[Podman] Re: can not run ubi7-init systemd container, fedora systemd container works fine

On 1/5/21 05:58, Jan Hutař wrote: >Thank you! Works exactly as you wrote down: > >    $ sudo podman info | grep -e cgroup -e crun >      cgroupManager: systemd >      cgroupVersion: v2 >        name: crun >        package: crun-0.16-3.fc33.x86_64 >        path: /usr/bin/crun >          crun version 0.16 >    $ sudo podman run -ti -p 22 --privileged=true >localhost/rhel7-ubi-init-smallest >    Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not >permitted >    [!!!!!!] Failed to mount API filesystems, freezing. >    $ sudo mkdir /sys/fs/cgroup/systemd >    $ sudo mount none -t cgroup -o none,name=systemd >/sys/fs/cgroup/systemd >    $ sudo podman run --annotation >run.oci.systemd.force_cgroup_v1=/sys/fs/cgroup -ti -p 22 >--privileged=true localhost/rhel7-ubi-init-smallest > >Thank you a lot, >Jan > Any reason you are stuck with RHEL7?

>On 2021-01-05 09:52 +0100, Giuseppe Scrivano wrote: >>Hi Jan, >> >>are you using cgroup v2 on your host?  podman info can confirm that. >> >>If so, the ubi7 image uses a systemd version that has no support for >>cgroup v2. >> >>What you can do is: >> >>1) use cgroup v1 on the host >>2) use ubi:8 for the container >>3) if you are using crun, you can mount cgroup v1 in the container: >> >># mkdir /sys/fs/cgroup/systemd >># mount none -t cgroup -o none,name=systemd /sys/fs/cgroup/systemd >># podman run --annotation >>run.oci.systemd.force_cgroup_v1=/sys/fs/cgroup .... >> >>Giuseppe >> >> >> >>Jan Hutař <jhutar(a)redhat.com&gt; writes: >> >>>Hello! >>> >>>I have an issue with running "ubi7-init" based container. When I >>>base mine >>>container on "fedora", it works fine: >>> >>>    $ cat Containerfile >>>    FROM fedora >>>    RUN dnf -y install httpd; dnf clean all; systemctl enable httpd >>>    EXPOSE 80 >>>    CMD [ "/sbin/init" ] >>> >>>and then: >>> >>>    $ sudo podman build -f Containerfile >>>    $ sudo podman run -ti -p 80:80 >>>20185593d0f96c4dee56e351eae4754cdd429679c1b645dae1b6f24880ce33fc >>>    systemd v246.6-3.fc33 running in system mode. (+PAM +AUDIT >>>+SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT >>>+GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN >>>+PCRE2 default-hierarchy=unified) >>>    [...] >>>    [  OK  ] Started The Apache HTTP Server. >>>    [...] >>> >>>But when I try the same with ubi7-init based container (or rhel7-init): >>> >>>    $ cat Containerfile >>>    FROM registry.access.redhat.com/ubi7/ubi-init >>>    RUN echo -e >>>"[repo1]\nname=repo1\nbaseurl=http://repos.example.com/RHEL-7/7.9/Server/x86_64/os/\ngpgcheck=0\nenabled=1" >>> >>>>/etc/yum.repos.d/repo1.repo; yum -y install httpd; yum clean all; >>>systemctl enable httpd >>>    EXPOSE 80 >>>    CMD [ "/sbin/init" ] >>> >>>it fails: >>> >>>    $ sudo podman run -ti -p 80:80 >>>d872b16b8d0f9718c60420e3569cb4d5ddd16053fb72903e70d7b62ba3f34964 >>>    Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation >>>not permitted >>>    [!!!!!!] Failed to mount API filesystems, freezing. >>> >>>And same with privileged: >>> >>>    $ sudo podman run -ti -p 80:80 --privileged=true >>>d872b16b8d0f9718c60420e3569cb4d5ddd16053fb72903e70d7b62ba3f34964 >>>    Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation >>>not permitted >>>    [!!!!!!] Failed to mount API filesystems, freezing. >>> >>>I have these versions: >>> >>>    $ rpm -q fedora-release-common podman >>>    fedora-release-common-33-3.noarch >>>    podman-2.2.1-1.fc33.x86_64 >>>    $ sudo podman version >>>    Version:      2.2.1 >>>    API Version:  2.1.0 >>>    Go Version:   go1.15.5 >>>    Built:        Tue Dec  8 15:37:50 2020 >>>    OS/Arch:      linux/amd64 >>> >>>Running very similar container on RHEL7 with >>>docker-1.10.3-59.el7.x86_64 >>>(there is 1.13.1 available, but have not tried) works fine. >>> >>>Please, any idea on what I'm doing wrong? >>> >>>Thank you in advance and happy new year! >>> >>>Regards, >>>Jan >> > _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io