crictl/kubectl exec hang 60s when use not exist command

[liuxu623]

$ time kubectl exec -it busybox-kata-1 -- /bin/bash

error: Internal error occurred: error executing command in container: failed to exec in container: failed to start exec "e9a1188509cc5c5d35f8e27733eac72aadfe5b4eb89c9ad4ef8a63e9db32cf5b": Others("failed to handler message handler request\n\nCaused by:\n    0: start process\n    1: start\n    2: enter process\n    3: exec process\n    4: rpc status: code: INTERNAL message: \"the file /bin/bash was not found\""): unknown
kubectl exec -it busybox-kata-1 -- /bin/bash  0.16s user 0.06s system 0% cpu 1:00.21 total

[liuxu623]

containerd log

Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: time="2023-09-21T14:56:37.248414780+08:00" level=debug msg="Exec for \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" with command [/bin/bash], tty true and stdin true"
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: time="2023-09-21T14:56:37.248448403+08:00" level=debug msg="Exec for \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" returns URL \"http://127.0.0.1:37965/exec/jiGwiulz\""
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service StateProcess(ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"\", process_type: Container })","level":"DEBG","ts":"2023-09-21T06:56:37.278785275Z","subsystem":"service","stream id":"285","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"<==== task service StateProcess(ProcessStateInfo { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", exec_id: \"\", pid: PID { pid: 1173477 }, bundle: \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", stdin: None, stdout: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/1613844216/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170-stdout\"), stderr: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/1613844216/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170-stderr\"), terminal: false, status: Running, exit_status: 0, exited_at: None })","level":"DEBG","ts":"2023-09-21T06:56:37.278920201Z","pid":"1173477","name":"kata-runtime","version":"0.1.0","stream id":"285","subsystem":"service","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: time="2023-09-21T14:56:37.278985284+08:00" level=debug msg="Generated exec id \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\" for container \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\""
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service ExecProcess(ExecProcessRequest { process: ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec }, terminal: true, stdin: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdin\"), stdout: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdout\"), stderr: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stderr\"), spec_type_url: \"types.containerd.io/opencontainers/runtime-spec/1/Process\", spec_value: [123, 34, 116, 101, 114, 109, 105, 110, 97, 108, 34, 58, 116, 114, 117, 101, 44, 34, 117, 115, 101, 114, 34, 58, 123, 34, 117, 105, 100, 34, 58, 48, 44, 34, 103, 105, 100, 34, 58, 48, 44, 34, 97, 100, 100, 105, 116, 105, 111, 110, 97, 108, 71, 105, 100, 115, 34, 58, 91, 49, 48, 93, 125, 44, 34, 97, 114, 103, 115, 34, 58, 91, 34, 47, 98, 105, 110, 47, 98, 97, 115, 104, 34, 93, 44, 34, 101, 110, 118, 34, 58, 91, 34, 80, 65, 84, 72, 61, 47, 117, 115, 114, 47, 108, 111, 99, 97, 108, 47, 115, 98, 105, 110, 58, 47, 117, 115, 114, 47, 108, 111, 99, 97, 108, 47, 98, 105, 110, 58, 47, 117, 115, 114, 47, 115, 98, 105, 110, 58, 47, 117, 115, 114, 47, 98, 105, 110, 58, 47, 115, 98, 105, 110, 58, 47, 98, 105, 110, 34, 44, 34, 72, 79, 83, 84, 78, 65, 77, 69, 61, 98, 117, 115, 121, 98, 111, 120, 45, 107, 97, 116, 97, 45, 49, 34, 44, 34, 65, 80, 80, 73, 68, 61, 34, 44, 34, 90, 75, 95, 72, 79, 83, 84, 61, 49, 48, 46, 48, 46, 49, 46, 49, 53, 51, 58, 50, 49, 56, 49, 44, 49, 48, 46, 48, 46, 49, 46, 49, 53, 50, 58, 50, 49, 56, 49, 44, 49, 48, 46, 48, 46, 49, 46, 49, 55, 54, 58, 50, 49, 56, 49, 44, 49, 48, 46, 48, 46, 49, 46, 50, 50, 56, 58, 50, 49, 56, 49, 44, 49, 48, 46, 48, 46, 49, 46, 50, 48, 50, 58, 50, 49, 56, 49, 34, 44, 34, 88, 72, 83, 95, 69, 78, 86, 61, 112, 114, 111, 100, 34, 44, 34, 83, 69, 82, 86, 73, 67, 69, 95, 73, 68, 61, 98, 117, 115, 121, 98, 111, 120, 45, 107, 97, 116, 97, 45, 49, 34, 44, 34, 67, 65, 84, 95, 82, 79, 85, 84, 69, 82, 95, 65, 68, 68, 82, 69, 83, 83, 69, 83, 61, 49, 48, 46, 48, 46, 50, 50, 56, 46, 49, 48, 58, 56, 48, 56, 48, 34, 44, 34, 69, 68, 83, 95, 72, 79, 83, 84, 83, 61, 49, 48, 46, 49, 52, 52, 46, 49, 50, 50, 46, 49, 51, 57, 58, 56, 48, 34, 44, 34, 83, 87, 95, 65, 71, 69, 78, 84, 95, 67, 79, 76, 76, 69, 67, 84, 79, 82, 95, 66, 65, 67, 75, 69, 78, 68, 95, 83, 69, 82, 86, 73, 67, 69, 83, 61, 49, 48, 46, 49, 49, 46, 50, 49, 48, 46, 49, 55, 57, 58, 49, 49, 56, 48, 48, 44, 49, 48, 46, 49, 49, 46, 50, 48, 56, 46, 49, 52, 56, 58, 49, 49, 56, 48, 48, 34, 44, 34, 69, 68, 83, 95, 72, 84, 84, 80, 95, 72, 79, 83, 84, 61, 49, 48, 46, 49, 52, 52, 46, 49, 50, 50, 46, 49, 52, 51, 58, 56, 48, 56, 53, 34, 44, 34, 84, 82, 65, 67, 69, 95, 65, 71, 69, 78, 84, 95, 79, 80, 84, 83, 61, 45, 106, 97, 118, 97, 97, 103, 101, 110, 116, 58, 47, 100, 97, 116, 97, 47, 115, 107, 121, 119, 97, 108, 107, 105, 110, 103, 47, 97, 103, 101, 110, 116, 47, 115, 107, 121, 119, 97, 108, 107, 105, 110, 103, 45, 97, 103, 101, 110, 116, 46, 106, 97, 114, 34, 44, 34, 68, 73, 83, 65, 66, 76, 69, 95, 67, 79, 78, 83, 85, 76, 61, 116, 114, 117, 101, 34, 44, 34, 85, 83, 69, 95, 82, 69, 68, 67, 65, 83, 84, 61, 49, 34, 44, 34, 77, 79, 78, 73, 84, 79, 82, 95, 75, 65, 70, 75, 65, 61, 107, 97, 102, 107, 97, 45, 113, 99, 115, 104, 52, 45, 115, 97, 50, 45, 109, 101, 116, 97, 49, 46, 105, 110, 116, 46, 120, 105, 97, 111, 104, 111, 110, 103, 115, 104, 117, 46, 99, 111, 109, 58, 57, 48, 57, 50, 44, 107, 97, 102, 107, 97, 45, 113, 99, 115, 104, 52, 45, 115, 97, 50, 45, 109, 101, 116, 97, 50, 46, 105, 110, 116, 46, 120, 105, 97, 111, 104, 111, 110, 103, 115, 104, 117, 46, 99, 111, 109, 58, 57, 48, 57, 50, 44, 107, 97, 102, 107, 97, 45, 113, 99, 115, 104, 52, 45, 115, 97, 50, 45, 109, 101, 116, 97, 51, 46, 105, 110, 116, 46, 120, 105, 97, 111, 104, 111, 110, 103, 115, 104, 117, 46, 99, 111, 109, 58, 57, 48, 57, 50, 34, 44, 34, 88, 72, 83, 95, 90, 79, 78, 69, 61, 97, 108, 115, 104, 49, 34, 44, 34, 90, 75, 95, 78, 65, 77, 69, 83, 80, 65, 67, 69, 61, 112, 114, 111, 100, 95, 115, 101, 114, 118, 105, 99, 101, 95, 118, 49, 34, 44, 34, 80, 79, 68, 95, 73, 80, 61, 49, 48, 46, 49, 52, 53, 46, 50, 51, 50, 46, 50, 50, 48, 34, 44, 34, 82, 69, 68, 67, 65, 83, 84, 95, 68, 65, 69, 77, 79, 78, 95, 72, 79, 83, 84, 61, 49, 48, 46, 49, 52, 52, 46, 57, 46, 50, 50, 49, 34, 44, 34, 69, 68, 83, 95, 72, 79, 83, 84, 61, 49, 48, 46, 49, 52, 52, 46, 49, 50, 50, 46, 49, 51, 57, 58, 56, 48, 34, 44, 34, 88, 72, 83, 95, 75, 56, 83, 61, 97, 108, 115, 104, 49, 34, 44, 34, 88, 72, 83, 95, 82, 69, 71, 73, 79, 78, 61, 97, 108, 45, 115, 104, 34, 44, 34, 78, 65, 77, 69, 83, 80, 65, 67, 69, 61, 100, 101, 102, 97, 117, 108, 116, 34, 44, 34, 75, 85, 66, 69, 82, 78, 69, 84, 69, 83, 95, 83, 69, 82, 86, 73, 67, 69, 95, 80, 79, 82, 84, 95, 72, 84, 84, 80, 83, 61, 52, 52, 51, 34, 44, 34, 75, 85, 66, 69, 82, 78, 69, 84, 69, 83, 95, 80, 79, 82, 84, 61, 116, 99, 112, 58, 47, 47, 49, 48, 46, 50, 48, 48, 46, 49, 48, 52, 46, 49, 58, 52, 52, 51, 34, 44, 34, 75, 85, 66, 69, 82, 78, 69, 84, 69, 83, 95, 80, 79, 82, 84, 95, 52, 52, 51, 95, 84, 67, 80, 61, 116, 99, 112, 58, 47, 47, 49, 48, 46, 50, 48, 48, 46, 49, 48, 52, 46, 49, 58, 52, 52, 51, 34, 44, 34, 75, 85, 66, 69, 82, 78, 69, 84, 69, 83, 95, 80, 79, 82, 84, 95, 52, 52, 51, 95, 84, 67, 80, 95, 80, 82, 79, 84, 79, 61, 116, 99, 112, 34, 44, 34, 75, 85, 66, 69, 82, 78, 69, 84, 69, 83, 95, 80, 79, 82, 84, 95, 52, 52, 51, 95, 84, 67, 80, 95, 80, 79, 82, 84, 61, 52, 52, 51, 34, 44, 34, 75, 85, 66, 69, 82, 78, 69, 84, 69, 83, 95, 80, 79, 82, 84, 95, 52, 52, 51, 95, 84, 67, 80, 95, 65, 68, 68, 82, 61, 49, 48, 46, 50, 48, 48, 46, 49, 48, 52, 46, 49, 34, 44, 34, 75, 85, 66, 69, 82, 78, 69, 84, 69, 83, 95, 83, 69, 82, 86, 73, 67, 69, 95, 72, 79, 83, 84, 61, 49, 48, 46, 50, 48, 48, 46, 49, 48, 52, 46, 49, 34, 44, 34, 75, 85, 66, 69, 82, 78, 69, 84, 69, 83, 95, 83, 69, 82, 86, 73, 67, 69, 95, 80, 79, 82, 84, 61, 52, 52, 51, 34, 44, 34, 84, 69, 82, 77, 61, 120, 116, 101, 114, 109, 34, 93, 44, 34, 99, 119, 100, 34, 58, 34, 47, 34, 44, 34, 99, 97, 112, 97, 98, 105, 108, 105, 116, 105, 101, 115, 34, 58, 123, 34, 98, 111, 117, 110, 100, 105, 110, 103, 34, 58, 91, 34, 67, 65, 80, 95, 67, 72, 79, 87, 78, 34, 44, 34, 67, 65, 80, 95, 68, 65, 67, 95, 79, 86, 69, 82, 82, 73, 68, 69, 34, 44, 34, 67, 65, 80, 95, 70, 83, 69, 84, 73, 68, 34, 44, 34, 67, 65, 80, 95, 70, 79, 87, 78, 69, 82, 34, 44, 34, 67, 65, 80, 95, 77, 75, 78, 79, 68, 34, 44, 34, 67, 65, 80, 95, 78, 69, 84, 95, 82, 65, 87, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 71, 73, 68, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 85, 73, 68, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 70, 67, 65, 80, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 80, 67, 65, 80, 34, 44, 34, 67, 65, 80, 95, 78, 69, 84, 95, 66, 73, 78, 68, 95, 83, 69, 82, 86, 73, 67, 69, 34, 44, 34, 67, 65, 80, 95, 83, 89, 83, 95, 67, 72, 82, 79, 79, 84, 34, 44, 34, 67, 65, 80, 95, 75, 73, 76, 76, 34, 44, 34, 67, 65, 80, 95, 65, 85, 68, 73, 84, 95, 87, 82, 73, 84, 69, 34, 93, 44, 34, 101, 102, 102, 101, 99, 116, 105, 118, 101, 34, 58, 91, 34, 67, 65, 80, 95, 67, 72, 79, 87, 78, 34, 44, 34, 67, 65, 80, 95, 68, 65, 67, 95, 79, 86, 69, 82, 82, 73, 68, 69, 34, 44, 34, 67, 65, 80, 95, 70, 83, 69, 84, 73, 68, 34, 44, 34, 67, 65, 80, 95, 70, 79, 87, 78, 69, 82, 34, 44, 34, 67, 65, 80, 95, 77, 75, 78, 79, 68, 34, 44, 34, 67, 65, 80, 95, 78, 69, 84, 95, 82, 65, 87, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 71, 73, 68, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 85, 73, 68, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 70, 67, 65, 80, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 80, 67, 65, 80, 34, 44, 34, 67, 65, 80, 95, 78, 69, 84, 95, 66, 73, 78, 68, 95, 83, 69, 82, 86, 73, 67, 69, 34, 44, 34, 67, 65, 80, 95, 83, 89, 83, 95, 67, 72, 82, 79, 79, 84, 34, 44, 34, 67, 65, 80, 95, 75, 73, 76, 76, 34, 44, 34, 67, 65, 80, 95, 65, 85, 68, 73, 84, 95, 87, 82, 73, 84, 69, 34, 93, 44, 34, 112, 101, 114, 109, 105, 116, 116, 101, 100, 34, 58, 91, 34, 67, 65, 80, 95, 67, 72, 79, 87, 78, 34, 44, 34, 67, 65, 80, 95, 68, 65, 67, 95, 79, 86, 69, 82, 82, 73, 68, 69, 34, 44, 34, 67, 65, 80, 95, 70, 83, 69, 84, 73, 68, 34, 44, 34, 67, 65, 80, 95, 70, 79, 87, 78, 69, 82, 34, 44, 34, 67, 65, 80, 95, 77, 75, 78, 79, 68, 34, 44, 34, 67, 65, 80, 95, 78, 69, 84, 95, 82, 65, 87, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 71, 73, 68, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 85, 73, 68, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 70, 67, 65, 80, 34, 44, 34, 67, 65, 80, 95, 83, 69, 84, 80, 67, 65, 80, 34, 44, 34, 67, 65, 80, 95, 78, 69, 84, 95, 66, 73, 78, 68, 95, 83, 69, 82, 86, 73, 67, 69, 34, 44, 34, 67, 65, 80, 95, 83, 89, 83, 95, 67, 72, 82, 79, 79, 84, 34, 44, 34, 67, 65, 80, 95, 75, 73, 76, 76, 34, 44, 34, 67, 65, 80, 95, 65, 85, 68, 73, 84, 95, 87, 82, 73, 84, 69, 34, 93, 125, 44, 34, 111, 111, 109, 83, 99, 111, 114, 101, 65, 100, 106, 34, 58, 49, 48, 48, 48, 125] })","level":"DEBG","ts":"2023-09-21T06:56:37.27954331Z","stream id":"287","name":"kata-runtime","subsystem":"service","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"<==== task service ExecProcess","level":"DEBG","ts":"2023-09-21T06:56:37.279584529Z","pid":"1173477","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","version":"0.1.0","subsystem":"service","stream id":"287"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service StateProcess(ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec })","level":"DEBG","ts":"2023-09-21T06:56:37.279706028Z","stream id":"289","subsystem":"service","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service StateProcess(ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec })","level":"DEBG","ts":"2023-09-21T06:56:37.27986513Z","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","version":"0.1.0","pid":"1173477","name":"kata-runtime","subsystem":"service","stream id":"291"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"<==== task service StateProcess(ProcessStateInfo { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", pid: PID { pid: 1173477 }, bundle: \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", stdin: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdin\"), stdout: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdout\"), stderr: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stderr\"), terminal: true, status: Created, exit_status: 0, exited_at: None })","level":"DEBG","ts":"2023-09-21T06:56:37.279903072Z","subsystem":"service","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","pid":"1173477","stream id":"289"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"<==== task service StateProcess(ProcessStateInfo { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", pid: PID { pid: 1173477 }, bundle: \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", stdin: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdin\"), stdout: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdout\"), stderr: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stderr\"), terminal: true, status: Created, exit_status: 0, exited_at: None })","level":"DEBG","ts":"2023-09-21T06:56:37.279938909Z","stream id":"291","pid":"1173477","version":"0.1.0","subsystem":"service","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service StartProcess(ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec })","level":"DEBG","ts":"2023-09-21T06:56:37.279988904Z","subsystem":"service","stream id":"295","version":"0.1.0","name":"kata-runtime","pid":"1173477","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service WaitProcess(ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec })","level":"DEBG","ts":"2023-09-21T06:56:37.280048597Z","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","stream id":"293","pid":"1173477","name":"kata-runtime","version":"0.1.0","subsystem":"service"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"start wait process","level":"INFO","ts":"2023-09-21T06:56:37.280077231Z","container_id":"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170","subsystem":"virt-container","pid":"1173477","exec_id":"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"rpc call from shim to agent: \\\"exec_process\\\"\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.280264239Z\",\"version\":\"0.1.0\",\"pid\":\"56\",\"source\":\"agent\",\"name\":\"kata-agent\",\"subsystem\":\"rpc\"}","level":"INFO","ts":"2023-09-21T06:56:37.280854673Z","name":"kata-runtime","version":"0.1.0","subsystem":"agent","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"do_exec_process cid: dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170 eid: d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.280313954Z\",\"version\":\"0.1.0\",\"source\":\"agent\",\"pid\":\"56\",\"subsystem\":\"rpc\",\"name\":\"kata-agent\"}","level":"INFO","ts":"2023-09-21T06:56:37.280903896Z","subsystem":"agent","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","pid":"1173477","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"before create console socket!