On Wed, Mar 1, 2023 at 10:54 AM SIMON BABY <[email protected]> wrote: > > Hello Bruce, > > Of course, you won't always see the daemon running on startup, as > there are socket and other systemd triggers that will launch the > daemon when required (and it will continue to run after that). > Simon> The daemon is not starting by default after every boot. I need to type > any docker command and wait for 2-3 minutes to get docker run.
A slow startup of the docker daemon is almost always due to networking being slow, or bouncing between active/inactive. The issues may not even be on your target, but the target's connection to the network itself. > If you add docker-ce-contrib (or docker-moby-contrib, depending on > what flavour you are building), one of the docker supplied scripts > will be installed to the target. You can use that to check the running > kernel configuration and look for issues. > Simon> yes I run the script check-config.sh and below is the o/p > At a glance, the configuration looks fine. As long as you aren't seeing any missing/errors reported, the core functionality will work without issue. Bruce > > > Generally Necessary: > - cgroup hierarchy: properly mounted [/sys/fs/cgroup] > - CONFIG_NAMESPACES: enabled > - CONFIG_NET_NS: enabled > - CONFIG_PID_NS: enabled > - CONFIG_IPC_NS: enabled > - CONFIG_UTS_NS: enabled > - CONFIG_CGROUPS: enabled > - CONFIG_CGROUP_CPUACCT: enabled > - CONFIG_CGROUP_DEVICE: enabled > - CONFIG_CGROUP_FREEZER: enabled > - CONFIG_CGROUP_SCHED: enabled > - CONFIG_CPUSETS: enabled > - CONFIG_MEMCG: missing > - CONFIG_KEYS: enabled > - CONFIG_VETH: enabled (as module) > - CONFIG_BRIDGE: enabled > - CONFIG_BRIDGE_NETFILTER: enabled (as module) > - CONFIG_IP_NF_FILTER: enabled (as module) > - CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module) > - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module) > - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module) > - CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module) > - CONFIG_NETFILTER_XT_MARK: enabled (as module) > - CONFIG_IP_NF_NAT: enabled > - CONFIG_NF_NAT: enabled > - CONFIG_POSIX_MQUEUE: enabled > - CONFIG_CGROUP_BPF: enabled > > Optional Features: > - CONFIG_USER_NS: enabled > - CONFIG_SECCOMP: enabled > - CONFIG_SECCOMP_FILTER: enabled > - CONFIG_CGROUP_PIDS: enabled > - CONFIG_MEMCG_SWAP: missing > (cgroup swap accounting is currently enabled) > - CONFIG_BLK_CGROUP: enabled > - CONFIG_BLK_DEV_THROTTLING: enabled > - CONFIG_CGROUP_PERF: enabled > - CONFIG_CGROUP_HUGETLB: enabled > - CONFIG_NET_CLS_CGROUP: enabled (as module) > - CONFIG_CGROUP_NET_PRIO: enabled > - CONFIG_CFS_BANDWIDTH: enabled > - CONFIG_FAIR_GROUP_SCHED: enabled > - CONFIG_RT_GROUP_SCHED: enabled > - CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module) > - CONFIG_IP_VS: enabled (as module) > - CONFIG_IP_VS_NFCT: enabled > - CONFIG_IP_VS_PROTO_TCP: enabled > - CONFIG_IP_VS_PROTO_UDP: enabled > - CONFIG_IP_VS_RR: enabled (as module) > - CONFIG_SECURITY_SELINUX: enabled > - CONFIG_SECURITY_APPARMOR: enabled > - CONFIG_EXT3_FS: enabled > - CONFIG_EXT3_FS_XATTR: missing > - CONFIG_EXT3_FS_POSIX_ACL: enabled > - CONFIG_EXT3_FS_SECURITY: enabled > (enable these ext3 configs if you are using ext3 as backing filesystem) > - CONFIG_EXT4_FS: enabled > - CONFIG_EXT4_FS_POSIX_ACL: enabled > - CONFIG_EXT4_FS_SECURITY: enabled > - Network Drivers: > - "overlay": > - CONFIG_VXLAN: enabled (as