search

nestybox / sysbox

An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
Apache License 2.0
2.78k stars 152 forks source link

docker-compose with sysbox start failed #286

Closed wuliang142857 closed 3 years ago

wuliang142857 commented 3 years ago

I use sysbox as a default runtime, which configured to /etc/docker/daemon.json: 

{
  "data-root": "/mnt/data_1/home/admin/docker",
  "iptables": true,
  "ipv6": false,
  "bip": "172.20.0.1/16",
  "default-address-pools": [
    {
      "base": "172.25.0.0/16",
      "size": 24
    }
  ],
  "default-runtime": "sysbox-runc",
  "runtimes": {
       "sysbox-runc": {
          "path": "/usr/local/sbin/sysbox-runc"
       }
   }
}

Then I start container with docker-compose, but failed, erro message like:

Creating cchain-ambari-worker-0 ... error

ERROR: for cchain-ambari-worker-0  Cannot start service cchain-ambari-worker-0: OCI runtime create failed: container_linux.go:392: starting container process caused: process_linux.go:592: container init caused: rootfs_linux.go:67: setting up rootfs mounts caused: rootfs_linux.go:1080: mounting "sysfs" to rootfs "/mnt/data_1/home/admin/docker/overlay2/73e7d977193f3758bc2846ccd2921f6c9c3c8789fc7dd28040501ae2c5ff2709/merged" at "sys" caused: operation not permitted: unknown

ERROR: for cchain-ambari-worker-0  Cannot start service cchain-ambari-worker-0: OCI runtime create failed: container_linux.go:392: starting container process caused: process_linux.go:592: container init caused: rootfs_linux.go:67: setting up rootfs mounts caused: rootfs_linux.go:1080: mounting "sysfs" to rootfs "/mnt/data_1/home/admin/docker/overlay2/73e7d977193f3758bc2846ccd2921f6c9c3c8789fc7dd28040501ae2c5ff2709/merged" at "sys" caused: operation not permitted: unknown

How to fix it? thanks

ctalledo commented 3 years ago

Hi @wuliang142857,

Thanks for giving Sysbox a try!

Strange that you are getting this error. It means that Sysbox is having problems creating the container, as it's hit a "permission denied" (EPERM) from the kernel.

Question: are you able to create a Sysbox container with plain Docker? For example, does this work?

$ docker run --runtime=sysbox-runc -it --rm alpine

Also, I noticed that your Docker data root is configured as /mnt/data_1/home/admin/docker (rather than the usual /var/lib/docker). This is fine, but do you know if that data-root is on ext4? In the past we found a problem when the data-root was on top of an LVM (see https://github.com/nestybox/sysbox/issues/162#issuecomment-748523633). Could this be your case too?

ctalledo commented 3 years ago

Closing as stale issue; please re-open if problem re-occurs.