Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

systemd-cgroup support #193

Closed
joost14 opened this issue Apr 8, 2019 · 11 comments · Fixed by #7287
Closed

systemd-cgroup support #193

joost14 opened this issue Apr 8, 2019 · 11 comments · Fixed by #7287
Assignees
@manninglucas
Labels
area: compatibility Issue related to (Linux) kernel compatibility area: integration Issue related to third party integrations priority: p2 Normal priority runtime: cri-o Issues related to cri-o type: bug Something isn't working

Comments

@joost14
Copy link

joost14 commented Apr 8, 2019
edited

Hello,

I'm trying to setup Kubernetes(kubeadm) + CRI-O + runsc. I'm enabling the runtimes through the alpha feature gate RuntimeClass (crio is dropping support for untrusted-workload). I've got it to work with some other runtimes already, but I'm having some issues when trying to run runsc.

The error when I'm starting the pod is the following:
kubelet, k8sworker01 Failed create pod sandbox: rpc error: code = Unknown desc = container create failed: flag provided but not defined: -systemd-cgroup

Crio config file:

  [crio.runtime.runtimes.runsc]
  runtime_path = "/usr/local/bin/runsc"

I was wondering if anyone got runsc working with kubernetes and crio yet.

Edit: when switching the cgroup-manager within the crio config from systemd to groupfs the container wont start at all. Error:
kubelet, k8sworker01 Failed create pod sandbox: rpc error: code = Unknown desc = cri-o configured with cgroupfs cgroup manager, but received systemd slice as parent: /kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-pode9fd6274_59d1_11e9_af90_9e3c8464d679.slice

Edit2:
Solved it by changing systemd to cgroupfs in crio.conf and in '/etc/default/kubelet':
' KUBELET_EXTRA_ARGS=--cgroup-driver=cgroupfs'

That leaves me with the following question; is 'systemd' not supported yet for gvisor?
@joost14 joost14 changed the title Kubernetes CRI-O Kubernetes CRI-O "flag provided but not defined: -systemd-cgroup" Apr 8, 2019
@kevinGC
Copy link
Collaborator

kevinGC commented Apr 8, 2019
edited

I believe this is the kubelet and runtime (cri-o) not agreeing on how to manage cgroups for the pod, not something that gVisor doesn't have support for. Based on this doc, some Linux distros require extra configuration.

@joost14
Copy link
Author

joost14 commented Apr 9, 2019

Hi @kevinGC,

Thanks for the information. Though it is still a bit strange that kata and runc work just fine when using systemd. So this issue may only is the case when using kubelet and crio?

@fvoznika
Copy link
Member

runsc doesn't implement the -systemd-cgroup flag. runsc implements cgroups using cgroupfs, as you noted when you set KUBELET_EXTRA_ARGS=--cgroup-driver=cgroupfs. Is that something that works for you?

@joost14
Copy link
Author

joost14 commented Apr 12, 2019

Hi @fvoznika,

I know runsc doesn't implement the flag. I was just wondering if systemd was compatible with runsc or if it is just some configuration error on my part.

@ianlewis ianlewis mentioned this issue Apr 12, 2019
Open
@ianlewis ianlewis added area: compatibility Issue related to (Linux) kernel compatibility priority: p2 Normal priority labels Apr 13, 2019
@sdeoras
Copy link

sdeoras commented Apr 30, 2019

I got the same error trying to make runsc work with cri-o. We use systemd as cgroup-driver so I am interested to know if it is possible to make runsc work with this setup? Thanks.

@sdeoras sdeoras mentioned this issue May 2, 2019
Closed
@ianlewis ianlewis added type: bug Something isn't working runtime: cri-o Issues related to cri-o labels Aug 1, 2019
@ianlewis ianlewis mentioned this issue Oct 31, 2019
Closed
@gvisor-bot gvisor-bot mentioned this issue Oct 31, 2019
Merged
gvisor-bot pushed a commit that referenced this issue Nov 1, 2019
@ianlewis @gvisor-bot
Add systemd-cgroup flag option.
36837c4 
Adds a systemd-cgroup flag option that prints an error letting the user know
that systemd cgroups are not supported and points them to the relevant issue.

Issue #193

PiperOrigin-RevId: 277837162
@ianlewis ianlewis mentioned this issue Jul 17, 2020
Open
@ianlewis ianlewis added the area: integration Issue related to third party integrations label Aug 14, 2020
@ianlewis ianlewis changed the title Kubernetes CRI-O "flag provided but not defined: -systemd-cgroup" systemd-cgroup support Sep 28, 2020
@ianlewis ianlewis mentioned this issue Sep 28, 2020
Closed
@qsays qsays mentioned this issue Mar 8, 2021
Open
@cristicalin cristicalin mentioned this issue Jun 9, 2021
Merged
@25077667
Copy link

Hi all,

I also meet this problem, but I'm not using the kube. How can I solve it?
I use the raw docker on Archlinux .
This is my platform:

And this is the error message:

@wtfismyip
Copy link

@25077667 I ran into this issue both on Debian 11 and Ubuntu 21.10 with normal Docker. Adding systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false to the kernel boot options fixed it for me.

@25077667
Copy link

@25077667 I ran into this issue both on Debian 11 and Ubuntu 21.10 with normal Docker. Adding systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false to the kernel boot options fixed it for me.

I had found that answer before.
It means canceling the Cgroup V2 option when you boot up.

@arno01
Copy link

arno01 commented Nov 30, 2021

Possibly solved by these?
#6499
#3481
#6821

@avagin
Copy link
Collaborator

avagin commented Dec 2, 2021

Possibly solved by these?

@arno01 these pr-s added the support of cgroupv2, but the systemd cgroup-driver isn't implemented yet. It doesn't mean that you can't use gvisor on systemd systems, but you will need to change the default systemd cgroup-drive to cgroupfs.

@manninglucas manninglucas self-assigned this Jan 20, 2022
@git-noise
Copy link

Hello,
Is there any plan to support systemd cgroups in the future (or near future)?

Using cgroupfs may not be an easy option as I believe it is not recommended with kubeadm as mentioned here: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/ ?

While possible to run both in parallel, it seems also not recommended: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/#using-the-cgroupfs-driver

Many thanks,

@copybara-service copybara-service bot mentioned this issue Mar 14, 2022
Merged
copybara-service bot pushed a commit that referenced this issue Mar 14, 2022
@manninglucas @gvisor-bot
Add systemd-cgroup support to runsc.
862fd30 
This change adds systemd-cgroup support to cgroupv2 and modifies existing
cgroup tests for systemd support.

Fixes #193

PiperOrigin-RevId: 427246545
copybara-service bot pushed a commit that referenced this issue Mar 14, 2022
@manninglucas @gvisor-bot
Add systemd-cgroup support to runsc.
8e8b9bf 
This change adds systemd-cgroup support to cgroupv2 and modifies existing
cgroup tests for systemd support.

Fixes #193

PiperOrigin-RevId: 427246545
copybara-service bot pushed a commit that referenced this issue Mar 15, 2022
@manninglucas @gvisor-bot
Add systemd-cgroup support to runsc.
bab8d71 
This change adds systemd-cgroup support to cgroupv2 and modifies existing
cgroup tests for systemd support.

Fixes #193

PiperOrigin-RevId: 427246545
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@manninglucas manninglucas

Labels
area: compatibility Issue related to (Linux) kernel compatibility area: integration Issue related to third party integrations priority: p2 Normal priority runtime: cri-o Issues related to cri-o type: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add systemd-cgroup support to runsc. google/gvisor