\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.280368467Z\",\"subsystem\":\"process\",\"version\":\"0.1.0\",\"name\":\"kata-agent\",\"pid\":\"56\",\"source\":\"agent\"}","level":"INFO","ts":"2023-09-21T06:56:37.280952508Z","subsystem":"agent","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","version":"0.1.0","name":"kata-runtime"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"enter container.start!\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.280407671Z\",\"subsystem\":\"container\",\"source\":\"agent\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"module\":\"rustjail\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"name\":\"kata-agent\",\"version\":\"0.1.0\",\"pid\":\"56\"}","level":"INFO","ts":"2023-09-21T06:56:37.281008214Z","subsystem":"agent","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","version":"0.1.0","name":"kata-runtime"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"exec fifo opened!\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.280445062Z\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"module\":\"rustjail\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"subsystem\":\"container\",\"source\":\"agent\",\"name\":\"kata-agent\",\"version\":\"0.1.0\",\"pid\":\"56\"}","level":"INFO","ts":"2023-09-21T06:56:37.281063769Z","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","subsystem":"agent","version":"0.1.0","pid":"1173477","name":"kata-runtime"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"Continuing execution in temporary process, new child has pid: Pid(90)\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.281390361Z\",\"name\":\"kata-agent\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"version\":\"0.1.0\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"source\":\"agent\",\"pid\":\"56\",\"module\":\"rustjail\",\"action\":\"child process log\",\"subsystem\":\"container\"}","level":"INFO","ts":"2023-09-21T06:56:37.281495847Z","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","version":"0.1.0","subsystem":"agent","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"child pid: 90\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.281548561Z\",\"module\":\"rustjail\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"version\":\"0.1.0\",\"pid\":\"56\",\"name\":\"kata-agent\",\"source\":\"agent\",\"subsystem\":\"container\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\"}","level":"INFO","ts":"2023-09-21T06:56:37.281891496Z","subsystem":"agent","name":"kata-runtime","pid":"1173477","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"try to send spec from parent to child\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.281751154Z\",\"pid\":\"56\",\"subsystem\":\"container\",\"module\":\"rustjail\",\"version\":\"0.1.0\",\"name\":\"kata-agent\",\"source\":\"agent\",\"action\":\"join-namespaces\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\"}","level":"INFO","ts":"2023-09-21T06:56:37.281950718Z","name":"kata-runtime","pid":"1173477","subsystem":"agent","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"wait child received oci spec\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.281777434Z\",\"action\":\"join-namespaces\",\"pid\":\"56\",\"name\":\"kata-agent\",\"source\":\"agent\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"subsystem\":\"container\",\"version\":\"0.1.0\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"module\":\"rustjail\"}","level":"INFO","ts":"2023-09-21T06:56:37.282009048Z","version":"0.1.0","subsystem":"agent","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"temporary parent process exit successfully\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.281802121Z\",\"source\":\"agent\",\"name\":\"kata-agent\",\"module\":\"rustjail\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"version\":\"0.1.0\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"action\":\"child process log\",\"subsystem\":\"container\",\"pid\":\"56\"}","level":"INFO","ts":"2023-09-21T06:56:37.282069523Z","subsystem":"agent","name":"kata-runtime","pid":"1173477","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"handling signal\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.281951854Z\",\"version\":\"0.1.0\",\"pid\":\"56\",\"source\":\"agent\",\"name\":\"kata-agent\",\"subsystem\":\"signals\",\"signal\":\"SIGCHLD\"}","level":"INFO","ts":"2023-09-21T06:56:37.282118616Z","subsystem":"agent","pid":"1173477","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"wait_status\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.281971341Z\",\"source\":\"agent\",\"pid\":\"56\",\"name\":\"kata-agent\",\"version\":\"0.1.0\",\"subsystem\":\"signals\",\"wait_status result\":\"Exited(Pid(89), 0)\"}","level":"INFO","ts":"2023-09-21T06:56:37.282172758Z","subsystem":"agent","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","version":"0.1.0","name":"kata-runtime"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"child process start run\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.282082131Z\",\"module\":\"rustjail\",\"source\":\"agent\",\"name\":\"kata-agent\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"action\":\"child process log\",\"subsystem\":\"container\",\"pid\":\"56\",\"version\":\"0.1.0\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\"}","level":"INFO","ts":"2023-09-21T06:56:37.282233453Z","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","version":"0.1.0","subsystem":"agent"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"notify parent to send oci process\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.282270367Z\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"subsystem\":\"container\",\"name\":\"kata-agent\",\"version\":\"0.1.0\",\"module\":\"rustjail\",\"action\":\"child process log\",\"pid\":\"56\",\"source\":\"agent\"}","level":"INFO","ts":"2023-09-21T06:56:37.282365373Z","version":"0.1.0","subsystem":"agent","pid":"1173477","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"send oci process from parent to child\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.282373543Z\",\"action\":\"join-namespaces\",\"subsystem\":\"container\",\"source\":\"agent\",\"version\":\"0.1.0\",\"pid\":\"56\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"module\":\"rustjail\",\"name\":\"kata-agent\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\"}","level":"INFO","ts":"2023-09-21T06:56:37.282487554Z","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","version":"0.1.0","subsystem":"agent","pid":"1173477","name":"kata-runtime"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"wait child received oci process\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.282398891Z\",\"source\":\"agent\",\"module\":\"rustjail\",\"pid\":\"56\",\"action\":\"join-namespaces\",\"name\":\"kata-agent\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"version\":\"0.1.0\",\"subsystem\":\"container\"}","level":"INFO","ts":"2023-09-21T06:56:37.282546466Z","version":"0.1.0","subsystem":"agent","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"notify parent to send cgroup manager\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.282508207Z\",\"pid\":\"56\",\"name\":\"kata-agent\",\"module\":\"rustjail\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"subsystem\":\"container\",\"version\":\"0.1.0\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"source\":\"agent\",\"action\":\"child process log\"}","level":"INFO","ts":"2023-09-21T06:56:37.2826071Z","pid":"1173477","version":"0.1.0","subsystem":"agent","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"wait child setup user namespace\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.28261507Z\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"action\":\"join-namespaces\",\"source\":\"agent\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"name\":\"kata-agent\",\"subsystem\":\"container\",\"pid\":\"56\",\"module\":\"rustjail\",\"version\":\"0.1.0\"}","level":"INFO","ts":"2023-09-21T06:56:37.282702371Z","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","version":"0.1.0","subsystem":"agent","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"write oom score 1000\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.283029284Z\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"version\":\"0.1.0\",\"action\":\"child process log\",\"subsystem\":\"container\",\"source\":\"agent\",\"pid\":\"56\",\"name\":\"kata-agent\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"module\":\"rustjail\"}","level":"INFO","ts":"2023-09-21T06:56:37.283121094Z","name":"kata-runtime","pid":"1173477","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","subsystem":"agent"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"notify parent unshare user ns completed\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.283144863Z\",\"module\":\"rustjail\",\"source\":\"agent\",\"version\":\"0.1.0\",\"subsystem\":\"container\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"action\":\"child process log\",\"pid\":\"56\",\"name\":\"kata-agent\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\"}","level":"INFO","ts":"2023-09-21T06:56:37.283247483Z","name":"kata-runtime","subsystem":"agent","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"apply processes to cgroups!\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.283374097Z\",\"name\":\"kata-agent\",\"subsystem\":\"container\",\"module\":\"rustjail\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"action\":\"join-namespaces\",\"source\":\"agent\",\"pid\":\"56\",\"version\":\"0.1.0\"}","level":"INFO","ts":"2023-09-21T06:56:37.285212393Z","version":"0.1.0","subsystem":"agent","pid":"1173477","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"notify child to continue\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.284948627Z\",\"subsystem\":\"container\",\"action\":\"join-namespaces\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"name\":\"kata-agent\",\"source\":\"agent\",\"version\":\"0.1.0\",\"pid\":\"56\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"module\":\"rustjail\"}","level":"INFO","ts":"2023-09-21T06:56:37.28529558Z","name":"kata-runtime","version":"0.1.0","subsystem":"agent","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"wait for child process ready to run exec\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.284975448Z\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"action\":\"join-namespaces\",\"pid\":\"56\",\"module\":\"rustjail\",\"source\":\"agent\",\"version\":\"0.1.0\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"subsystem\":\"container\",\"name\":\"kata-agent\"}","level":"INFO","ts":"2023-09-21T06:56:37.285354401Z","name":"kata-runtime","subsystem":"agent","version":"0.1.0","pid":"1173477","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"wait parent to setup user id mapping\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.285000756Z\",\"version\":\"0.1.0\",\"action\":\"child process log\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"module\":\"rustjail\",\"name\":\"kata-agent\",\"subsystem\":\"container\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"pid\":\"56\",\"source\":\"agent\"}","level":"INFO","ts":"2023-09-21T06:56:37.285410237Z","name":"kata-runtime","version":"0.1.0","pid":"1173477","subsystem":"agent","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"join namespace CLONE_NEWIPC\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.285377409Z\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"source\":\"agent\",\"module\":\"rustjail\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"subsystem\":\"container\",\"action\":\"child process log\",\"name\":\"kata-agent\",\"pid\":\"56\",\"version\":\"0.1.0\"}","level":"INFO","ts":"2023-09-21T06:56:37.285570641Z","subsystem":"agent","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","pid":"1173477","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"join namespace CLONE_NEWUTS\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.285443735Z\",\"action\":\"child process log\",\"pid\":\"56\",\"module\":\"rustjail\",\"version\":\"0.1.0\",\"subsystem\":\"container\",\"name\":\"kata-agent\",\"source\":\"agent\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\"}","level":"INFO","ts":"2023-09-21T06:56:37.285629061Z","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","pid":"1173477","subsystem":"agent","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"setup rootfs /run/kata-containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/rootfs\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.285468732Z\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"source\":\"agent\",\"pid\":\"56\",\"module\":\"rustjail\",\"action\":\"child process log\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"version\":\"0.1.0\",\"name\":\"kata-agent\",\"subsystem\":\"container\"}","level":"INFO","ts":"2023-09-21T06:56:37.285688765Z","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","subsystem":"agent","name":"kata-runtime","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"process command: [\\\"/bin/bash\\\"]\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.285639655Z\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"source\":\"agent\",\"name\":\"kata-agent\",\"action\":\"child process log\",\"subsystem\":\"container\",\"module\":\"rustjail\",\"version\":\"0.1.0\",\"pid\":\"56\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\"}","level":"INFO","ts":"2023-09-21T06:56:37.285789896Z","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","name":"kata-runtime","subsystem":"agent"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"begin to stop process","level":"INFO","ts":"2023-09-21T06:56:37.287131877Z","exec_id":"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095","container_id":"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170","pid":"1173477","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","subsystem":"virt-container"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"create container process error the file /bin/bash was not found\",\"level\":\"ERRO\",\"ts\":\"2023-09-21T06:56:37.287135157Z\",\"module\":\"rustjail\",\"pid\":\"56\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"name\":\"kata-agent\",\"version\":\"0.1.0\",\"source\":\"agent\",\"subsystem\":\"container\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\"}","level":"ERRO","ts":"2023-09-21T06:56:37.2875511Z","subsystem":"agent","pid":"1173477","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"temporary parent process exit:child exit: the file /bin/bash was not found\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.28723735Z\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"subsystem\":\"container\",\"source\":\"agent\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"action\":\"child process log\",\"module\":\"rustjail\",\"pid\":\"56\",\"name\":\"kata-agent\",\"version\":\"0.1.0\"}","level":"INFO","ts":"2023-09-21T06:56:37.287632554Z","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","subsystem":"agent","pid":"1173477","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"read child process log end\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.287269741Z\",\"name\":\"kata-agent\",\"source\":\"agent\",\"version\":\"0.1.0\",\"subsystem\":\"container\",\"cid\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"pid\":\"56\",\"module\":\"rustjail\",\"eid\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"action\":\"child process log\"}","level":"INFO","ts":"2023-09-21T06:56:37.287737503Z","pid":"1173477","version":"0.1.0","subsystem":"agent","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"child exited unexpectedly\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.287301171Z\",\"name\":\"kata-agent\",\"pid\":\"56\",\"version\":\"0.1.0\",\"subsystem\":\"signals\",\"child-pid\":\"89\",\"source\":\"agent\"}","level":"INFO","ts":"2023-09-21T06:56:37.28782543Z","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","version":"0.1.0","subsystem":"agent"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"wait_status\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.28732729Z\",\"name\":\"kata-agent\",\"version\":\"0.1.0\",\"source\":\"agent\",\"subsystem\":\"signals\",\"pid\":\"56\",\"wait_status result\":\"Exited(Pid(90), 0)\"}","level":"INFO","ts":"2023-09-21T06:56:37.287906383Z","pid":"1173477","version":"0.1.0","subsystem":"agent","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"child exited unexpectedly\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.28735339Z\",\"subsystem\":\"signals\",\"child-pid\":\"90\",\"name\":\"kata-agent\",\"source\":\"agent\",\"pid\":\"56\",\"version\":\"0.1.0\"}","level":"INFO","ts":"2023-09-21T06:56:37.28801055Z","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","subsystem":"agent","name":"kata-runtime","pid":"1173477","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"failed to signal kill. rpc status: code: INTERNAL message: \"Invalid exec id\"","level":"WARN","ts":"2023-09-21T06:56:37.288065053Z","exec_id":"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095","version":"0.1.0","name":"kata-runtime","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","subsystem":"virt-container","container_id":"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"handling signal\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.2873745Z\",\"subsystem\":\"signals\",\"version\":\"0.1.0\",\"name\":\"kata-agent\",\"source\":\"agent\",\"pid\":\"56\",\"signal\":\"SIGCHLD\"}","level":"INFO","ts":"2023-09-21T06:56:37.288230016Z","pid":"1173477","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","subsystem":"agent"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"begin wait exit","level":"INFO","ts":"2023-09-21T06:56:37.288272236Z","exec_id":"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095","pid":"1173477","version":"0.1.0","subsystem":"virt-container","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","container_id":"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"rpc call from shim to agent: \\\"signal_process\\\"\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.287469389Z\",\"pid\":\"56\",\"name\":\"kata-agent\",\"subsystem\":\"rpc\",\"version\":\"0.1.0\",\"source\":\"agent\"}","level":"INFO","ts":"2023-09-21T06:56:37.288358018Z","name":"kata-runtime","subsystem":"agent","pid":"1173477","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"signal process\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.287552807Z\",\"version\":\"0.1.0\",\"subsystem\":\"rpc\",\"source\":\"agent\",\"pid\":\"56\",\"name\":\"kata-agent\",\"exec-id\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"container-id\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\",\"signal\":\"9\"}","level":"INFO","ts":"2023-09-21T06:56:37.288433691Z","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","version":"0.1.0","subsystem":"agent","name":"kata-runtime"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service StateProcess(ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec })","level":"DEBG","ts":"2023-09-21T06:56:37.28846993Z","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","subsystem":"service","stream id":"297","name":"kata-runtime","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"<==== task service StateProcess(ProcessStateInfo { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", pid: PID { pid: 1173477 }, bundle: \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", stdin: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdin\"), stdout: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdout\"), stderr: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stderr\"), terminal: true, status: Stopped, exit_status: 0, exited_at: None })","level":"DEBG","ts":"2023-09-21T06:56:37.288519033Z","name":"kata-runtime","subsystem":"service","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","version":"0.1.0","pid":"1173477","stream id":"297"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service StateProcess(ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec })","level":"DEBG","ts":"2023-09-21T06:56:37.288559589Z","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","stream id":"299","pid":"1173477","subsystem":"service"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"<==== task service StateProcess(ProcessStateInfo { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", pid: PID { pid: 1173477 }, bundle: \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", stdin: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdin\"), stdout: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdout\"), stderr: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stderr\"), terminal: true, status: Stopped, exit_status: 0, exited_at: None })","level":"DEBG","ts":"2023-09-21T06:56:37.288606388Z","pid":"1173477","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","subsystem":"service","version":"0.1.0","stream id":"299"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service KillProcess(KillRequest { process: ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec }, signal: 9, all: false })","level":"DEBG","ts":"2023-09-21T06:56:37.288650011Z","name":"kata-runtime","stream id":"301","subsystem":"service","pid":"1173477","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service WaitProcess(ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec })","level":"DEBG","ts":"2023-09-21T06:56:37.288690898Z","version":"0.1.0","subsystem":"service","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","stream id":"303","name":"kata-runtime","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"start wait process","level":"INFO","ts":"2023-09-21T06:56:37.288726926Z","subsystem":"virt-container","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","version":"0.1.0","name":"kata-runtime","container_id":"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170","exec_id":"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"failed to signal process ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec } rpc status: code: INTERNAL message: \"Invalid exec id\"","level":"WARN","ts":"2023-09-21T06:56:37.288771581Z","version":"0.1.0","subsystem":"virt-container","pid":"1173477","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"<==== task service KillProcess","level":"DEBG","ts":"2023-09-21T06:56:37.288804172Z","subsystem":"service","stream id":"301","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","version":"0.1.0","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"begin wait exit","level":"INFO","ts":"2023-09-21T06:56:37.288839379Z","name":"kata-runtime","version":"0.1.0","subsystem":"virt-container","exec_id":"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","container_id":"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170","pid":"1173477"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"rpc call from shim to agent: \\\"signal_process\\\"\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.288297257Z\",\"source\":\"agent\",\"subsystem\":\"rpc\",\"version\":\"0.1.0\",\"name\":\"kata-agent\",\"pid\":\"56\"}","level":"INFO","ts":"2023-09-21T06:56:37.288906957Z","subsystem":"agent","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","pid":"1173477","version":"0.1.0"}
Sep 21 14:56:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"{\"msg\":\"signal process\",\"level\":\"INFO\",\"ts\":\"2023-09-21T06:56:37.288316934Z\",\"version\":\"0.1.0\",\"name\":\"kata-agent\",\"pid\":\"56\",\"source\":\"agent\",\"subsystem\":\"rpc\",\"signal\":\"9\",\"exec-id\":\"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\",\"container-id\":\"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\"}","level":"INFO","ts":"2023-09-21T06:56:37.288975998Z","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","pid":"1173477","subsystem":"agent","name":"kata-runtime","version":"0.1.0"}
Sep 21 14:57:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: time="2023-09-21T14:57:37.288310265+08:00" level=error msg="Failed to delete exec process \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\" for container \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\"" error="context deadline exceeded: unknown"
Sep 21 14:57:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: E0921 14:57:37.288361    4624 exec.go:87] error executing command in container: failed to exec in container: failed to start exec "d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095": Others("failed to handler message handler request\n\nCaused by:\n    0: start process\n    1: start\n    2: enter process\n    3: exec process\n    4: rpc status: code: INTERNAL message: \"the file /bin/bash was not found\""): unknown
Sep 21 14:57:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"method handle /containerd.task.v2.Task/Wait got error timed out","level":"ERRO","ts":"2023-09-21T06:57:37.288520212Z","version":"0.1.0","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime","pid":"1173477","subsystem":"root"}
Sep 21 14:57:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"====> task service StateProcess(ContainerProcess { container_id: ContainerID { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\" }, exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", process_type: Exec })","level":"DEBG","ts":"2023-09-21T06:57:37.288586638Z","pid":"1173477","version":"0.1.0","stream id":"413","subsystem":"service","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","name":"kata-runtime"}
Sep 21 14:57:37 iZuf6ir9zx8jfkixmpfxj1Z containerd[4624]: {"msg":"<==== task service StateProcess(ProcessStateInfo { container_id: \"dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", exec_id: \"d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095\", pid: PID { pid: 1173477 }, bundle: \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170\", stdin: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdin\"), stdout: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stdout\"), stderr: Some(\"/run/containerd/io.containerd.grpc.v1.cri/containers/dbf9917fd1b89ddc534c7fb0653784176c0324c45223a82bca7e15fb5b964170/io/3837103425/d8a7bb548961d770985aae53688a5863f53bd03a76af02129e338ff82672c095-stderr\"), terminal: true, status: Stopped, exit_status: 0, exited_at: None })","level":"DEBG","ts":"2023-09-21T06:57:37.288642464Z","name":"kata-runtime","version":"0.1.0","subsystem":"service","pid":"1173477","source":"61b627f7d2cbe2605323218a3e2e75f313ab98941a26a085da341eb5ee5655e1","stream id":"413"}

