Skip to content
This repository has been archived by the owner on Aug 29, 2023. It is now read-only.

Add support for cgroupv2 (#270) #272

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for cgroupv2 (#270) #272

wants to merge 1 commit into from

Conversation

ncopa
Copy link

@ncopa ncopa commented Feb 9, 2022

Add support for cgroupv2 so it works with Docker Desktop 4.3 and newer.

Also Use golang 1.17.6

Fixes #270

@ncopa
Copy link
Author

ncopa commented Feb 9, 2022

on a second thought, I think we need to use docker info to detect cgroup version instead of testing for /sys/fs/cgroup mount type, which will always fail on MacOs.

@ncopa ncopa mentioned this pull request Feb 9, 2022
Open
@ncopa
Add support for cgroupv2
fe97053 
Add support for cgroupv2 so it works with Docker Desktop 4.3 and newer.

Fixes weaveworks#270
@ncopa
Copy link
Author

ncopa commented Feb 10, 2022

I have tested this of the k0s integration test suite and it works on my ARM64 MacBook with docker desktop 4.4.2 which uses cgroupv2.

ncopa added a commit to ncopa/k0s that referenced this pull request Feb 10, 2022
@ncopa
Use footloose fork to fix use ov cgroupv2 for inttests
31fc405 
Currently footloose only works with cgroup v1. Use fork for now til this
has be resolved upstream.

Upstream issue: weaveworks/footloose#270
Upstream PR: weaveworks/footloose#272

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
@ncopa ncopa mentioned this pull request Feb 10, 2022
Merged
16 tasks
@twz123 twz123 mentioned this pull request Mar 30, 2022
Merged
16 tasks
jnummelin pushed a commit to jnummelin/k0s that referenced this pull request May 4, 2022
@ncopa @jnummelin
Use footloose fork to fix use ov cgroupv2 for inttests
e22d28c 
Currently footloose only works with cgroup v1. Use fork for now til this
has be resolved upstream.

Upstream issue: weaveworks/footloose#270
Upstream PR: weaveworks/footloose#272

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
twz123 pushed a commit to twz123/k0s that referenced this pull request May 25, 2022
@ncopa @twz123
Use footloose fork to fix use ov cgroupv2 for inttests
104ef4d 
Currently footloose only works with cgroup v1. Use fork for now til this
has be resolved upstream.

Upstream issue: weaveworks/footloose#270
Upstream PR: weaveworks/footloose#272

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
Signed-off-by: Tom Wieczorek <twieczorek@mirantis.com>
(cherry picked from commit e22d28c)
@twz123 twz123 mentioned this pull request May 25, 2022
Merged
16 tasks
@jnummelin jnummelin mentioned this pull request Jun 16, 2022
Open
@brightzheng100
Copy link

Changing the /sys/fs/cgroup mount from ro to rw does the trick.
But to determine whether we should apply ro or rw, having a check on docker info -f "{{.CgroupVersion}}" may NOT help.

This was my test:

docker info shows CgroupVersion = 1

$ uname -a
Darwin Brights-MBP-2.local 21.5.0 Darwin Kernel Version 21.5.0: Tue Apr 26 21:08:37 PDT 2022; root:xnu-8020.121.3~4/RELEASE_ARM64_T6000 arm64

$ docker info -f "{{.ServerVersion}} -> {{.CgroupVersion}}"
20.10.16 -> 1

-v /sys/fs/cgroup:/sys/fs/cgroup:ro won't work

I used below scripts to simulate how footloose works:

docker create \
    -it \
    --label works.weave.owner=footloose \
    --label works.weave.cluster=sandbox \
    --name sandbox-centos-0 \
    --hostname centos-0 \
    --tmpfs /run \
    --tmpfs /run/lock \
    --tmpfs /tmp:exec,mode=777 \
    -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
    --mount type=volume,dst=/var \
    -p 22 \
    --privileged \
    --network footloose-cluster \
    --network-alias centos-0 \
    centos:7 \
    /sbin/init

docker start sandbox-centos-0

docker exec -it sandbox-centos-0 /bin/bash

But the systemd is broken:

[root@centos-0 /]# ps aufx
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root        26  0.2  0.0   3740  2704 pts/1    Ss   02:36   0:00 /bin/bash
root        42  0.0  0.0   7748  2836 pts/1    R+   02:36   0:00  \_ ps aufx
root         1  0.0  0.0   7092  3280 pts/0    Ss+  02:35   0:00 /sbin/init