module) > - CONFIG_BRIDGE_VLAN_FILTERING: enabled > Optional (for encrypted networks): > - CONFIG_CRYPTO: enabled > - CONFIG_CRYPTO_AEAD: enabled > - CONFIG_CRYPTO_GCM: enabled > - CONFIG_CRYPTO_SEQIV: enabled > - CONFIG_CRYPTO_GHASH: enabled > - CONFIG_XFRM: enabled > - CONFIG_XFRM_USER: enabled > - CONFIG_XFRM_ALGO: enabled > - CONFIG_INET_ESP: enabled > - "ipvlan": > - CONFIG_IPVLAN: enabled (as module) > - "macvlan": > - CONFIG_MACVLAN: enabled (as module) > - CONFIG_DUMMY: enabled (as module) > - "ftp,tftp client in container": > - CONFIG_NF_NAT_FTP: enabled (as module) > - CONFIG_NF_CONNTRACK_FTP: enabled (as module) > - CONFIG_NF_NAT_TFTP: enabled (as module) > - CONFIG_NF_CONNTRACK_TFTP: enabled (as module) > - Storage Drivers: > - "aufs": > - CONFIG_AUFS_FS: missing > - "btrfs": > - CONFIG_BTRFS_FS: enabled (as module) > - CONFIG_BTRFS_FS_POSIX_ACL: enabled > - "devicemapper": > - CONFIG_BLK_DEV_DM: enabled (as module) > - CONFIG_DM_THIN_PROVISIONING: enabled (as module) > - "overlay": > - CONFIG_OVERLAY_FS: enabled (as module) > - "zfs": > - /dev/zfs: missing > - zfs command: missing > - zpool command: missing > > You'll find that script at: /usr/share/docker/check-config.sh > > On Mon, Feb 27, 2023 at 6:26 AM Bruce Ashfield <[email protected]> > wrote: >> >> On Sun, Feb 26, 2023 at 1:42 PM SIMON BABY <[email protected]> wrote: >> > >> > Hi Bruce, >> > I have enabled some of the kernel flags. I am able to run the docker run >> > command. But I see some logs when I run the command even though it is >> > executed. I also observed that docker daemon is not starting by default >> > after every reboot. Do we have any specific fix for this? >> > >> >> There's no specific fix for that, because it isn't broken in anything >> that I've seen. docker starts fine on boot in all of my test cases. >> >> Of course, you won't always see the daemon running on startup, as >> there are socket and other systemd triggers that will launch the >> daemon when required (and it will continue to run after that). >> >> > >> > root@imx8mpevk:~# docker run hello-world >> > [ 271.841466] docker0: port 1(vethd66b82d) entered blocking state >> > [ 271.847462] docker0: port 1(vethd66b82d) entered disabled state >> > [ 271.853592] device vethd66b82d entered promiscuous mode >> > [ 271.858934] audit: type=1700 audit(1677436586.264:37): dev=vethd66b82d >> > prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295 >> > [ 271.871031] audit: type=1300 audit(1677436586.264:37): arch=c00000b7 >> > syscall=206 success=yes exit=40 a0=f a1=4000f54c90 a2=28 a3=0 items=0 >> > ppid=1 pid=969 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 >> > sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" >> > exe="/usr/bin/dockerd" subj=kernel key=(null) >> > [ 271.898659] audit: type=1327 audit(1677436586.264:37): >> > proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F >> > [ 272.315534] eth0: renamed from veth95a7c15 >> > [ 272.326397] IPv6: ADDRCONF(NETDEV_CHANGE): vethd66b82d: link becomes >> > ready >> > [ 272.333388] docker0: port 1(vethd66b82d) entered blocking state >> > [ 272.339340] docker0: port 1(vethd66b82d) entered forwarding state >> > >> > Hello from Docker! >> > This message shows that your installation appears to be working correctly. >> > >> > To generate this message, Docker took the following steps: >> > 1. The Docker client contacted the Docker daemon. >> > 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. >> > (arm64v8) >> > 