[liuxu623]

Show kata-collect-data.sh details

# Meta details Running `kata-collect-data.sh` version `3.1.3 (commit ee57732fe08504773b1b5474f2248834ae1fbd66)` at `2023-09-21.11:17:29.853470497+0800`. ---

Runtime

Runtime is `/usr/bin/kata-runtime`. # `kata-env`

/usr/bin/kata-runtime kata-env

```toml [Kernel] Path = "/opt/kata/share/kata-containers/vmlinux-5.19.2-100" Parameters = "systemd.unit=kata-containers.target systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket agent.log=debug agent.debug_console agent.debug_console_vport=1026 console=ttyS1 agent.log_vport=1025" [Meta] Version = "1.0.26" [Image] Path = "/opt/kata/share/kata-containers/kata-containers.img" [Initrd] Path = "" [Hypervisor] MachineType = "" Version = "<>" Path = "" BlockDeviceDriver = "" EntropySource = "/dev/urandom" SharedFS = "" VirtioFSDaemon = "" SocketPath = "" Msize9p = 0 MemorySlots = 10 PCIeRootPort = 0 HotplugVFIOOnRootBus = false Debug = true [Runtime] Path = "/opt/kata/bin/kata-runtime" GuestSeLinuxLabel = "" Debug = true Trace = false DisableGuestSeccomp = true DisableNewNetNs = false SandboxCgroupOnly = true [Runtime.Config] Path = "/opt/kata/share/defaults/kata-containers/configuration-dragonball.toml" [Runtime.Version] OCI = "1.0.2-dev" [Runtime.Version.Version] Semver = "3.1.3" Commit = "ee57732fe08504773b1b5474f2248834ae1fbd66" Major = 3 Minor = 1 Patch = 3 [Host] Kernel = "5.10.134-13.1.al8.x86_64" Architecture = "amd64" VMContainerCapable = true SupportVSocks = true [Host.Distro] Name = "Alibaba Cloud Linux" Version = "3" [Host.CPU] Vendor = "AuthenticAMD" Model = "AMD EPYC 7T83 64-Core Processor" CPUs = 256 [Host.Memory] Total = 527752888 Free = 510518608 Available = 515932444 [Agent] Debug = true Trace = false ```

---

Runtime config files

# Runtime config files ## Runtime default config files ``` /etc/kata-containers/configuration.toml /opt/kata/share/defaults/kata-containers/configuration.toml ``` ## Runtime config file contents

cat "/etc/kata-containers/configuration.toml"

```toml # Copyright (c) 2019-2022 Alibaba Cloud # Copyright (c) 2019-2022 Ant Group # # SPDX-License-Identifier: Apache-2.0 # # XXX: WARNING: this file is auto-generated. # XXX: # XXX: Source file: "config/configuration-dragonball.toml.in" # XXX: Project: # XXX: Name: Kata Containers # XXX: Type: kata [hypervisor.dragonball] path = "" ctlpath = "" kernel = "/opt/kata/share/kata-containers/vmlinux.container" image = "/opt/kata/share/kata-containers/kata-containers.img" # rootfs filesystem type: # - ext4 (default) # - xfs # - erofs rootfs_type="ext4" # List of valid annotation names for the hypervisor # Each member of the list is a regular expression, which is the base name # of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path" enable_annotations = [] # List of valid annotations values for the hypervisor # Each member of the list is a path pattern as described by glob(3). # The default if not set is empty (all annotations rejected.) # Your distribution recommends: [] valid_hypervisor_paths = [] # List of valid annotations values for ctlpath # The default if not set is empty (all annotations rejected.) # Your distribution recommends: # valid_ctlpaths = # Optional space-separated list of options to pass to the guest kernel. # For example, use `kernel_params = "vsyscall=emulate"` if you are having # trouble running pre-2.15 glibc. # # WARNING: - any parameter specified here will take priority over the default # parameter value of the same name used to start the virtual machine. # Do not set values here unless you understand the impact of doing so as you # may stop the virtual machine from booting. # To see the list of default parameters, enable hypervisor debug, create a # container and look for 'default-kernel-parameters' log entries. kernel_params = "console=ttyS1 agent.log_vport=1025" # Path to the firmware. # If you want that DB uses the default firmware leave this option empty firmware = "" # Default number of vCPUs per SB/VM: # unspecified or 0 --> will be set to 1 # < 0 --> will be set to the actual number of physical cores # > 0 <= number of physical cores --> will be set to the specified number # > number of physical cores --> will be set to the actual number of physical cores default_vcpus = 1 # Default maximum number of vCPUs per SB/VM: # unspecified or == 0 --> will be set to the actual number of physical cores or to the maximum number # of vCPUs supported by KVM if that number is exceeded # > 0 <= number of physical cores --> will be set to the specified number # > number of physical cores --> will be set to the actual number of physical cores or to the maximum number # of vCPUs supported by KVM if that number is exceeded # WARNING: Depending of the architecture, the maximum number of vCPUs supported by KVM is used when # the actual number of physical cores is greater than it. # WARNING: Be aware that this value impacts the virtual machine's memory footprint and CPU # the hotplug functionality. For example, `default_maxvcpus = 240` specifies that until 240 vCPUs # can be added to a SB/VM, but the memory footprint will be big. Another example, with # `default_maxvcpus = 8` the memory footprint will be small, but 8 will be the maximum number of # vCPUs supported by the SB/VM. In general, we recommend that you do not edit this variable, # unless you know what are you doing. default_maxvcpus = 1 # Bridges can be used to hot plug devices. # Limitations: # * Currently only pci bridges are supported # * Until 30 devices per bridge can be hot plugged. # * Until 5 PCI bridges can be cold plugged per VM. # This limitation could be a bug in the kernel # Default number of bridges per SB/VM: # unspecified or 0 --> will be set to 0 # > 1 <= 5 --> will be set to the specified number # > 5 --> will be set to 5 default_bridges = 0 # Default memory size in MiB for SB/VM. # If unspecified then it will be set 2048 MiB. default_memory = 2048 # Block storage driver to be used for the hypervisor in case the container # rootfs is backed by a block device. DB only supports virtio-blk. block_device_driver = "virtio-blk" # This option changes the default hypervisor and kernel parameters # to enable debug output where available. # # Default false enable_debug = true # Disable the customizations done in the runtime when it detects # that it is running on top a VMM. This will result in the runtime # behaving as it would when running on bare metal. # #disable_nesting_checks = true # If host doesn't support vhost_net, set to true. Thus we won't create vhost fds for nics. # Default false #disable_vhost_net = true # Path to OCI hook binaries in the *guest rootfs*. # This does not affect host-side hooks which must instead be added to # the OCI spec passed to the runtime. # # You can create a rootfs with hooks by customizing the osbuilder scripts: # https://github.com/kata-containers/kata-containers/tree/main/tools/osbuilder # # Hooks must be stored in a subdirectory of guest_hook_path according to their # hook type, i.e. "guest_hook_path/{prestart,poststart,poststop}". # The agent will scan these directories for executable files and add them, in # lexicographical order, to the lifecycle of the guest container. # Hooks are executed in the runtime namespace of the guest. See the official documentation: # https://github.com/opencontainers/runtime-spec/blob/v1.0.1/config.md#posix-platform-hooks # Warnings will be logged if any error is encountered while scanning for hooks, # but it will not abort container execution. #guest_hook_path = "/usr/share/oci/hooks" # Shared file system type: # - inline-virtio-fs (default) # - virtio-fs # - virtio-9p # - virtio-fs-nydus # "inline-virtio-fs" is the same as "virtio-fs", but it is running in the same process # of shim, does not need an external virtiofsd process. shared_fs = "inline-virtio-fs" # Default size of DAX cache in MiB virtio_fs_cache_size = 0 # Extra args for virtiofsd daemon # # Format example: # ["-o", "arg1=xxx,arg2", "-o", "hello world", "--arg3=yyy"] # Examples: # Set virtiofsd log level to debug : ["-o", "log_level=debug"] or ["-d"] # # see `virtiofsd -h` for possible options. virtio_fs_extra_args = ["--thread-pool-size=1", "-o", "announce_submounts"] # Cache mode: # # - never # Metadata, data, and pathname lookup are not cached in guest. They are # always fetched from host and any changes are immediately pushed to host. # # - auto # Metadata and pathname lookup cache expires after a configured amount of # time (default is 1 second). Data is cached while the file is open (close # to open consistency). # # - always # Metadata, data, and pathname lookup are cached in guest and never expire. virtio_fs_cache = "auto" # Enable huge pages for VM RAM, default false # Enabling this will result in the VM memory # being allocated using huge pages. # This is useful when you want to use vhost-user network # stacks within the container. This will automatically # result in memory pre allocation #enable_hugepages = true [agent.kata] container_pipe_size=1 # If enabled, make the agent display debug-level messages. # (default: disabled) enable_debug = true # Enable agent tracing. # # If enabled, the agent will generate OpenTelemetry trace spans. # # Notes: # # - If the runtime also has tracing enabled, the agent spans will be # associated with the appropriate runtime parent span. # - If enabled, the runtime will wait for the container to shutdown, # increasing the container shutdown time slightly. # # (default: disabled) #enable_tracing = true # Enable debug console. # If enabled, user can connect guest OS running inside hypervisor # through "kata-runtime exec " command debug_console_enabled = true # Agent connection dialing timeout value in seconds # (default: 30) #dial_timeout = 30 [runtime] # If enabled, the runtime will log additional debug messages to the # system log # (default: disabled) enable_debug = true # # Internetworking model # Determines how the VM should be connected to the # the container network interface # Options: # # - bridged (Deprecated) # Uses a linux bridge to interconnect the container interface to # the VM. Works for most cases except macvlan and ipvlan. # ***NOTE: This feature has been deprecated with plans to remove this # feature in the future. Please use other network models listed below. # # # - macvtap # Used when the Container network interface can be bridged using # macvtap. # # - none # Used when customize network. Only creates a tap device. No veth pair. # # - tcfilter # Uses tc filter rules to redirect traffic from the network interface # provided by plugin to a tap interface connected to the VM. # internetworking_model="tcfilter" name="virt_container" hypervisor_name="dragonball" agent_name="kata" # disable guest seccomp # Determines whether container seccomp profiles are passed to the virtual # machine and applied by the kata agent. If set to true, seccomp is not applied # within the guest # (default: true) disable_guest_seccomp=true # If enabled, the runtime will create opentracing.io traces and spans. # (See https://www.jaegertracing.io/docs/getting-started). # (default: disabled) #enable_tracing = true # Set the full url to the Jaeger HTTP Thrift collector. # The default if not set will be "http://localhost:14268/api/traces" #jaeger_endpoint = "" # Sets the username to be used if basic auth is required for Jaeger. #jaeger_user = "" # Sets the password to be used if basic auth is required for Jaeger. #jaeger_password = "" # If enabled, the runtime will not create a network namespace for shim and hypervisor processes. # This option may have some potential impacts to your host. It should only be used when you know what you're doing. # `disable_new_netns` conflicts with `internetworking_model=bridged` and `internetworking_model=macvtap`. It works only # with `internetworking_model=none`. The tap device will be in the host network namespace and can connect to a bridge # (like OVS) directly. # (default: false) #disable_new_netns = true # if enabled, the runtime will add all the kata processes inside one dedicated cgroup. # The container cgroups in the host are not created, just one single cgroup per sandbox. # The runtime caller is free to restrict or collect cgroup stats of the overall Kata sandbox. # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. # The sandbox cgroup is constrained if there is no container type annotation. # See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType sandbox_cgroup_only=true # Enabled experimental feature list, format: ["a", "b"]. # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: # (default: []) experimental=[] # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) # enable_pprof = true static_resource_mgmt=false ```

