4:58 a.m.
Thank you! Works exactly as you wrote down:
$ sudo podman info | grep -e cgroup -e crun
cgroupManager: systemd
cgroupVersion: v2
name: crun
package: crun-0.16-3.fc33.x86_64
path: /usr/bin/crun
crun version 0.16
$ sudo podman run -ti -p 22 --privileged=true localhost/rhel7-ubi-init-smallest
Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
[!!!!!!] Failed to mount API filesystems, freezing.
$ sudo mkdir /sys/fs/cgroup/systemd
$ sudo mount none -t cgroup -o none,name=systemd /sys/fs/cgroup/systemd
$ sudo podman run --annotation run.oci.systemd.force_cgroup_v1=/sys/fs/cgroup -ti -p
22 --privileged=true localhost/rhel7-ubi-init-smallest
Thank you a lot,
Jan
On 2021-01-05 09:52 +0100, Giuseppe Scrivano wrote:
Hi Jan,
are you using cgroup v2 on your host? podman info can confirm that.
If so, the ubi7 image uses a systemd version that has no support for
cgroup v2.
What you can do is:
1) use cgroup v1 on the host
2) use ubi:8 for the container
3) if you are using crun, you can mount cgroup v1 in the container:
# mkdir /sys/fs/cgroup/systemd
# mount none -t cgroup -o none,name=systemd /sys/fs/cgroup/systemd
# podman run --annotation run.oci.systemd.force_cgroup_v1=/sys/fs/cgroup ....
Giuseppe
Jan Hutař <jhutar(a)redhat.com> writes:
> Hello!
>
> I have an issue with running "ubi7-init" based container. When I base mine
> container on "fedora", it works fine:
>
> $ cat Containerfile
> FROM fedora
> RUN dnf -y install httpd; dnf clean all; systemctl enable httpd
> EXPOSE 80
> CMD [ "/sbin/init" ]
>
> and then:
>
> $ sudo podman build -f Containerfile
> $ sudo podman run -ti -p 80:80
20185593d0f96c4dee56e351eae4754cdd429679c1b645dae1b6f24880ce33fc
> systemd v246.6-3.fc33 running in system mode. (+PAM +AUDIT
> +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT
> +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN
> +PCRE2 default-hierarchy=unified)
> [...]
> [ OK ] Started The Apache HTTP Server.
> [...]
>
> But when I try the same with ubi7-init based container (or rhel7-init):
>
> $ cat Containerfile
> FROM registry.access.redhat.com/ubi7/ubi-init
> RUN echo -e
>
"[repo1]\nname=repo1\nbaseurl=http://repos.example.com/RHEL-7/7.9/Server/x86_64/os/\ngpgcheck=0\nenabled=1"
>>/etc/yum.repos.d/repo1.repo; yum -y install httpd; yum clean all;
> systemctl enable httpd
> EXPOSE 80
> CMD [ "/sbin/init" ]
>
> it fails:
>
> $ sudo podman run -ti -p 80:80
d872b16b8d0f9718c60420e3569cb4d5ddd16053fb72903e70d7b62ba3f34964
> Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
> [!!!!!!] Failed to mount API filesystems, freezing.
>
> And same with privileged:
>
> $ sudo podman run -ti -p 80:80 --privileged=true
d872b16b8d0f9718c60420e3569cb4d5ddd16053fb72903e70d7b62ba3f34964
> Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
> [!!!!!!] Failed to mount API filesystems, freezing.
>
> I have these versions:
>
> $ rpm -q fedora-release-common podman
> fedora-release-common-33-3.noarch
> podman-2.2.1-1.fc33.x86_64
> $ sudo podman version
> Version: 2.2.1
> API Version: 2.1.0
> Go Version: go1.15.5
> Built: Tue Dec 8 15:37:50 2020
> OS/Arch: linux/amd64
>
> Running very similar container on RHEL7 with docker-1.10.3-59.el7.x86_64
> (there is 1.13.1 available, but have not tried) works fine.
>
> Please, any idea on what I'm doing wrong?
>
> Thank you in advance and happy new year!
>
> Regards,
> Jan
--
Jan Hutar Performance Engineering
jhutar(a)redhat.com Red Hat, Inc.