search

kata-containers / kata-containers

Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
Apache License 2.0
5.08k stars 1k forks source link

runtime-rs: container start fails under cri-o #9847

Closed pmores closed 6 hours ago

pmores commented 1 week ago

When cri-o tries to launch a runtime-rs pod it fails with

ERROR: containerd-shim-kata-v2 failed: shim start

Caused by:
   0: do start
   1: failed to get bundle path
   2: No such file or directory (os error 2): connect: invalid argument

This happens when the shim is launched with the "start" argument and container_type is ContainerType::PodContainer in ShimExecutor::do_start(). ShimExecutor::get_shim_info_from_sandbox() is then called which tries to derive the path to the sandbox bundle from the container bundle the shim is currently running in.

This fails since the bundle directory structure is different between containerd and cri-o (containerd stores the bundles in <container_root>/<sandbox_id> and <container_root>/<container_id> while cri-o in <container_root>/<sandbox_id>/userdata and <container_root>/<container_id>/userdata, respectively).

Having discussed this with @littlejawa we believe that the shim shouldn't try to access the sandbox bundle in the first place while starting a container. For a smoke test, I've removed the offending code locally and have been running with it for a bit, having observed no ill effects so far.

Do you folks agree that this is the right solution? Admittedly I'm not clear what the reason for the current shim behaviour was in the first place so I might be missing something.

gkurz commented 1 week ago

@pmores Please create a PR with your proposed change. It will be easier to discuss there.