cat "/opt/kata/share/defaults/kata-containers/configuration.toml"

```toml # Copyright (c) 2017-2019 Intel Corporation # Copyright (c) 2021 Adobe Inc. # # SPDX-License-Identifier: Apache-2.0 # # XXX: WARNING: this file is auto-generated. # XXX: # XXX: Source file: "config/configuration-qemu.toml.in" # XXX: Project: # XXX: Name: Kata Containers # XXX: Type: kata [hypervisor.qemu] path = "/opt/kata/bin/qemu-system-x86_64" kernel = "/opt/kata/share/kata-containers/vmlinux.container" image = "/opt/kata/share/kata-containers/kata-containers.img" # initrd = "/opt/kata/share/kata-containers/kata-containers-initrd.img" machine_type = "q35" # rootfs filesystem type: # - ext4 (default) # - xfs # - erofs rootfs_type="ext4" # Enable confidential guest support. # Toggling that setting may trigger different hardware features, ranging # from memory encryption to both memory and CPU-state encryption and integrity. # The Kata Containers runtime dynamically detects the available feature set and # aims at enabling the largest possible one, returning an error if none is # available, or none is supported by the hypervisor. # # Known limitations: # * Does not work by design: # - CPU Hotplug # - Memory Hotplug # - NVDIMM devices # # Default false # confidential_guest = true # Choose AMD SEV-SNP confidential guests # In case of using confidential guests on AMD hardware that supports both SEV # and SEV-SNP, the following enables SEV-SNP guests. SEV guests are default. # Default false # sev_snp_guest = true # Enable running QEMU VMM as a non-root user. # By default QEMU VMM run as root. When this is set to true, QEMU VMM process runs as # a non-root random user. See documentation for the limitations of this mode. # rootless = true # List of valid annotation names for the hypervisor # Each member of the list is a regular expression, which is the base name # of the annotation, e.g. "path" for io.katacontainers.config.hypervisor.path" enable_annotations = ["enable_iommu"] # List of valid annotations values for the hypervisor # Each member of the list is a path pattern as described by glob(3). # The default if not set is empty (all annotations rejected.) # Your distribution recommends: ["/opt/kata/bin/qemu-system-x86_64"] valid_hypervisor_paths = ["/opt/kata/bin/qemu-system-x86_64"] # Optional space-separated list of options to pass to the guest kernel. # For example, use `kernel_params = "vsyscall=emulate"` if you are having # trouble running pre-2.15 glibc. # # WARNING: - any parameter specified here will take priority over the default # parameter value of the same name used to start the virtual machine. # Do not set values here unless you understand the impact of doing so as you # may stop the virtual machine from booting. # To see the list of default parameters, enable hypervisor debug, create a # container and look for 'default-kernel-parameters' log entries. kernel_params = "" # Path to the firmware. # If you want that qemu uses the default firmware leave this option empty firmware = "" # Path to the firmware volume. # firmware TDVF or OVMF can be split into FIRMWARE_VARS.fd (UEFI variables # as configuration) and FIRMWARE_CODE.fd (UEFI program image). UEFI variables # can be customized per each user while UEFI code is kept same. firmware_volume = "" # Machine accelerators # comma-separated list of machine accelerators to pass to the hypervisor. # For example, `machine_accelerators = "nosmm,nosmbus,nosata,nopit,static-prt,nofw"` machine_accelerators="" # Qemu seccomp sandbox feature # comma-separated list of seccomp sandbox features to control the syscall access. # For example, `seccompsandbox= "on,obsolete=deny,spawn=deny,resourcecontrol=deny"` # Note: "elevateprivileges=deny" doesn't work with daemonize option, so it's removed from the seccomp sandbox # Another note: enabling this feature may reduce performance, you may enable # /proc/sys/net/core/bpf_jit_enable to reduce the impact. see https://man7.org/linux/man-pages/man8/bpfc.8.html #seccompsandbox="on,obsolete=deny,spawn=deny,resourcecontrol=deny" # CPU features # comma-separated list of cpu features to pass to the cpu # For example, `cpu_features = "pmu=off,vmx=off" cpu_features="pmu=off" # Default number of vCPUs per SB/VM: # unspecified or 0 --> will be set to 1 # < 0 --> will be set to the actual number of physical cores # > 0 <= number of physical cores --> will be set to the specified number # > number of physical cores --> will be set to the actual number of physical cores default_vcpus = 1 # Default maximum number of vCPUs per SB/VM: # unspecified or == 0 --> will be set to the actual number of physical cores or to the maximum number # of vCPUs supported by KVM if that number is exceeded # > 0 <= number of physical cores --> will be set to the specified number # > number of physical cores --> will be set to the actual number of physical cores or to the maximum number # of vCPUs supported by KVM if that number is exceeded # WARNING: Depending of the architecture, the maximum number of vCPUs supported by KVM is used when # the actual number of physical cores is greater than it. # WARNING: Be aware that this value impacts the virtual machine's memory footprint and CPU # the hotplug functionality. For example, `default_maxvcpus = 240` specifies that until 240 vCPUs # can be added to a SB/VM, but the memory footprint will be big. Another example, with # `default_maxvcpus = 8` the memory footprint will be small, but 8 will be the maximum number of # vCPUs supported by the SB/VM. In general, we recommend that you do not edit this variable, # unless you know what are you doing. # NOTICE: on arm platform with gicv2 interrupt controller, set it to 8. default_maxvcpus = 0 # Bridges can be used to hot plug devices. # Limitations: # * Currently only pci bridges are supported # * Until 30 devices per bridge can be hot plugged. # * Until 5 PCI bridges can be cold plugged per VM. # This limitation could be a bug in qemu or in the kernel # Default number of bridges per SB/VM: # unspecified or 0 --> will be set to 1 # > 1 <= 5 --> will be set to the specified number # > 5 --> will be set to 5 default_bridges = 1 # Default memory size in MiB for SB/VM. # If unspecified then it will be set 2048 MiB. default_memory = 2048 # # Default memory slots per SB/VM. # If unspecified then it will be set 10. # This is will determine the times that memory will be hotadded to sandbox/VM. #memory_slots = 10 # Default maximum memory in MiB per SB / VM # unspecified or == 0 --> will be set to the actual amount of physical RAM # > 0 <= amount of physical RAM --> will be set to the specified number # > amount of physical RAM --> will be set to the actual amount of physical RAM default_maxmemory = 0 # The size in MiB will be plused to max memory of hypervisor. # It is the memory address space for the NVDIMM devie. # If set block storage driver (block_device_driver) to "nvdimm", # should set memory_offset to the size of block device. # Default 0 #memory_offset = 0 # Specifies virtio-mem will be enabled or not. # Please note that this option should be used with the command # "echo 1 > /proc/sys/vm/overcommit_memory". # Default false #enable_virtio_mem = true # Disable block device from being used for a container's rootfs. # In case of a storage driver like devicemapper where a container's # root file system is backed by a block device, the block device is passed # directly to the hypervisor for performance reasons. # This flag prevents the block device from being passed to the hypervisor, # virtio-fs is used instead to pass the rootfs. disable_block_device_use = false # Shared file system type: # - virtio-fs (default) # - virtio-9p # - virtio-fs-nydus shared_fs = "virtio-fs" # Path to vhost-user-fs daemon. virtio_fs_daemon = "/opt/kata/libexec/virtiofsd" # List of valid annotations values for the virtiofs daemon # The default if not set is empty (all annotations rejected.) # Your distribution recommends: ["/opt/kata/libexec/virtiofsd"] valid_virtio_fs_daemon_paths = ["/opt/kata/libexec/virtiofsd"] # Default size of DAX cache in MiB virtio_fs_cache_size = 0 # Default size of virtqueues virtio_fs_queue_size = 1024 # Extra args for virtiofsd daemon # # Format example: # ["--arg1=xxx", "--arg2=yyy"] # Examples: # Set virtiofsd log level to debug : ["--log-level=debug"] # # see `virtiofsd -h` for possible options. virtio_fs_extra_args = ["--thread-pool-size=1", "--announce-submounts"] # Cache mode: # # - never # Metadata, data, and pathname lookup are not cached in guest. They are # always fetched from host and any changes are immediately pushed to host. # # - auto # Metadata and pathname lookup cache expires after a configured amount of # time (default is 1 second). Data is cached while the file is open (close # to open consistency). # # - always # Metadata, data, and pathname lookup are cached in guest and never expire. virtio_fs_cache = "auto" # Block storage driver to be used for the hypervisor in case the container # rootfs is backed by a block device. This is virtio-scsi, virtio-blk # or nvdimm. block_device_driver = "virtio-scsi" # aio is the I/O mechanism used by qemu # Options: # # - threads # Pthread based disk I/O. # # - native # Native Linux I/O. # # - io_uring # Linux io_uring API. This provides the fastest I/O operations on Linux, requires kernel>5.1 and # qemu >=5.0. block_device_aio = "io_uring" # Specifies cache-related options will be set to block devices or not. # Default false #block_device_cache_set = true # Specifies cache-related options for block devices. # Denotes whether use of O_DIRECT (bypass the host page cache) is enabled. # Default false #block_device_cache_direct = true # Specifies cache-related options for block devices. # Denotes whether flush requests for the device are ignored. # Default false #block_device_cache_noflush = true # Enable iothreads (data-plane) to be used. This causes IO to be # handled in a separate IO thread. This is currently only implemented # for SCSI. # enable_iothreads = false # Enable pre allocation of VM RAM, default false # Enabling this will result in lower container density # as all of the memory will be allocated and locked # This is useful when you want to reserve all the memory # upfront or in the cases where you want memory latencies # to be very predictable # Default false #enable_mem_prealloc = true # Enable huge pages for VM RAM, default false # Enabling this will result in the VM memory # being allocated using huge pages. # This is useful when you want to use vhost-user network # stacks within the container. This will automatically # result in memory pre allocation #enable_hugepages = true # Enable vhost-user storage device, default false # Enabling this will result in some Linux reserved block type # major range 240-254 being chosen to represent vhost-user devices. enable_vhost_user_store = false # The base directory specifically used for vhost-user devices. # Its sub-path "block" is used for block devices; "block/sockets" is # where we expect vhost-user sockets to live; "block/devices" is where # simulated block device nodes for vhost-user devices to live. vhost_user_store_path = "/var/run/kata-containers/vhost-user" # Enable vIOMMU, default false # Enabling this will result in the VM having a vIOMMU device # This will also add the following options to the kernel's # command line: intel_iommu=on,iommu=pt #enable_iommu = true # Enable IOMMU_PLATFORM, default false # Enabling this will result in the VM device having iommu_platform=on set #enable_iommu_platform = true # List of valid annotations values for the vhost user store path # The default if not set is empty (all annotations rejected.) # Your distribution recommends: ["/var/run/kata-containers/vhost-user"] valid_vhost_user_store_paths = ["/var/run/kata-containers/vhost-user"] # The timeout for reconnecting on non-server spdk sockets when the remote end goes away. # qemu will delay this many seconds and then attempt to reconnect. # Zero disables reconnecting, and the default is zero. vhost_user_reconnect_timeout_sec = 0 # Enable file based guest memory support. The default is an empty string which # will disable this feature. In the case of virtio-fs, this is enabled # automatically and '/dev/shm' is used as the backing folder. # This option will be ignored if VM templating is enabled. #file_mem_backend = "" # List of valid annotations values for the file_mem_backend annotation # The default if not set is empty (all annotations rejected.) # Your distribution recommends: [""] valid_file_mem_backends = [""] # -pflash can add image file to VM. The arguments of it should be in format # of ["/path/to/flash0.img", "/path/to/flash1.img"] pflashes = [] # This option changes the default hypervisor and kernel parameters # to enable debug output where available. And Debug also enable the hmp socket. # # Default false enable_debug = true # Disable the customizations done in the runtime when it detects # that it is running on top a VMM. This will result in the runtime # behaving as it would when running on bare metal. # #disable_nesting_checks = true # This is the msize used for 9p shares. It is the number of bytes # used for 9p packet payload. #msize_9p = 8192 # If false and nvdimm is supported, use nvdimm device to plug guest image. # Otherwise virtio-block device is used. # # nvdimm is not supported when `confidential_guest = true`. # # Default is false #disable_image_nvdimm = true # VFIO devices are hotplugged on a bridge by default. # Enable hotplugging on root bus. This may be required for devices with # a large PCI bar, as this is a current limitation with hotplugging on # a bridge. # Default false #hotplug_vfio_on_root_bus = true # Before hot plugging a PCIe device, you need to add a pcie_root_port device. # Use this parameter when using some large PCI bar devices, such as Nvidia GPU # The value means the number of pcie_root_port # This value is valid when hotplug_vfio_on_root_bus is true and machine_type is "q35" # Default 0 #pcie_root_port = 2 # If vhost-net backend for virtio-net is not desired, set to true. Default is false, which trades off # security (vhost-net runs ring0) for network I/O performance. #disable_vhost_net = true # # Default entropy source. # The path to a host source of entropy (including a real hardware RNG) # /dev/urandom and /dev/random are two main options. # Be aware that /dev/random is a blocking source of entropy. If the host # runs out of entropy, the VMs boot time will increase leading to get startup # timeouts. # The source of entropy /dev/urandom is non-blocking and provides a # generally acceptable source of entropy. It should work well for pretty much # all practical purposes. #entropy_source= "/dev/urandom" # List of valid annotations values for entropy_source # The default if not set is empty (all annotations rejected.) # Your distribution recommends: ["/dev/urandom","/dev/random",""] valid_entropy_sources = ["/dev/urandom","/dev/random",""] # Path to OCI hook binaries in the *guest rootfs*. # This does not affect host-side hooks which must instead be added to # the OCI spec passed to the runtime. # # You can create a rootfs with hooks by customizing the osbuilder scripts: # https://github.com/kata-containers/kata-containers/tree/main/tools/osbuilder # # Hooks must be stored in a subdirectory of guest_hook_path according to their # hook type, i.e. "guest_hook_path/{prestart,poststart,poststop}". # The agent will scan these directories for executable files and add them, in # lexicographical order, to the lifecycle of the guest container. # Hooks are executed in the runtime namespace of the guest. See the official documentation: # https://github.com/opencontainers/runtime-spec/blob/v1.0.1/config.md#posix-platform-hooks # Warnings will be logged if any error is encountered while scanning for hooks, # but it will not abort container execution. #guest_hook_path = "/usr/share/oci/hooks" # # Use rx Rate Limiter to control network I/O inbound bandwidth(size in bits/sec for SB/VM). # In Qemu, we use classful qdiscs HTB(Hierarchy Token Bucket) to discipline traffic. # Default 0-sized value means unlimited rate. #rx_rate_limiter_max_rate = 0 # Use tx Rate Limiter to control network I/O outbound bandwidth(size in bits/sec for SB/VM). # In Qemu, we use classful qdiscs HTB(Hierarchy Token Bucket) and ifb(Intermediate Functional Block) # to discipline traffic. # Default 0-sized value means unlimited rate. #tx_rate_limiter_max_rate = 0 # Set where to save the guest memory dump file. # If set, when GUEST_PANICKED event occurred, # guest memeory will be dumped to host filesystem under guest_memory_dump_path, # This directory will be created automatically if it does not exist. # # The dumped file(also called vmcore) can be processed with crash or gdb. # # WARNING: # Dump guest’s memory can take very long depending on the amount of guest memory # and use much disk space. #guest_memory_dump_path="/var/crash/kata" # If enable paging. # Basically, if you want to use "gdb" rather than "crash", # or need the guest-virtual addresses in the ELF vmcore, # then you should enable paging. # # See: https://www.qemu.org/docs/master/qemu-qmp-ref.html#Dump-guest-memory for details #guest_memory_dump_paging=false # Enable swap in the guest. Default false. # When enable_guest_swap is enabled, insert a raw file to the guest as the swap device # if the swappiness of a container (set by annotation "io.katacontainers.container.resource.swappiness") # is bigger than 0. # The size of the swap device should be # swap_in_bytes (set by annotation "io.katacontainers.container.resource.swap_in_bytes") - memory_limit_in_bytes. # If swap_in_bytes is not set, the size should be memory_limit_in_bytes. # If swap_in_bytes and memory_limit_in_bytes is not set, the size should # be default_memory. #enable_guest_swap = true # use legacy serial for guest console if available and implemented for architecture. Default false #use_legacy_serial = true # disable applying SELinux on the VMM process (default false) disable_selinux=false # disable applying SELinux on the container process # If set to false, the type `container_t` is applied to the container process by default. # Note: To enable guest SELinux, the guest rootfs must be CentOS that is created and built # with `SELINUX=yes`. # (default: true) disable_guest_selinux=true [factory] # VM templating support. Once enabled, new VMs are created from template # using vm cloning. They will share the same initial kernel, initramfs and # agent memory by mapping it readonly. It helps speeding up new container # creation and saves a lot of memory if there are many kata containers running # on the same host. # # When disabled, new VMs are created from scratch. # # Note: Requires "initrd=" to be set ("image=" is not supported). # # Default false #enable_template = true # Specifies the path of template. # # Default "/run/vc/vm/template" #template_path = "/run/vc/vm/template" # The number of caches of VMCache: # unspecified or == 0 --> VMCache is disabled # > 0 --> will be set to the specified number # # VMCache is a function that creates VMs as caches before using it. # It helps speed up new container creation. # The function consists of a server and some clients communicating # through Unix socket. The protocol is gRPC in protocols/cache/cache.proto. # The VMCache server will create some VMs and cache them by factory cache. # It will convert the VM to gRPC format and transport it when gets # requestion from clients. # Factory grpccache is the VMCache client. It will request gRPC format # VM and convert it back to a VM. If VMCache function is enabled, # kata-runtime will request VM from factory grpccache when it creates # a new sandbox. # # Default 0 #vm_cache_number = 0 # Specify the address of the Unix socket that is used by VMCache. # # Default /var/run/kata-containers/cache.sock #vm_cache_endpoint = "/var/run/kata-containers/cache.sock" [agent.kata] # If enabled, make the agent display debug-level messages. # (default: disabled) enable_debug = true # Enable agent tracing. # # If enabled, the agent will generate OpenTelemetry trace spans. # # Notes: # # - If the runtime also has tracing enabled, the agent spans will be # associated with the appropriate runtime parent span. # - If enabled, the runtime will wait for the container to shutdown, # increasing the container shutdown time slightly. # # (default: disabled) #enable_tracing = true # Comma separated list of kernel modules and their parameters. # These modules will be loaded in the guest kernel using modprobe(8). # The following example can be used to load two kernel modules with parameters # - kernel_modules=["e1000e InterruptThrottleRate=3000,3000,3000 EEE=1", "i915 enable_ppgtt=0"] # The first word is considered as the module name and the rest as its parameters. # Container will not be started when: # * A kernel module is specified and the modprobe command is not installed in the guest # or it fails loading the module. # * The module is not available in the guest or it doesn't met the guest kernel # requirements, like architecture and version. # kernel_modules=[] # Enable debug console. # If enabled, user can connect guest OS running inside hypervisor # through "kata-runtime exec " command debug_console_enabled = true # Agent connection dialing timeout value in seconds # (default: 30) #dial_timeout = 30 [runtime] # If enabled, the runtime will log additional debug messages to the # system log # (default: disabled) enable_debug = true # # Internetworking model # Determines how the VM should be connected to the # the container network interface # Options: # # - macvtap # Used when the Container network interface can be bridged using # macvtap. # # - none # Used when customize network. Only creates a tap device. No veth pair. # # - tcfilter # Uses tc filter rules to redirect traffic from the network interface # provided by plugin to a tap interface connected to the VM. # internetworking_model="tcfilter" # disable guest seccomp # Determines whether container seccomp profiles are passed to the virtual # machine and applied by the kata agent. If set to true, seccomp is not applied # within the guest # (default: true) disable_guest_seccomp=true # vCPUs pinning settings # if enabled, each vCPU thread will be scheduled to a fixed CPU # qualified condition: num(vCPU threads) == num(CPUs in sandbox's CPUSet) # enable_vcpus_pinning = false # Apply a custom SELinux security policy to the container process inside the VM. # This is used when you want to apply a type other than the default `container_t`, # so general users should not uncomment and apply it. # (format: "user:role:type") # Note: You cannot specify MCS policy with the label because the sensitivity levels and # categories are determined automatically by high-level container runtimes such as containerd. #guest_selinux_label="system_u:system_r:container_t" # If enabled, the runtime will create opentracing.io traces and spans. # (See https://www.jaegertracing.io/docs/getting-started). # (default: disabled) #enable_tracing = true # Set the full url to the Jaeger HTTP Thrift collector. # The default if not set will be "http://localhost:14268/api/traces" #jaeger_endpoint = "" # Sets the username to be used if basic auth is required for Jaeger. #jaeger_user = "" # Sets the password to be used if basic auth is required for Jaeger. #jaeger_password = "" # If enabled, the runtime will not create a network namespace for shim and hypervisor processes. # This option may have some potential impacts to your host. It should only be used when you know what you're doing. # `disable_new_netns` conflicts with `internetworking_model=tcfilter` and `internetworking_model=macvtap`. It works only # with `internetworking_model=none`. The tap device will be in the host network namespace and can connect to a bridge # (like OVS) directly. # (default: false) #disable_new_netns = true # if enabled, the runtime will add all the kata processes inside one dedicated cgroup. # The container cgroups in the host are not created, just one single cgroup per sandbox. # The runtime caller is free to restrict or collect cgroup stats of the overall Kata sandbox. # The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation. # The sandbox cgroup is constrained if there is no container type annotation. # See: https://pkg.go.dev/github.com/kata-containers/kata-containers/src/runtime/virtcontainers#ContainerType sandbox_cgroup_only=true # If enabled, the runtime will attempt to determine appropriate sandbox size (memory, CPU) before booting the virtual machine. In # this case, the runtime will not dynamically update the amount of memory and CPU in the virtual machine. This is generally helpful # when a hardware architecture or hypervisor solutions is utilized which does not support CPU and/or memory hotplug. # Compatibility for determining appropriate sandbox (VM) size: # - When running with pods, sandbox sizing information will only be available if using Kubernetes >= 1.23 and containerd >= 1.6. CRI-O # does not yet support sandbox sizing annotations. # - When running single containers using a tool like ctr, container sizing information will be available. static_sandbox_resource_mgmt=false # If specified, sandbox_bind_mounts identifieds host paths to be mounted (ro) into the sandboxes shared path. # This is only valid if filesystem sharing is utilized. The provided path(s) will be bindmounted into the shared fs directory. # If defaults are utilized, these mounts should be available in the guest at `/run/kata-containers/shared/containers/sandbox-mounts` # These will not be exposed to the container workloads, and are only provided for potential guest services. sandbox_bind_mounts=[] # VFIO Mode # Determines how VFIO devices should be be presented to the container. # Options: # # - vfio # Matches behaviour of OCI runtimes (e.g. runc) as much as # possible. VFIO devices will appear in the container as VFIO # character devices under /dev/vfio. The exact names may differ # from the host (they need to match the VM's IOMMU group numbers # rather than the host's) # # - guest-kernel # This is a Kata-specific behaviour that's useful in certain cases. # The VFIO device is managed by whatever driver in the VM kernel # claims it. This means it will appear as one or more device nodes # or network interfaces depending on the nature of the device. # Using this mode requires specially built workloads that know how # to locate the relevant device interfaces within the VM. # vfio_mode="guest-kernel" # If enabled, the runtime will not create Kubernetes emptyDir mounts on the guest filesystem. Instead, emptyDir mounts will # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest. disable_guest_empty_dir=false # Enabled experimental feature list, format: ["a", "b"]. # Experimental features are features not stable enough for production, # they may break compatibility, and are prepared for a big version bump. # Supported experimental features: # (default: []) experimental=[] # If enabled, user can run pprof tools with shim v2 process through kata-monitor. # (default: false) # enable_pprof = true # WARNING: All the options in the following section have not been implemented yet. # This section was added as a placeholder. DO NOT USE IT! [image] # Container image service. # # Offload the CRI image management service to the Kata agent. # (default: false) #service_offload = true # Container image decryption keys provisioning. # Applies only if service_offload is true. # Keys can be provisioned locally (e.g. through a special command or # a local file) or remotely (usually after the guest is remotely attested). # The provision setting is a complete URL that lets the Kata agent decide # which method to use in order to fetch the keys. # # Keys can be stored in a local file, in a measured and attested initrd: #provision=data:///local/key/file # # Keys could be fetched through a special command or binary from the # initrd (guest) image, e.g. a firmware call: #provision=file:///path/to/bin/fetcher/in/guest # # Keys can be remotely provisioned. The Kata agent fetches them from e.g. # a HTTPS URL: #provision=https://my-key-broker.foo/tenant/ ```

Config file `/usr/share/defaults/kata-containers/configuration.toml` not found ---

Containerd shim v2

Containerd shim v2 is `/usr/bin/containerd-shim-kata-v2`.

containerd-shim-kata-v2 --version