[root@centos-0 /]# systemctl list-units
Failed to get D-Bus connection: Operation not permitted

but -v /sys/fs/cgroup:/sys/fs/cgroup:rw does the trick

docker create \
    -it \
    --label works.weave.owner=footloose \
    --label works.weave.cluster=sandbox \
    --name sandbox-centos-0 \
    --hostname centos-0 \
    --tmpfs /run \
    --tmpfs /run/lock \
    --tmpfs /tmp:exec,mode=777 \
    -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
    --mount type=volume,dst=/var \
    -p 22 \
    --privileged \
    --network footloose-cluster \
    --network-alias centos-0 \
    centos:7 \
    /sbin/init

docker start sandbox-centos-0

docker exec -it sandbox-centos-0 /bin/bash

And systemd works fine:

[root@centos-0 /]# ps aufx
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root        84  0.2  0.0   3716  2576 pts/2    Ss   03:37   0:00 /bin/bash
root        97  0.0  0.0   7748  2840 pts/2    R+   03:37   0:00  \_ ps aufx
root         1  1.0  0.0   7620  4508 ?        Ss   03:37   0:00 /sbin/init
root        21  0.2  0.0  13168  3824 ?        Ss   03:37   0:00 /usr/lib/systemd/systemd-journald
root        30  0.2  0.0   5492  3000 ?        Ss   03:37   0:00 /usr/lib/systemd/systemd-udevd
dbus        65  0.0  0.0   8076  3488 ?        Ss   03:37   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root        73  0.0  0.0   4260  2340 ?        Ss   03:37   0:00 /usr/lib/systemd/systemd-logind
root        74  0.0  0.0   7620   952 ?        S    03:37   0:00 (agetty)

[root@centos-0 /]# systemctl list-units
UNIT                                   LOAD   ACTIVE SUB       DESCRIPTION
-.mount                                loaded active mounted   /
dev-hugepages.mount                    loaded active mounted   Huge Pages File System
dev-mqueue.mount                       loaded active mounted   POSIX Message Queue File System
etc-hostname.mount                     loaded active mounted   /etc/hostname
...

Note: there might be a potential bug in my Rancher Desktop (v1.4.1) or Docker (20.10.16). If I ran the command with ro after rw, both would work. This might be caused by cache or something but it's not the focus in our test -- have a restart of RD would help.

@albeus
Copy link

albeus commented Jul 18, 2022

I confirm that this patch is working using this environment:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.8.2-docker)

Server:
 Containers: 12
  Running: 1
  Paused: 0
  Stopped: 11
 Images: 131
 Server Version: 20.10.17
 Storage Driver: zfs
  Zpool: zroot
  Zpool Health: ONLINE
  Parent Dataset: zroot/ROOT/default
  Space Used By Parent: 199338377216
  Space Available: 79569801216
  Parent Quota: no
  Compression: on
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1.m
 runc version: 
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.18.9-arch1-1
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.39GiB
 Name: albx1.ebi.ac.uk
 ID: ZPZD:4ULJ:UA63:PHIT:3EG5:OLCZ:DQCR:L4K5:3YJE:CVRB:ZPH6:CWEU
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: albeus
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Is this patch going to be merged?

@albeus albeus mentioned this pull request Jul 18, 2022
Open
@brightzheng100
Copy link

This patch would assume that

  • if CgroupVersion is 1 it will mount as -v /sys/fs/cgroup:/sys/fs/cgroup:ro;
  • else if CgroupVersion is 2 it will mount as -v /sys/fs/cgroup:/sys/fs/cgroup:rw.

In your case, as the CgroupVersion is 2, it will mount as -v /sys/fs/cgroup:/sys/fs/cgroup:rw.
And yes, the -v /sys/fs/cgroup:/sys/fs/cgroup:rw does the trick.

But as per what I had tested (and shared above), it wouldn't work in my env as somehow my latest Rancher Desktop (v1.4.1) with Docker v20.10.16 comes with CgroupVersion=1, on my MacBook Pro with M1 chip.

That's why I created a new PR here, #277, to address this cgroups issue, with additional feature added. And all work fine in my daily work with my patch for quite some time already.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

footloose container fails to start after upgrading to Docker 4.3
3 participants
@ncopa @brightzheng100 @albeus