search

moby / moby

The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
https://mobyproject.org/
Apache License 2.0
68.51k stars 18.63k forks source link

Real-Time Containers on Cgroups v2 #48259

Open nnzv opened 1 month ago

nnzv commented 1 month ago

Description

Moby shows a false error when running a real-time container. Despite enabling the correct settings and using cgroups v2, users may receive an error suggesting their kernel lacks support for real-time scheduling. The error message should be improved to help users who have configured their kernel correctly but still face issues due to unsupported cgroup v2 usage with real-time CPU scheduling.

Reproduce

  1. Enable CONFIG_RT_GROUP_SCHED in your kernel configuration
  2. Use Cgroups v2
  3. Run the real-time container 
    docker run -it --cpu-rt-runtime=950000 --ulimit rtprio=99 --cap-add=sys_nice debian:jessie

Expected behavior

If you configure the kernel correctly but are using cgroups v2, attempting to create a real-time container should produce an error similar to the one you get when running the same container with Podman, which provides a clearer message

podman run -it --cpu-rt-runtime=950000 --ulimit rtprio=99 --cap-add=sys_nice debian:jessie
Realtime runtime not supported on cgroups V2 systems

docker version

Client:
 Version:           24.0.7
 API version:       1.43
 Go version:        go1.22.2
 Git commit:        24.0.7-0ubuntu4
 Built:             Wed Apr 17 20:08:25 2024
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          24.0.7
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.22.2
  Git commit:       24.0.7-0ubuntu4
  Built:            Wed Apr 17 20:08:25 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.7.16
  GitCommit:        83031836b2cf55637d7abf847b17134c51b38e53
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e946
 docker-init:
  Version:          0.19.0
  GitCommit:

docker info

Client:
 Version:    24.0.7
 Context:    default
 Debug Mode: false

Server:
 Containers: 3
  Running: 0
  Paused: 0
  Stopped: 3
 Images: 5
 Server Version: 24.0.7
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 83031836b2cf55637d7abf847b17134c51b38e53
 runc version: v1.1.12-0-g51d5e946
 init version: 
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.10.0
 Operating System: Ubuntu 24.04 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 3.825GiB
 Name: lima-kcd
 ID: b1d62648-4ab0-450d-8c87-52b05d16395a
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

Client:       Podman Engine
Version:      4.9.3
API Version:  4.9.3
Go Version:   go1.22.2
Built:        Wed Dec 31 19:00:00 1969
OS/Arch:      linux/amd64
nnzv commented 1 month ago

CC @erikstmartin