search

srl-labs / containerlab

container-based networking labs
https://containerlab.dev
BSD 3-Clause "New" or "Revised" License
1.57k stars 267 forks source link

cEOS and cgroups v2 #467

Closed nleiva closed 3 years ago

nleiva commented 3 years ago

This is just FYI in case someone else runs into this.

cEOS images wouldn't run on a Fedora34 system. This is what the logs would show, after running the topology with Containerlab:

⇨  docker logs clab-mylab-router2
Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to CentOS Linux 7 (AltArch)!

Set hostname to <router2>.
Cannot determine cgroup we are running in: No such file or directory
Failed to allocate manager object: No such file or directory
[!!!!!!] Failed to allocate manager object, freezing.

In a nutshell, Fedora31+ comes with cgroups v2 and reverting Systemd configuration to use cgroups v1 fixes the issue:

sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
reboot

Other systems like RHEL 8 ship with cgroups v1 as the default, so it's a non-issue there.

I'm running Docker 20.10.7, which supports cgroups v2 (both rootful and rootless). So I'm not sure yet what it's causing this, but I thought I might share to save time and a headache to others.

hellt commented 3 years ago

Hi @nleiva I confirm that, spun up fedora 33 and I see the same behaviour with ceos:4.25.0F Since srlinux container doesn't experience any issues on the same fedora33, I take it as an issue with a ceos-Lab container.

I guess you have used the latest ceos container available? Because mine 4.25.0F is not of the latest version.

I propose we add a doc note on the ceos kind mentioning this limitation/known-issue, I will take it as an action point

I wonder if any aristians know anything about cgroup v2 limitation, pinging @burnyd @sulrich @dharmbhai @noredistribution

sulrich commented 3 years ago

huh. this whole cgroups v2 thing is news to me. i'll do a bit of digging. thanks for the heads up.

sulrich commented 3 years ago

digging into this a bit further, it looks like cgroups v1 is what is currently supported in ceos-lab.

i'm happy to pull together some documentation updates on this front in the near-term.

hellt commented 3 years ago

a doc note has been added in #470 thank you all for digging in and finding the root cause