3. The Docker daemon created a new container from that image which runs >> > the >> > executable that produces the output you are currently reading. >> > 4. The Docker daemon streamed that output to the Docker client, which >> > sent it >> > to your terminal. >> > >> > To try something more ambitious, you can run an Ubuntu container with: >> > $ docker run -it ubuntu bash >> > >> > Share images, automate workflows, and more with a free Docker ID: >> > https://hub.docker.com/ >> > >> > For more examples and ideas, visit: >> > https://docs.docker.com/get-started/ >> > >> > [ 272.466210] docker0: port 1(vethd66b82d) entered disabled state >> > [ 272.472523] veth95a7c15: renamed from eth0 >> > [ 272.505514] docker0: port 1(vethd66b82d) entered disabled state >> > [ 272.513799] device vethd66b82d left promiscuous mode >> > [ 272.518809] docker0: port 1(vethd66b82d) entered disabled state >> > [ 272.518828] audit: type=1700 audit(1677436586.928:38): dev=vethd66b82d >> > prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295 >> > [ 272.550854] audit: type=1300 audit(1677436586.928:38): arch=c00000b7 >> > syscall=206 success=yes exit=32 a0=f a1=400014dfe0 a2=20 a3=0 items=0 >> > ppid=1 pid=969 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 >> > sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" >> > exe="/usr/bin/dockerd" subj=kernel key=(null) >> > [ 272.578481] audit: type=1327 audit(1677436586.928:38): >> > proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F >> > >> > >> > I have compared all the kernel configuration between my local ubuntu linux >> > and the imx8 I am running. Below are all the kernel configuration set on >> > my target for the docker to run (as per nxp manual) >> > >> >> If you add docker-ce-contrib (or docker-moby-contrib, depending on >> what flavour you are building), one of the docker supplied scripts >> will be installed to the target. You can use that to check the running >> kernel configuration and look for issues. >> >> You'll find that script at: /usr/share/docker/check-config.sh >> >> Bruce >> >> > >> > >> > root@imx8mpevk:~# sh kernel.sh >> > info: reading kernel config from /proc/config.gz ... >> > >> > Generally Necessary: >> > - cgroup hierarchy: properly mounted [/sys/fs/cgroup] >> > - CONFIG_NAMESPACES: enabled >> > - CONFIG_NET_NS: enabled >> > - CONFIG_PID_NS: enabled >> > - CONFIG_IPC_NS: enabled >> > - CONFIG_UTS_NS: enabled >> > - CONFIG_CGROUPS: enabled >> > - CONFIG_CGROUP_CPUACCT: enabled >> > - CONFIG_CGROUP_DEVICE: enabled >> > - CONFIG_CGROUP_FREEZER: enabled >> > - CONFIG_CGROUP_SCHED: enabled >> > - CONFIG_CPUSETS: enabled >> > - CONFIG_MEMCG: enabled >> > - CONFIG_KEYS: enabled >> > - CONFIG_VETH: enabled (as module) >> > - CONFIG_BRIDGE: enabled >> > - CONFIG_BRIDGE_NETFILTER: enabled (as module) >> > - CONFIG_IP_NF_FILTER: enabled (as module) >> > - CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module) >> > - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module) >> > - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module) >> > - CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module) >> > - CONFIG_NETFILTER_XT_MARK: enabled (as module) >> > - CONFIG_IP_NF_NAT: enabled >> > - CONFIG_NF_NAT: enabled >> > - CONFIG_POSIX_MQUEUE: enabled >> > - CONFIG_CGROUP_BPF: missing >> > >> > Optional Features: >> > - CONFIG_USER_NS: enabled >> > - CONFIG_SECCOMP: enabled >> > - CONFIG_SECCOMP_FILTER: enabled >> > - CONFIG_CGROUP_PIDS: enabled >> > - CONFIG_MEMCG_SWAP: enabled >> > (cgroup swap accounting is currently enabled) >> > - CONFIG_BLK_CGROUP: enabled >> > - CONFIG_BLK_DEV_THROTTLING: enabled >> > - CONFIG_CGROUP_PERF: enabled >> > - CONFIG_CGROUP_HUGETLB: enabled >> > - CONFIG_NET_CLS_CGROUP: enabled (as module) >> > - CONFIG_CGROUP_NET_PRIO: enabled >> > - CONFIG_CFS_BANDWIDTH: enabled >> > - CONFIG_FAIR_GROUP_SCHED: enabled >> > - CONFIG_RT_GROUP_SCHED: missing >> > - CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module) >> > - CONFIG_IP_VS: enabled (as module) >> > - CONFIG_IP_VS_NFCT: enabled >> > - CONFIG_IP_VS_PROTO_TCP: enabled >> > - CONFIG_IP_VS_PROTO_UDP: enabled >> > - CONFIG_IP_VS_RR: enabled (as module) >> > - CONFIG_SECURITY_SELINUX: enabled >> > - CONFIG_SECURITY_APPARMOR: enabled >> > - CONFIG_EXT3_FS: enabled >> > - CONFIG_EXT3_FS_XATTR: missing >> > - CONFIG_EXT3_FS_POSIX_ACL: missing >> > - CONFIG_EXT3_FS_SECURITY: missing >> > (enable these ext3 configs if you are using ext3 as backing filesystem) >> > - CONFIG_EXT4_FS: enabled >> > - CONFIG_EXT4_FS_POSIX_ACL: enabled >> > - CONFIG_EXT4_FS_SECURITY: enabled >> > - Network Drivers: >> > - "overlay": >> > - CONFIG_VXLAN: enabled (as module) >> > - CONFIG_BRIDGE_VLAN_FILTERING: enabled >> > Optional (for encrypted networks): >> > - CONFIG_CRYPTO: enabled >> > - CONFIG_CRYPTO_AEAD: enabled >> > - CONFIG_CRYPTO_GCM: enabled >> > - CONFIG_CRYPTO_SEQIV: missing >> > - CONFIG_CRYPTO_GHASH: enabled >> > - CONFIG_XFRM: missing >> > - CONFIG_XFRM_USER: missing >> > - CONFIG_XFRM_ALGO: missing >> > - CONFIG_INET_ESP: missing >> > - "ipvlan": >> > - CONFIG_IPVLAN: enabled (as module) >> > - "macvlan": >> > - CONFIG_MACVLAN: enabled (as module) >> > - CONFIG_DUMMY: enabled (as module) >> > - "ftp,tftp client in container": >> > - CONFIG_NF_NAT_FTP: enabled (as module) >> > - CONFIG_NF_CONNTRACK_FTP: enabled (as module) >> > - CONFIG_NF_NAT_TFTP: enabled (as module) >> > - CONFIG_NF_CONNTRACK_TFTP: enabled (as module) >> > - Storage Drivers: >> > - "aufs": >> > - CONFIG_AUFS_FS: missing >> > - "btrfs": >> > - CONFIG_BTRFS_FS: enabled (as module) >> > - CONFIG_BTRFS_FS_POSIX_ACL: enabled >> > - "devicemapper": >> > - CONFIG_BLK_DEV_DM: enabled (as module) >> > - CONFIG_DM_THIN_PROVISIONING: enabled (as module) >> > - "overlay": >> > - CONFIG_OVERLAY_FS: enabled (as module) >> > - "zfs": >> > - /dev/zfs: missing >> > - zfs command: missing >> > - zpool command: missing >> > >> > >> > Regards >> > Simon >> > >> > On Sat, Feb 25, 2023 at 5:27 PM SIMON BABY via lists.yoctoproject.org >> > <[email protected]> wrote: >> >> >> >> Thank you Bruce . I will do more research in that direction ( kernel >> >> configuration) >> >> >> >> Regards >> >> Simon >> >> > On Feb 25, 2023, at 5:20 PM, Bruce Ashfield <[email protected]> >> >> > wrote: >> >> > >> >> > On Sat, Feb 25, 2023 at 5:35 PM SIMON BABY <[email protected]> >> >> > wrote: >> >> >> >> >> >> Hi Bruce, >> >> >> I also observed that the docker daemon is not starting by default and >> >> >> if I launch it manually , it takes a long time to start. Am I missing >> >> >> any kernel modules? >> >> >> >> >> >> Here is the o/p from "systemctl status docker.service". >> >> >> >> >> >> root@imx8mpevk:~# systemctl status docker.service >> >> >> * docker.service - Docker Application Container Engine >> >> >> Loaded: loaded (/lib/systemd/system/docker.service; disabled; >> >> >> vendor