPUSchedulingResetOnFork=no NonBlocking=no StandardInput=null StandardInputData= StandardOutput=journal StandardError=inherit TTYReset=no TTYVHangup=no TTYVTDisallocate=no SyslogPriority=30 SyslogLevelPrefix=yes SyslogLevel=6 SyslogFacility=3 LogLevelMax=-1 SecureBits=0 CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend AmbientCapabilities= DynamicUser=no RemoveIPC=no MountFlags= PrivateTmp=no PrivateDevices=no ProtectKernelTunables=no ProtectKernelModules=no ProtectControlGroups=no PrivateNetwork=no PrivateUsers=no ProtectHome=no ProtectSystem=no SameProcessGroup=no UtmpMode=init IgnoreSIGPIPE=yes NoNewPrivileges=no SystemCallErrorNumber=0 LockPersonality=no RuntimeDirectoryPreserve=no RuntimeDirectoryMode=0755 StateDirectoryMode=0755 CacheDirectoryMode=0755 LogsDirectoryMode=0755 ConfigurationDirectoryMode=0755 MemoryDenyWriteExecute=no RestrictRealtime=no RestrictSUIDSGID=no RestrictNamespaces=no MountAPIVFS=no KeyringMode=private KillMode=process KillSignal=15 SendSIGKILL=yes SendSIGHUP=no Id=docker.service Names=docker.service Requires=containerd.service sysinit.target system.slice docker.socket Wants=network-online.target WantedBy=multi-user.target Conflicts=shutdown.target Before=shutdown.target multi-user.target After=systemd-journald.socket docker.socket containerd.service system.slice network-online.target firewalld.service basic.target sysinit.target TriggeredBy=docker.socket Documentation=https://docs.docker.com Description=Docker Application Container Engine LoadState=loaded ActiveState=active SubState=running FragmentPath=/lib/systemd/system/docker.service UnitFileState=enabled UnitFilePreset=enabled StateChangeTimestamp=Wed 2022-07-27 09:01:02 UTC StateChangeTimestampMonotonic=524371262983 InactiveExitTimestamp=Wed 2022-07-27 09:01:02 UTC InactiveExitTimestampMonotonic=524370880953 ActiveEnterTimestamp=Wed 2022-07-27 09:01:02 UTC ActiveEnterTimestampMonotonic=524371262983 ActiveExitTimestamp=Wed 2022-07-27 09:01:02 UTC ActiveExitTimestampMonotonic=524370864341 InactiveEnterTimestamp=Wed 2022-07-27 09:01:02 UTC InactiveEnterTimestampMonotonic=524370877078 CanStart=yes CanStop=yes CanReload=yes CanIsolate=no StopWhenUnneeded=no RefuseManualStart=no RefuseManualStop=no AllowIsolate=no DefaultDependencies=yes OnFailureJobMode=replace IgnoreOnIsolate=no NeedDaemonReload=no JobTimeoutUSec=infinity JobRunningTimeoutUSec=infinity JobTimeoutAction=none ConditionResult=yes AssertResult=yes ConditionTimestamp=Wed 2022-07-27 09:01:02 UTC ConditionTimestampMonotonic=524370878648 AssertTimestamp=Wed 2022-07-27 09:01:02 UTC AssertTimestampMonotonic=524370878648 Transient=no Perpetual=no StartLimitIntervalUSec=1min StartLimitBurst=3 StartLimitAction=none FailureAction=none SuccessAction=none InvocationID=02d6a5634bfe47b081ee93a77b437f52 CollectMode=inactive ``` No `kubectl` No `crio` Have `containerd` ## containerd Output of "`containerd --version`": ``` containerd containerd.io 1.6.6 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1 ``` Output of "`systemctl show containerd`": ``` Type=notify Restart=always NotifyAccess=main RestartUSec=5s TimeoutStartUSec=1min 30s TimeoutStopUSec=1min 30s RuntimeMaxUSec=infinity WatchdogUSec=0 WatchdogTimestamp=Thu 2022-07-21 11:56:33 UTC WatchdogTimestampMonotonic=16501482865 PermissionsStartOnly=no RootDirectoryStartOnly=no RemainAfterExit=no GuessMainPID=yes MainPID=20155 ControlPID=0 FileDescriptorStoreMax=0 NFileDescriptorStore=0 StatusErrno=0 Result=success UID=[not set] GID=[not set] NRestarts=0 ExecMainStartTimestamp=Thu 2022-07-21 11:56:32 UTC ExecMainStartTimestampMonotonic=16501373831 ExecMainExitTimestampMonotonic=0 ExecMainPID=20155 ExecMainCode=0 ExecMainStatus=0 ExecStartPre={ path=/sbin/modprobe ; argv[]=/sbin/modprobe