``` Kata Containers containerd shim (Rust): id: io.containerd.kata.v2, version: 3.1.3, commit: ```

---

KSM throttler

# KSM throttler ## version ## systemd service

Image details

# Image details ```yaml --- osbuilder: url: "https://github.com/kata-containers/kata-containers/tools/osbuilder" version: "unknown" rootfs-creation-time: "2023-09-18T13:07:37.331265579+0000Z" description: "osbuilder rootfs" file-format-version: "0.0.2" architecture: "x86_64" base-distro: name: "ubuntu" version: "focal" packages: default: - "chrony" - "dbus" - "init" - "iptables" extra: agent: url: "https://github.com/kata-containers/kata-containers" name: "kata-agent" version: "3.1.3" agent-is-init-daemon: "no" ``` ---

Initrd details

# Initrd details No initrd ---

Logfiles

# Logfiles ## Runtime logs

Runtime logs

No recent runtime problems found in system journal.

## Throttler logs

Throttler logs

No recent throttler problems found in system journal.

## Kata Containerd Shim v2 logs

Kata Containerd Shim v2

Recent problems found in system journal: ``` time="2023-09-20T16:20:52.227333616+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.227350158+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.287793955+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.287840252+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.287867283+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.287893032+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.348166377+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.348207264+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.348234856+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.348261497+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.408542015+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.408567994+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.408586068+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.408601337+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.468862428+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.468891673+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.468912243+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.468929275+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.529290766+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.52932977+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.529377711+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.529405443+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.589680992+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.589718072+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.589747748+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.589773096+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.650021503+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.650048244+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.650064605+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.650081196+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.710432208+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.710475049+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.710504454+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:20:52.71053386+08:00" level=error msg="warning: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4146622 qemuPid=4146634 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:21:26.777494032+08:00" level=warning msg="notify on errors" error="failed to ping agent: Failed to Check if grpc server is working: context deadline exceeded" sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers subsystem=virtcontainers/monitor time="2023-09-20T16:21:26.777608358+08:00" level=warning msg="write error to watcher" error="failed to ping agent: Failed to Check if grpc server is working: context deadline exceeded" sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers subsystem=virtcontainers/monitor time="2023-09-20T16:21:26.777755907+08:00" level=error msg="Wait for process failed" container=2dcd03056a439a41ed5eb467affee699c3662c6c3edeae681d8dbbd063cb64e5 error="Dead agent" name=containerd-shim-v2 pid=2dcd03056a439a41ed5eb467affee699c3662c6c3edeae681d8dbbd063cb64e5 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=containerd-kata-shim-v2 time="2023-09-20T16:21:26.777923104+08:00" level=error msg="Wait for process failed" container=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee error="ttrpc: closed" name=containerd-shim-v2 pid=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=containerd-kata-shim-v2 time="2023-09-20T16:21:26.77807439+08:00" level=warning msg="notify on errors" error="failed to ping agent: Failed to Check if grpc server is working: Dead agent" sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers subsystem=virtcontainers/monitor time="2023-09-20T16:21:26.778119506+08:00" level=warning msg="write error to watcher" error="failed to ping agent: Failed to Check if grpc server is working: Dead agent" sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers subsystem=virtcontainers/monitor time="2023-09-20T16:21:26.783257353+08:00" level=warning msg="Agent did not stop sandbox" error="Dead agent" name=containerd-shim-v2 pid=4146622 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee sandboxid=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers subsystem=sandbox time="2023-09-20T16:21:26.783824207+08:00" level=error msg="Failed to read guest console logs" console-protocol=unix console-url=/run/vc/vm/9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee/console.sock error="read unix @->/run/vc/vm/9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee/console.sock: use of closed network connection" name=containerd-shim-v2 pid=4146622 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers subsystem=sandbox time="2023-09-20T16:21:26.956400913+08:00" level=warning msg="sandbox stopped unexpectedly" error="failed to ping agent: Failed to Check if grpc server is working: context deadline exceeded" name=containerd-shim-v2 pid=4146622 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=containerd-kata-shim-v2 time="2023-09-20T16:21:26.956870512+08:00" level=error msg="failed to cleanup the &{%!s(*cgroups.cgroup=&{0xbdf700 [0xc00042e780 0xc00004adf0 0xc00004ae50 0xc00004ae70 0xc000121e90 0xc00042e7a0] {0 0} }) kubepods-besteffort-podecd66405_7b55_4bfd_b7b8_dd28d47e3b98.slice:cri-containerd:9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee %!s(*specs.LinuxCPU=&{ }) [{%!s(bool=false) %!s(*int64=) %!s(*int64=) rwm} {%!s(bool=true) c %!s(*int64=0xc000646338) %!s(*int64=0xc000646360) rwm} {%!s(bool=true) c %!s(*int64=0xc000646368) %!s(*int64=0xc000646370) rwm} {%!s(bool=true) c %!s(*int64=0xc000645058) %!s(*int64=0xc000645060) rwm} {%!s(bool=true) c %!s(*int64=0xc000645088) %!s(*int64=0xc000645090) rwm} {%!s(bool=true) c %!s(*int64=0xc0006450b8) %!s(*int64=0xc0006450c0) rwm} {%!s(bool=true) c %!s(*int64=0xc0006450e8) %!s(*int64=0xc0006450f0) rwm} {%!s(bool=true) c %!s(*int64=0xc000645118) %!s(*int64=0xc000645120) rwm} {%!s(bool=true) c %!s(*int64=0xc000645148) %!s(*int64=0xc000645150) rwm} {%!s(bool=true) c %!s(*int64=0xc000645178) %!s(*int64=0xc000645180) rwm} {%!s(bool=true) c %!s(*int64=0xc0006451a8) %!s(*int64=0xc0006451b0) rwm} {%!s(bool=true) c %!s(*int64=0xc0006451d8) %!s(*int64=0xc0006451e0) rwm} {%!s(bool=true) c %!s(*int64=0xc000645208) %!s(*int64=0xc000645210) rwm} {%!s(bool=true) c %!s(*int64=0xc000645238) %!s(*int64=0xc000645240) rwm} {%!s(bool=true) c %!s(*int64=0xc000646438) %!s(*int64=0xc000646440) m} {%!s(bool=true) b %!s(*int64=0xc000646438) %!s(*int64=0xc000646440) m} {%!s(bool=true) c %!s(*int64=0xc000646448) %!s(*int64=0xc000646440) rwm} {%!s(bool=true) c %!s(*int64=0xc000646450) %!s(*int64=0xc000646458) rwm}] {%!s(int32=0) %!s(uint32=0)}} resource controllers" error="cgroups: cgroup deleted" name=containerd-shim-v2 pid=4146622 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers subsystem=sandbox time="2023-09-20T16:21:26.956972525+08:00" level=warning msg="Calling Cleanup() on an already cleaned up filesystem" name=containerd-shim-v2 pid=4146622 sandbox=9cf4582007db718af70ba7102001be83af5c5e873f74f03b968369e69d98ebee source=virtcontainers subsystem=fs_share time="2023-09-20T16:53:06.927771499+08:00" level=warning msg="qemu-system-x86_64: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4177580 qemuPid=4177590 sandbox=test-kata1 source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:53:06.927834528+08:00" level=warning msg="qemu-system-x86_64: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4177580 qemuPid=4177590 sandbox=test-kata1 source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:53:06.92785638+08:00" level=warning msg="qemu-system-x86_64: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4177580 qemuPid=4177590 sandbox=test-kata1 source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:53:06.927879303+08:00" level=warning msg="qemu-system-x86_64: KVM_GET_DEVICE_ATTR(0, KVM_X86_XCOMP_GUEST_SUPP) error: -22" name=containerd-shim-v2 pid=4177580 qemuPid=4177590 sandbox=test-kata1 source=virtcontainers/hypervisor subsystem=qemu time="2023-09-20T16:53:07.491212645+08:00" level=error msg="Failed to read guest console logs" console-protocol=unix console-url=/run/vc/vm/test-kata1/console.sock error="read unix @->/run/vc/vm/test-kata1/console.sock: use of closed network connection" name=containerd-shim-v2 pid=4177580 sandbox=test-kata1 source=virtcontainers subsystem=sandbox ```

---

Container manager details

# Container manager details

Kubernetes

## Kubernetes

kubectl version

``` Client Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.11-aliyun.1", GitCommit:"757dfe7e010afcfa31591df65f26b4b80540975e", GitTreeState:"clean", BuildDate:"2022-04-20T07:51:09Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"} The connection to the server localhost:8080 was refused - did you specify the right host or port? ```

kubectl config view

``` apiVersion: v1 clusters: null contexts: null current-context: "" kind: Config preferences: {} users: null ```

systemctl show kubelet

``` Type=simple Restart=always NotifyAccess=none RestartUSec=10s TimeoutStartUSec=1min 30s TimeoutStopUSec=1min 30s RuntimeMaxUSec=infinity WatchdogUSec=0 WatchdogTimestamp=Wed 2023-09-20 19:59:38 CST WatchdogTimestampMonotonic=12233132 PermissionsStartOnly=no RootDirectoryStartOnly=no RemainAfterExit=no GuessMainPID=yes MainPID=4836 ControlPID=0 FileDescriptorStoreMax=0 NFileDescriptorStore=0 StatusErrno=0 Result=success UID=[not set] GID=[not set] NRestarts=0 ExecMainStartTimestamp=Wed 2023-09-20 19:59:38 CST ExecMainStartTimestampMonotonic=12233111 ExecMainExitTimestampMonotonic=0 ExecMainPID=4836 ExecMainCode=0 ExecMainStatus=0 ExecStart={ path=/usr/bin/kubelet ; argv[]=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CGROUP_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS $KUBELET_CUSTOMIZED_ARGS --container-runtime=remote --container-runtime-endpoint=/var/run/containerd/containerd.sock ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 } Slice=system.slice ControlGroup=/system.slice/kubelet.service MemoryCurrent=271073280 CPUUsageNSec=[not set] EffectiveCPUs= EffectiveMemoryNodes= TasksCurrent=159 IPIngressBytes=18446744073709551615 IPIngressPackets=18446744073709551615 IPEgressBytes=18446744073709551615 IPEgressPackets=18446744073709551615 Delegate=no CPUAccounting=no CPUWeight=[not set] StartupCPUWeight=[not set] CPUShares=[not set] StartupCPUShares=[not set] CPUQuotaPerSecUSec=infinity CPUQuotaPeriodUSec=infinity AllowedCPUs= AllowedMemoryNodes= IOAccounting=no IOWeight=[not set] StartupIOWeight=[not set] BlockIOAccounting=no BlockIOWeight=[not set] StartupBlockIOWeight=[not set] MemoryAccounting=yes DefaultMemoryLow=0 DefaultMemoryMin=0 MemoryMin=0 MemoryLow=0 MemoryHigh=infinity MemoryMax=infinity MemorySwapMax=infinity MemoryLimit=infinity DevicePolicy=auto TasksAccounting=yes TasksMax=3298223 IPAccounting=no Environment=GODEBUG=madvdontneed=1 KUBELET_EXTRA_ARGS=--node-labels=alibabacloud.com/nodepool-id=np61a945d250984d87ae5094a7378e69d9,ack.aliyun.com=cc18c5c6ed8bf4fa9bf2606866014e441 [unprintable] [unprintable] [unprintable] [unprintable] [unprintable] KUBELET_CGROUP_ARGS=--cgroup-driver=systemd [unprintable] EnvironmentFiles=/etc/kubernetes/kubelet-customized-args.conf (ignore_errors=yes) UMask=0022 LimitCPU=infinity LimitCPUSoft=infinity LimitFSIZE=infinity LimitFSIZESoft=infinity LimitDATA=infinity LimitDATASoft=infinity LimitSTACK=infinity LimitSTACKSoft=8388608 LimitCORE=infinity LimitCORESoft=0 LimitRSS=infinity LimitRSSSoft=infinity LimitNOFILE=262144 LimitNOFILESoft=1024 LimitAS=infinity LimitASSoft=infinity LimitNPROC=2061389 LimitNPROCSoft=2061389 LimitMEMLOCK=65536 LimitMEMLOCKSoft=65536 LimitLOCKS=infinity LimitLOCKSSoft=infinity LimitSIGPENDING=2061389 LimitSIGPENDINGSoft=2061389 LimitMSGQUEUE=819200 LimitMSGQUEUESoft=819200 LimitNICE=0 LimitNICESoft=0 LimitRTPRIO=0 LimitRTPRIOSoft=0 LimitRTTIME=infinity LimitRTTIMESoft=infinity OOMScoreAdjust=0 Nice=0 IOSchedulingClass=0 IOSchedulingPriority=0 CPUSchedulingPolicy=0 CPUSchedulingPriority=0 CPUAffinity= CPUAffinityFromNUMA=no NUMAPolicy=n/a NUMAMask= TimerSlackNSec=50000 CPUSchedulingResetOnFork=no NonBlocking=no StandardInput=null StandardInputData= StandardOutput=journal StandardError=inherit TTYReset=no TTYVHangup=no TTYVTDisallocate=no SyslogPriority=30 SyslogLevelPrefix=yes SyslogLevel=6 SyslogFacility=3 LogLevelMax=-1 LogRateLimitIntervalUSec=0 LogRateLimitBurst=0 SecureBits=0 CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read 0x26 0x27 AmbientCapabilities= DynamicUser=no RemoveIPC=no MountFlags= PrivateTmp=no PrivateDevices=no ProtectKernelTunables=no ProtectKernelModules=no ProtectControlGroups=no PrivateNetwork=no PrivateUsers=no PrivateMounts=no ProtectHome=no ProtectSystem=no SameProcessGroup=no UtmpMode=init IgnoreSIGPIPE=yes NoNewPrivileges=no SystemCallErrorNumber=0 LockPersonality=no RuntimeDirectoryPreserve=no RuntimeDirectoryMode=0755 StateDirectoryMode=0755 CacheDirectoryMode=0755 LogsDirectoryMode=0755 ConfigurationDirectoryMode=0755 MemoryDenyWriteExecute=no RestrictRealtime=no RestrictSUIDSGID=no RestrictNamespaces=no MountAPIVFS=no KeyringMode=private KillMode=control-group KillSignal=15 SendSIGKILL=yes SendSIGHUP=no Id=kubelet.service Names=kubelet.service Requires=sysinit.target system.slice WantedBy=multi-user.target Conflicts=shutdown.target Before=shutdown.target multi-user.target After=basic.target docker.service systemd-journald.socket system.slice sysinit.target containerd.service Documentation=http://kubernetes.io/docs/ Description=kubelet: The Kubernetes Node Agent LoadState=loaded ActiveState=active FreezerState=running SubState=running FragmentPath=/etc/systemd/system/kubelet.service DropInPaths=/etc/systemd/system/kubelet.service.d/10-kubeadm.conf UnitFileState=enabled UnitFilePreset=enabled StateChangeTimestamp=Wed 2023-09-20 19:59:38 CST StateChangeTimestampMonotonic=12233132 InactiveExitTimestamp=Wed 2023-09-20 19:59:38 CST InactiveExitTimestampMonotonic=12233132 ActiveEnterTimestamp=Wed 2023-09-20 19:59:38 CST ActiveEnterTimestampMonotonic=12233132 ActiveExitTimestampMonotonic=0 InactiveEnterTimestampMonotonic=0 CanStart=yes CanStop=yes CanReload=no CanIsolate=no CanFreeze=yes StopWhenUnneeded=no RefuseManualStart=no RefuseManualStop=no AllowIsolate=no DefaultDependencies=yes OnFailureJobMode=replace IgnoreOnIsolate=no NeedDaemonReload=no JobTimeoutUSec=infinity JobRunningTimeoutUSec=infinity JobTimeoutAction=none ConditionResult=yes AssertResult=yes ConditionTimestamp=Wed 2023-09-20 19:59:38 CST ConditionTimestampMonotonic=12230416 AssertTimestamp=Wed 2023-09-20 19:59:38 CST AssertTimestampMonotonic=12230416 Transient=no Perpetual=no StartLimitIntervalUSec=0 StartLimitBurst=5 StartLimitAction=none FailureAction=none SuccessAction=none InvocationID=6de74862e3b64e1c9fd217d5dfff9a15 CollectMode=inactive ```

containerd

## containerd

containerd --version