preset: disabled) >> >> >> Active: active (running) since Sat 2023-02-25 22:19:54 UTC; 4min >> >> >> 10s ago >> >> >> TriggeredBy: * docker.socket >> >> >> Docs: https://docs.docker.com >> >> >> Main PID: 423 (dockerd) >> >> >> Tasks: 11 (limit: 5578) >> >> >> Memory: 115.0M >> >> >> CGroup: /system.slice/docker.service >> >> >> `-423 /usr/bin/dockerd -H fd:// >> >> >> >> >> >> Feb 25 22:19:53 imx8mpevk dockerd[423]: >> >> >> time="2023-02-25T22:19:53.837738928Z" level=warning msg="Running >> >> >> modprobe bridge br_netfilter failed with message: modprobe: WARNING: >> >> >> Module br_netfilter not found in director...ror: exit status 1" >> >> > >> >> > The above error could be a missing module, or a missing iptables module. >> >> > >> >> > >> >> >> Feb 25 22:19:54 imx8mpevk dockerd[423]: >> >> >> time="2023-02-25T22:19:54.071250923Z" level=warning msg="Could not >> >> >> load necessary modules for IPSEC rules: protocol not supported" >> >> >> Feb 25 22:19:54 imx8mpevk dockerd[423]: >> >> >> time="2023-02-25T22:19:54.078250217Z" level=warning msg="Could not >> >> >> load necessary modules for Conntrack: Running modprobe >> >> >> nf_conntrack_netlink failed with message: `modprobe: WARNING: Module >> >> >> nf_... >> >> > >> >> > As does the above one. >> >> > >> >> > so you definitely have missing configuration. >> >> > >> >> > Bruce >> >> > >> >> >> Feb 25 22:19:54 imx8mpevk dockerd[423]: >> >> >> time="2023-02-25T22:19:54.081471487Z" level=info msg="Default bridge >> >> >> (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option >> >> >> --bip can be used to set a preferred IP address" >> >> >> Feb 25 22:19:54 imx8mpevk dockerd[423]: >> >> >> time="2023-02-25T22:19:54.199132980Z" level=info msg="Loading >> >> >> containers: done." >> >> >> Feb 25 22:19:54 imx8mpevk dockerd[423]: >> >> >> time="2023-02-25T22:19:54.296845346Z" level=info msg="Docker daemon" >> >> >> commit=906f57ff5b-unsupported graphdriver(s)=overlay2 >> >> >> version=20.10.12-ce >> >> >> Feb 25 22:19:54 imx8mpevk dockerd[423]: >> >> >> time="2023-02-25T22:19:54.297236599Z" level=info msg="Daemon has >> >> >> completed initialization" >> >> >> Feb 25 22:19:54 imx8mpevk systemd[1]: Started Docker Application >> >> >> Container Engine. >> >> >> Feb 25 22:19:54 imx8mpevk dockerd[423]: >> >> >> time="2023-02-25T22:19:54.372354197Z" level=info msg="API listen on >> >> >> /run/docker.sock" >> >> >> Feb 25 22:23:14 imx8mpevk dockerd[423]: >> >> >> time="2023-02-25T22:23:14.188738979Z" level=info msg="ignoring event" >> >> >> container=a973c205bf7c0e57450de3241767f39e4983b6b174e231e014159ed8ae220791 >> >> >> module=libcontainerd namespace...*events.TaskDelete" >> >> >> Hint: Some lines were ellipsized, use -l to show in full. >> >> >> root@imx8mpevk:~# Feb 25 22:19:53 imx8mpevk dockerd[423]: >> >> >> time="2023-02-25T22:19:53.837738928Z" level=warning msg="Running >> >> >> modprobe bridge br_netfilter failed with message: modprobe: WARNING: >> >> >> Module br_netfilter not found in director...ror: exit status 1" >> >> >> >> >> >> >> >> >> Regards >> >> >> Simon >> >> >> >> >> >>> On Fri, Feb 24, 2023 at 6:47 PM SIMON BABY via lists.yoctoproject.org >> >> >>> <[email protected]> wrote: >> >> >>> >> >> >>> Hello Bruce, >> >> >>> >> >> >>> Thank you for the inputs. >> >> >>> >> >> >>> >> >> >>> Yes, I use linux-yocto. The target linux version is below. >> >> >>> >> >> >>> >> >> >>> >> >> >>> Linux