search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
https://docs.saltproject.io/salt/install-guide/en/latest/
Apache License 2.0
14.2k stars 5.48k forks source link

sysctl tcp_timestamps modification fails docker container start #49233

Closed BruXy closed 4 years ago

BruXy commented 6 years ago

Description of Issue

I have some generic docker_container.running state. I have disabled sysctl with net.ipv4.tcp_timestamps set to 0:

{{ container }}_run:
  docker_container.running:
    - name: {{ container }}
    - image: {{ image }}
    - hostname: {{ container_hostname }}
    - sysctls:
      - net.ipv4.tcp_timestamps: 0
    - detach: True
    - network_mode: {{ name }}
    - restart_policy: always
    - port_bindings:
    - require:
      - docker_image: {{ image }}_pull

The container is not started and I am getting this docker related error:

 Comment: Failed to start container 'container_name': 'Error 500: OCI runtime create failed: container_linux.go:296: starting container process caused "process_linux.go:398: container init caused \"open /
proc/sys/net/ipv4/tcp_timestamps: no such file or directory\"": unknown'

Versions Report

Salt Version:
           Salt: 2017.7.7

Dependency Versions:
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: 2.5.3
      docker-py: 2.5.1
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.10
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: 1.0.3
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: Not Installed
      pycparser: Not Installed
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 2.7.12 (default, Dec  4 2017, 14:50:18)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.2.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.4.3
            ZMQ: 4.1.4

System Versions:
           dist: Ubuntu 16.04 xenial
         locale: UTF-8
        machine: x86_64
        release: 4.4.0-1057-aws
         system: Linux
        version: Ubuntu 16.04 xenial
garethgreenaway commented 6 years ago

@BruXy Thanks for the report. This seems like more of a Docker or Docker image issue than a Salt issue. The error you're getting back and the reason the container is unable to start seems to be because the proc file in question does not exist. Are you able to create the container from that state, then exec in and verify that the file you're attempt to update exists?

BruXy commented 6 years ago

@garethgreenaway Yes, I agree that it is probably more a docker issue. However, I am not sure what in the execution chain is trying to open /proc/sys/net/ipv4/tcp_timestamps. The file does not exist inside the container and sysctl itself will give this error:

# sysctl -w net.ipv4.tcp_timestamps=0
sysctl: cannot stat /proc/sys/net/ipv4/tcp_timestamps: No such file or directory
garethgreenaway commented 6 years ago

@BruXy I believe it is your sysctls line in the above state that is the culprit.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.