``` containerd containerd.io 1.5.13 a17ec496a95e55601607ca50828147e8ccaeebf1 ```

systemctl show containerd

``` Type=notify Restart=always NotifyAccess=main RestartUSec=5s TimeoutStartUSec=1min 30s TimeoutStopUSec=1min 30s RuntimeMaxUSec=infinity WatchdogUSec=0 WatchdogTimestamp=Wed 2023-09-20 19:59:38 CST WatchdogTimestampMonotonic=12230317 PermissionsStartOnly=no RootDirectoryStartOnly=no RemainAfterExit=no GuessMainPID=yes MainPID=4624 ControlPID=0 FileDescriptorStoreMax=0 NFileDescriptorStore=0 StatusErrno=0 Result=success UID=[not set] GID=[not set] NRestarts=0 ExecMainStartTimestamp=Wed 2023-09-20 19:59:37 CST ExecMainStartTimestampMonotonic=12053195 ExecMainExitTimestampMonotonic=0 ExecMainPID=4624 ExecMainCode=0 ExecMainStatus=0 ExecStartPre={ path=/sbin/modprobe ; argv[]=/sbin/modprobe overlay ; ignore_errors=yes ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 } ExecStart={ path=/usr/bin/containerd ; argv[]=/usr/bin/containerd ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 } Slice=system.slice ControlGroup=/system.slice/containerd.service MemoryCurrent=587059200 CPUUsageNSec=[not set] EffectiveCPUs= EffectiveMemoryNodes= TasksCurrent=393 IPIngressBytes=18446744073709551615 IPIngressPackets=18446744073709551615 IPEgressBytes=18446744073709551615 IPEgressPackets=18446744073709551615 Delegate=yes DelegateControllers=cpu cpuacct cpuset io blkio memory devices pids CPUAccounting=no CPUWeight=[not set] StartupCPUWeight=[not set] CPUShares=[not set] StartupCPUShares=[not set] CPUQuotaPerSecUSec=infinity CPUQuotaPeriodUSec=infinity AllowedCPUs= AllowedMemoryNodes= IOAccounting=no IOWeight=[not set] StartupIOWeight=[not set] BlockIOAccounting=no BlockIOWeight=[not set] StartupBlockIOWeight=[not set] MemoryAccounting=yes DefaultMemoryLow=0 DefaultMemoryMin=0 MemoryMin=0 MemoryLow=0 MemoryHigh=infinity MemoryMax=infinity MemorySwapMax=infinity MemoryLimit=infinity DevicePolicy=auto TasksAccounting=yes TasksMax=infinity IPAccounting=no UMask=0022 LimitCPU=infinity LimitCPUSoft=infinity LimitFSIZE=infinity LimitFSIZESoft=infinity LimitDATA=infinity LimitDATASoft=infinity LimitSTACK=infinity LimitSTACKSoft=8388608 LimitCORE=infinity LimitCORESoft=infinity LimitRSS=infinity LimitRSSSoft=infinity LimitNOFILE=1048576 LimitNOFILESoft=1048576 LimitAS=infinity LimitASSoft=infinity LimitNPROC=infinity LimitNPROCSoft=infinity LimitMEMLOCK=65536 LimitMEMLOCKSoft=65536 LimitLOCKS=infinity LimitLOCKSSoft=infinity LimitSIGPENDING=2061389 LimitSIGPENDINGSoft=2061389 LimitMSGQUEUE=819200 LimitMSGQUEUESoft=819200 LimitNICE=0 LimitNICESoft=0 LimitRTPRIO=0 LimitRTPRIOSoft=0 LimitRTTIME=infinity LimitRTTIMESoft=infinity OOMScoreAdjust=-999 Nice=0 IOSchedulingClass=0 IOSchedulingPriority=0 CPUSchedulingPolicy=0 CPUSchedulingPriority=0 CPUAffinity= CPUAffinityFromNUMA=no NUMAPolicy=n/a NUMAMask= TimerSlackNSec=50000 CPUSchedulingResetOnFork=no NonBlocking=no StandardInput=null StandardInputData= StandardOutput=journal StandardError=inherit TTYReset=no TTYVHangup=no TTYVTDisallocate=no SyslogPriority=30 SyslogLevelPrefix=yes SyslogLevel=6 SyslogFacility=3 LogLevelMax=-1 LogRateLimitIntervalUSec=0 LogRateLimitBurst=0 SecureBits=0 CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read 0x26 0x27 AmbientCapabilities= DynamicUser=no RemoveIPC=no MountFlags= PrivateTmp=no PrivateDevices=no ProtectKernelTunables=no ProtectKernelModules=no ProtectControlGroups=no PrivateNetwork=no PrivateUsers=no PrivateMounts=no ProtectHome=no ProtectSystem=no SameProcessGroup=no UtmpMode=init IgnoreSIGPIPE=yes NoNewPrivileges=no SystemCallErrorNumber=0 LockPersonality=no RuntimeDirectoryPreserve=no RuntimeDirectoryMode=0755 StateDirectoryMode=0755 CacheDirectoryMode=0755 LogsDirectoryMode=0755 ConfigurationDirectoryMode=0755 MemoryDenyWriteExecute=no RestrictRealtime=no RestrictSUIDSGID=no RestrictNamespaces=no MountAPIVFS=no KeyringMode=private KillMode=process KillSignal=15 SendSIGKILL=yes SendSIGHUP=no Id=containerd.service Names=containerd.service Requires=sysinit.target system.slice WantedBy=multi-user.target Conflicts=shutdown.target Before=kubelet.service shutdown.target multi-user.target After=sysinit.target system.slice systemd-journald.socket basic.target network.target local-fs.target Documentation=https://containerd.io Description=containerd container runtime LoadState=loaded ActiveState=active FreezerState=running SubState=running FragmentPath=/etc/systemd/system/containerd.service UnitFileState=enabled UnitFilePreset=enabled StateChangeTimestamp=Wed 2023-09-20 19:59:38 CST StateChangeTimestampMonotonic=12230317 InactiveExitTimestamp=Wed 2023-09-20 19:59:37 CST InactiveExitTimestampMonotonic=12036811 ActiveEnterTimestamp=Wed 2023-09-20 19:59:38 CST ActiveEnterTimestampMonotonic=12230317 ActiveExitTimestampMonotonic=0 InactiveEnterTimestampMonotonic=0 CanStart=yes CanStop=yes CanReload=no CanIsolate=no CanFreeze=yes StopWhenUnneeded=no RefuseManualStart=no RefuseManualStop=no AllowIsolate=no DefaultDependencies=yes OnFailureJobMode=replace IgnoreOnIsolate=no NeedDaemonReload=no JobTimeoutUSec=infinity JobRunningTimeoutUSec=infinity JobTimeoutAction=none ConditionResult=yes AssertResult=yes ConditionTimestamp=Wed 2023-09-20 19:59:37 CST ConditionTimestampMonotonic=12035694 AssertTimestamp=Wed 2023-09-20 19:59:37 CST AssertTimestampMonotonic=12035694 Transient=no Perpetual=no StartLimitIntervalUSec=10s StartLimitBurst=5 StartLimitAction=none FailureAction=none SuccessAction=none InvocationID=8bc2951823604b6889dc02f2f8556851 CollectMode=inactive ```

cat /etc/containerd/config.toml

```toml version = 2 root = "/var/lib/containerd" state = "/run/containerd" disabled_plugins = [] required_plugins = ["io.containerd.grpc.v1.cri"] oom_score = -999 # Alibaba Cloud Vendor enhancement configuration # imports = ["/etc/containerd/alibabacloud.toml"] [grpc] address = "/run/containerd/containerd.sock" max_recv_message_size = 16777216 max_send_message_size = 16777216 [debug] address = "/run/containerd/debug.sock" level = "debug" [timeouts] "io.containerd.timeout.shim.cleanup" = "5s" "io.containerd.timeout.shim.load" = "5s" "io.containerd.timeout.shim.shutdown" = "3s" "io.containerd.timeout.task.state" = "2s" [plugins] [plugins."io.containerd.gc.v1.scheduler"] pause_threshold = 0.02 deletion_threshold = 0 mutation_threshold = 100 schedule_delay = "0s" startup_delay = "100ms" [plugins."io.containerd.grpc.v1.cri"] sandbox_image = "registry-vpc.cn-shanghai.aliyuncs.com/acs/pause:3.5" ignore_image_defined_volumes = true [plugins."io.containerd.grpc.v1.cri".containerd] snapshotter = "overlayfs" disable_snapshot_annotations = true discard_unpacked_layers = false default_runtime_name = "runc" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.kata] runtime_type = "io.containerd.kata.v2" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] runtime_type = "io.containerd.runc.v2" privileged_without_host_devices = false [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] NoPivotRoot = false NoNewKeyring = false SystemdCgroup = true [plugins."io.containerd.grpc.v1.cri".cni] bin_dir = "/opt/cni/bin" conf_dir = "/etc/cni/net.d" max_conf_num = 1 [plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://registry-1.docker.io"] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker-reg.devops.xiaohongshu.com"] endpoint = ["http://10.144.9.221:7071","https://docker-reg.devops.xiaohongshu.com"] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."artifactory-hz.devops.xiaohongshu.com"] endpoint = ["http://10.144.9.221:7071","https://artifactory-hz.devops.xiaohongshu.com"] [plugins."io.containerd.internal.v1.opt"] path = "/opt/containerd" [plugins."io.containerd.internal.v1.restart"] interval = "10s" [plugins."io.containerd.metadata.v1.bolt"] content_sharing_policy = "shared" ```

---

Packages

# Packages No `dpkg` Have `rpm`

rpm -qa|egrep "(cc-oci-runtime|cc-runtime|runv|kata-runtime|kata-ksm-throttler|kata-containers-image|linux-container|qemu-)"

``` ```

---

Kata Monitor

Kata Monitor `kata-monitor`.

kata-monitor --version

``` kata-monitor Version: 0.3.0 Go version: go1.19.3 Git commit: ee57732fe08504773b1b5474f2248834ae1fbd66 OS/Arch: linux/amd64 ```

---