overlay ; ignore_errors=yes ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 } ExecStart={ path=/usr/bin/containerd ; argv[]=/usr/bin/containerd ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 } Slice=system.slice ControlGroup=/system.slice/containerd.service MemoryCurrent=[not set] CPUUsageNSec=[not set] TasksCurrent=61 IPIngressBytes=18446744073709551615 IPIngressPackets=18446744073709551615 IPEgressBytes=18446744073709551615 IPEgressPackets=18446744073709551615 Delegate=yes DelegateControllers=cpu cpuacct io blkio memory devices pids CPUAccounting=no CPUWeight=[not set] StartupCPUWeight=[not set] CPUShares=[not set] StartupCPUShares=[not set] CPUQuotaPerSecUSec=infinity IOAccounting=no IOWeight=[not set] StartupIOWeight=[not set] BlockIOAccounting=no BlockIOWeight=[not set] StartupBlockIOWeight=[not set] MemoryAccounting=no MemoryLow=0 MemoryHigh=infinity MemoryMax=infinity MemorySwapMax=infinity MemoryLimit=infinity DevicePolicy=auto TasksAccounting=yes TasksMax=infinity IPAccounting=no UMask=0022 LimitCPU=infinity LimitCPUSoft=infinity LimitFSIZE=infinity LimitFSIZESoft=infinity LimitDATA=infinity LimitDATASoft=infinity LimitSTACK=infinity LimitSTACKSoft=8388608 LimitCORE=infinity LimitCORESoft=infinity LimitRSS=infinity LimitRSSSoft=infinity LimitNOFILE=infinity LimitNOFILESoft=infinity LimitAS=infinity LimitASSoft=infinity LimitNPROC=infinity LimitNPROCSoft=infinity LimitMEMLOCK=67108864 LimitMEMLOCKSoft=67108864 LimitLOCKS=infinity LimitLOCKSSoft=infinity LimitSIGPENDING=772134 LimitSIGPENDINGSoft=772134 LimitMSGQUEUE=819200 LimitMSGQUEUESoft=819200 LimitNICE=0 LimitNICESoft=0 LimitRTPRIO=0 LimitRTPRIOSoft=0 LimitRTTIME=infinity LimitRTTIMESoft=infinity OOMScoreAdjust=-999 Nice=0 IOSchedulingClass=0 IOSchedulingPriority=0 CPUSchedulingPolicy=0 CPUSchedulingPriority=0 TimerSlackNSec=50000 CPUSchedulingResetOnFork=no NonBlocking=no StandardInput=null StandardInputData= StandardOutput=journal StandardError=inherit TTYReset=no TTYVHangup=no TTYVTDisallocate=no SyslogPriority=30 SyslogLevelPrefix=yes SyslogLevel=6 SyslogFacility=3 LogLevelMax=-1 SecureBits=0 CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend AmbientCapabilities= DynamicUser=no RemoveIPC=no MountFlags= PrivateTmp=no PrivateDevices=no ProtectKernelTunables=no ProtectKernelModules=no ProtectControlGroups=no PrivateNetwork=no PrivateUsers=no ProtectHome=no ProtectSystem=no SameProcessGroup=no UtmpMode=init IgnoreSIGPIPE=yes NoNewPrivileges=no SystemCallErrorNumber=0 LockPersonality=no RuntimeDirectoryPreserve=no RuntimeDirectoryMode=0755 StateDirectoryMode=0755 CacheDirectoryMode=0755 LogsDirectoryMode=0755 ConfigurationDirectoryMode=0755 MemoryDenyWriteExecute=no RestrictRealtime=no RestrictSUIDSGID=no RestrictNamespaces=no MountAPIVFS=no KeyringMode=private KillMode=process KillSignal=15 SendSIGKILL=yes SendSIGHUP=no Id=containerd.service Names=containerd.service Requires=sysinit.target system.slice RequiredBy=docker.service WantedBy=multi-user.target Conflicts=shutdown.target Before=shutdown.target docker.service multi-user.target After=sysinit.target basic.target network.target local-fs.target system.slice systemd-journald.socket Documentation=https://containerd.io Description=containerd container runtime LoadState=loaded ActiveState=active SubState=running FragmentPath=/lib/systemd/system/containerd.service UnitFileState=enabled UnitFilePreset=enabled StateChangeTimestamp=Thu 2022-07-21 11:56:33 UTC StateChangeTimestampMonotonic=16501482868 InactiveExitTimestamp=Thu 2022-07-21 11:56:32 UTC InactiveExitTimestampMonotonic=16501362214 ActiveEnterTimestamp=Thu 2022-07-21 11:56:33 UTC ActiveEnterTimestampMonotonic=16501482868 ActiveExitTimestampMonotonic=0 InactiveEnterTimestampMonotonic=0 CanStart=yes