Trying to run rkt on Toshiba Chromebooks (intel Core i3)

[cboecking]

name: trusty
encrypted: no
Entering /mnt/stateful_partition/crouton/chroots/trusty...
crouton: version 1-20160715134041~master:0dc76a22
release: trusty
architecture: amd64
targets: cli-extra
host: version 8350.68.0 (Official Build) stable-channel gandof 
kernel: Linux localhost 3.14.0 #1 SMP PREEMPT Tue Aug 2 21:10:00 PDT 2016 x86_64 x86_64 x86_64 GNU/Linux
freon: yes
Not unmounting /mnt/stateful_partition/crouton/chroots/trusty as another instance is using it.
name: xenial
encrypted: no
Entering /mnt/stateful_partition/crouton/chroots/xenial...
crouton: version 1-20160902144033~master:9f8e9a22
release: xenial
architecture: amd64
targets: cli-extra
host: version 8350.68.0 (Official Build) stable-channel gandof 
kernel: Linux localhost 3.14.0 #1 SMP PREEMPT Tue Aug 2 21:10:00 PDT 2016 x86_64 x86_64 x86_64 GNU/Linux
freon: yes
Unmounting /mnt/stateful_partition/crouton/chroots/xenial...

Please describe your issue:

Trying to run a rkt image (docker competitor) following these instructions. All looks good until I get the following error: "stage1: failed to setup network: failed to create namespace: too many levels of symbolic links"

Here is what shows after I try to launch the container:

(xenial)chuboe@localhost:~/rkt_download/rkt/scripts$ sudo rkt run --interactive quay.io/coreos/alpine-sh
image: using image from file /usr/lib/rkt/stage1-images/stage1-coreos.aci
image: searching for app image quay.io/coreos/alpine-sh
image: remote fetching from URL "https://quay.io/c1/aci/quay.io/coreos/alpine-sh/latest/aci/linux/amd64/"
pubkey: prefix: "quay.io/coreos/alpine-sh"
key: "https://quay.io/aci-signing-key"
gpg key fingerprint is: BFF3 13CD AA56 0B16 A898  7B8F 72AB F5F6 799D 33BC
        Quay.io ACI Converter (ACI conversion signing key) <support@quay.io>
Are you sure you want to trust this key (yes/no)?
yes
Trusting "https://quay.io/aci-signing-key" for prefix "quay.io/coreos/alpine-sh" after fingerprint review.
Added key for prefix "quay.io/coreos/alpine-sh" at "/etc/rkt/trustedkeys/prefix.d/quay.io/coreos/alpine-sh/bff313cdaa560b16a8987b8f72abf5f6799d33bc"
image: downloading signature from https://quay.io/c1/aci/quay.io/coreos/alpine-sh/latest/aci.asc/linux/amd64/
Downloading signature: [=======================================] 473 B/473 B
Downloading ACI: [=============================================] 2.65 MB/2.65 MB
image: signature verified:
  Quay.io ACI Converter (ACI conversion signing key) <support@quay.io>
run: disabling overlay support: "overlay entry not present in /proc/filesystems"
stage1: failed to setup network: failed to create namespace: too many levels of symbolic links

If known, describe the steps to reproduce the issue:

Here are the steps I used to install rkt.

I tried in both 14.04 and 16.04 with the same result. If this is not the best forum, will you let me know a better place to post? I am really excited about using my chromebook for development. Being able to run a container would definitely help. It is my understand that docker does not and will now work on the chrome os kernel.

Thank you for your consideration!!

[J00MZ]

I'm no expert, but I believe that since any container technology utilizes the Linux Kernel cgroups and namespaces features, it may be possible that those are not (or cannot be) enabled for the underlying kernel when installed via the Crouton Chromebook (which is essentially a giant hack using chroots).

I recommend checking your kernel parameters that the dependencies here for rkt are indeed satisfied first.

To check you can use either cat /proc/cmdline or dmesg|grep "Command line" from a shell

If the dependencies are not satisfied, be aware that rkt developers may (unfortunately for you) not be catering to such experimental edge cases and simply will not support rkt under Chromebook Crouton.

[cboecking]

Hi Joe,

Thank you for taking the time to answer. I assume it is the "Additional
dependencies when building any stage1 image" that is causing me the issue.
Sadly, I do not know enough about linux to know if these are
installed/available.

Here is the answer to: cat /proc/cmdline
cros_secure console= loglevel=7 init=/sbin/init cros_secure oops=panic
panic=-1 root=/dev/dm-0 rootwait ro dm_verity.error_behavior=3
dm_verity.max_bios=-1 dm_verity.dev_wait=1 dm="1 vroot none ro 1,0 2506752
verity payload=PARTUUID=02a35465-8e8a-9340-8339-bf410bfb84ce/PARTNROFF=1
hashtree=PARTUUID=02a35465-8e8a-9340-8339-bf410bfb84ce/PARTNROFF=1
hashstart=2506752 alg=sha1
root_hexdigest=8e1912e2933f7d3ba73432c5123b74ead8a275fd
salt=69e242e2054efd7554b986b92c926fa29f1a567987de14b9135b2ce79f8117c4"
noinitrd vt.global_cursor_default=0
kern_guid=02a35465-8e8a-9340-8339-bf410bfb84ce add_efi_memmap boot=local
noresume noswap i915.modeset=1 tpm_tis.force=1 tpm_tis.interrupts=0
nmi_watchdog=panic,lapic i915.enable_psr=1

Chuck

Regards,

Chuck Boecking
512.850.6068 (office and cell)
chuck@chuboe.com
ChuckBoecking.com
chuck.boecking (skype)
@ChuckBoecking
http://www.linkedin.com/pub/chuck-boecking/10/970/17b

On Sat, Sep 17, 2016 at 12:53 PM, Joe Tavin notifications@github.com
wrote:

I'm no expert, but I believe that since any container technology utilizes
the Linux Kernel cgroups and namespaces features, it may be possible that
those are not (or cannot be) enabled for the underlying kernel when
installed via the Crouton Chromebook (which is essentially a giant hack
using chroots https://en.wikipedia.org/wiki/Chroot).
I recommend checking your kernel parameters that the dependencies here
https://coreos.com/rkt/docs/latest/dependencies.html for rkt are indeed
satisfied first.

To check you can use either cat /proc/cmdline or dmesg|grep "Command line"
from a shell

If the dependencies are not satisfied, be aware that rkt developers may
(unfortunately for you) not be catering to such experimental edge cases and
simply will not support rkt under Chromebook Crouton.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#2777 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/APSFFkAITE3IzSSsyfXcMXuOD0hF6kuKks5qrCkCgaJpZM4J_UcT
.

[air]

Reproduced with trusty on Dell Chromebook 13.

[air]

@cboecking I can get a container running by adding the flag --net=host, e.g. sudo rkt run --interactive quay.io/coreos/alpine-sh --net=host

[air]

For it to be functional you want the following - example with Ubuntu from docker.

rkt run --interactive docker:ubuntu:16.04 --net=host --insecure-options=image --dns 8.8.8.8

[eklitzke]

I can also get into the container use --net=host, but I have some other problems. When running the alpine-sh image, I get into the host, but the following warnings/errors are printed:

run: disabling overlay support: "overlay entry not present in /proc/filesystems"
stage1: warning: error setting journal ACLs, you'll need root to read the pod journal: operation not supported

Note that despite these messages being printed, I am dropped into a shell.

When running the docker:ubuntu:16.04 command listed by @air, I get the same error messages displayed. How problematic is this? Is it OK to proceed, even with these errors?