CanStop=yes CanReload=no CanIsolate=no StopWhenUnneeded=no RefuseManualStart=no RefuseManualStop=no AllowIsolate=no DefaultDependencies=yes OnFailureJobMode=replace IgnoreOnIsolate=no NeedDaemonReload=no JobTimeoutUSec=infinity JobRunningTimeoutUSec=infinity JobTimeoutAction=none ConditionResult=yes AssertResult=yes ConditionTimestamp=Thu 2022-07-21 11:56:32 UTC ConditionTimestampMonotonic=16501359742 AssertTimestamp=Thu 2022-07-21 11:56:32 UTC AssertTimestampMonotonic=16501359742 Transient=no Perpetual=no StartLimitIntervalUSec=10s StartLimitBurst=5 StartLimitAction=none FailureAction=none SuccessAction=none InvocationID=ae2c7a80ee854bf58caae03c0e32a387 CollectMode=inactive ``` Output of "`cat /etc/containerd/config.toml`": ``` # Copyright 2018-2022 Docker Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. disabled_plugins = ["cri"] #root = "/var/lib/containerd" #state = "/run/containerd" #subreaper = true #oom_score = 0 #[grpc] # address = "/run/containerd/containerd.sock" # uid = 0 # gid = 0 #[debug] # address = "/run/containerd/debug.sock" # uid = 0 # gid = 0 # level = "info" ``` --- # Packages Have `dpkg` Output of "`dpkg -l|egrep "(cc-oci-runtimecc-runtimerunv|kata-proxy|kata-runtime|kata-shim|kata-ksm-throttler|kata-containers-image|linux-container|qemu-)"`": ``` ii ipxe-qemu-256k-compat-efi-roms 1.0.0+git-20150424.a25a16d-0ubuntu2 all PXE boot firmware - Compat EFI ROM images for qemu ii kata-containers-image 1.13.0~alpha0-49 amd64 Kata containers image ii kata-ksm-throttler 1.13.0~alpha0-52 amd64 ii kata-linux-container 5.4.60.91-52 amd64 linux kernel optimised for container-like workloads. ii kata-proxy 1.13.0~alpha0-50 amd64 ii kata-runtime 1.13.0~alpha0-57 amd64 ii kata-shim 1.13.0~alpha0-48 amd64 ii qemu-block-extra:amd64 1:2.11+dfsg-1ubuntu7.40 amd64 extra block backend modules for qemu-system and qemu-utils ii qemu-kvm 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU Full virtualization on x86 hardware ii qemu-slof 20170724+dfsg-1ubuntu1 all Slimline Open Firmware -- QEMU PowerPC version ii qemu-system 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU full system emulation binaries ii qemu-system-arm 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU full system emulation binaries (arm) ii qemu-system-common 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU full system emulation binaries (common files) ii qemu-system-mips 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU full system emulation binaries (mips) ii qemu-system-misc 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU full system emulation binaries (miscellaneous) ii qemu-system-ppc 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU full system emulation binaries (ppc) ii qemu-system-s390x 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU full system emulation binaries (s390x) ii qemu-system-sparc 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU full system emulation binaries (sparc) ii qemu-system-x86 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU full system emulation binaries (x86) ii qemu-user 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU user mode emulation binaries ii qemu-user-binfmt 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU user mode binfmt registration for qemu-user ii qemu-utils 1:2.11+dfsg-1ubuntu7.40 amd64 QEMU utilities ii qemu-vanilla 5.0.0+git.fdd76fecdd-53 amd64 linux kernel optimised for container-like workloads. ``` No `rpm` ---

liubin commented 2 years ago

Hi @MVJosh, it seems you are using the deprecated 1.x series of Kata Containers that already been unmaintained, you'd better to upgrade to new version?

And even in the latest Kata Containers, it doesn't support docker run net=container or docker run --link.