imx8mpevk 5.15.32-rt39-lts-next+g2a8a193a07b4 #1 SMP PREEMPT_RT >> >> >>> Tue Jun 7 02:34:46 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux >> >> >>> >> >> >>> >> >> >>> >> >> >>> The layers used are in the link below. >> >> >>> >> >> >>> https://source.codeaurora.org/external/imx/imx-manifest/tree/imx-5.15.32-2.0.0.xml?h=imx-linux-kirkstone >> >> >>> >> >> >>> >> >> >>> >> >> >>> I tried to add IMAGE_INSTALL:append = " kernel-modules" in local.conf >> >> >>> but it did not make any difference. >> >> >>> >> >> >>> >> >> >>> >> >> >>> The docker version I am running on the target is 20.10.12-ce >> >> >>> >> >> >>> >> >> >>> >> >> >>> Below is the error I am getting on the target. >> >> >>> >> >> >>> >> >> >>> >> >> >>> root@imx8mpevk:~# docker run hello-world >> >> >>> >> >> >>> [ 1359.005452] docker0: port 1(veth4dc9000) entered blocking state >> >> >>> >> >> >>> [ 1359.005512] docker0: port 1(veth4dc9000) entered disabled state >> >> >>> >> >> >>> [ 1359.005921] device veth4dc9000 entered promiscuous mode >> >> >>> >> >> >>> [ 1359.005994] audit: type=1700 audit(1677283528.914:37): >> >> >>> dev=veth4dc9000 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 >> >> >>> ses=4294967295 >> >> >>> >> >> >>> [ 1359.013139] audit: type=1300 audit(1677283528.914:37): >> >> >>> arch=c00000b7 syscall=206 success=yes exit=40 a0=e a1=4000ec0d50 >> >> >>> a2=28 a3=0 items=0 ppid=1 pid=446 auid=4294967295 uid=0 gid=0 euid=0 >> >> >>> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 >> >> >>> comm="dockerd" exe="/usr/bin/dockerd" key=(null) >> >> >>> >> >> >>> [ 1359.013228] audit: type=1327 audit(1677283528.914:37): >> >> >>> proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F >> >> >>> >> >> >>> [ 1359.263483] docker0: port 1(veth4dc9000) entered disabled state >> >> >>> >> >> >>> [ 1359.298263] device veth4dc9000 left promiscuous mode >> >> >>> >> >> >>> [ 1359.298305] docker0: port 1(veth4dc9000) entered disabled state >> >> >>> >> >> >>> [ 1359.298646] audit: type=1700 audit(1677283529.164:38): >> >> >>> dev=veth4dc9000 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 >> >> >>> ses=4294967295 >> >> >>> >> >> >>> docker: Error response from daemon: failed to create shim task: OCI >> >> >>> runtime create failed: runc create failed: unable to start container >> >> >>> process: can't get final child's PID from pipe: EOF: unknown. >> >> >>> >> >> >>> ERRO[0000] error waiting for container: context canceled >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> Also sending the local.conf and bblayers.conf file >> >> >>> >> >> >>> >> >> >>> >> >> >>> local.conf: >> >> >>> >> >> >>> >> >> >>> >> >> >>> MACHINE ??= 'imx8mpevk' >> >> >>> >> >> >>> DISTRO ?= 'fsl-imx-wayland' >> >> >>> >> >> >>> PACKAGE_CLASSES ?= 'package_rpm' >> >> >>> >> >> >>> EXTRA_IMAGE_FEATURES ?= "debug-tweaks" >> >> >>> >> >> >>> USER_CLASSES ?= "buildstats" >> >> >>> >> >> >>> PATCHRESOLVE = "noop" >> >> >>> >> >> >>> BB_DISKMON_DIRS ??= "\ >> >> >>> >> >> >>> STOPTASKS,${TMPDIR},1G,100K \ >> >> >>> >> >> >>> STOPTASKS,${DL_DIR},1G,100K \ >> >> >>> >> >> >>> STOPTASKS,${SSTATE_DIR},1G,100K \ >> >> >>> >> >> >>> STOPTASKS,/tmp,100M,100K \ >> >> >>> >> >> >>> HALT,${TMPDIR},100M,1K \ >> >> >>> >> >> >>> HALT,${DL_DIR},100M,1K \ >> >> >>> >> >> >>> HALT,${SSTATE_DIR},100M,1K \ >> >> >>> >> >> >>> HALT,/tmp,10M,1K" >> >> >>> >> >> >>> PACKAGECONFIG:append:pn-qemu-system-native = " sdl" >> >> >>> >> >> >>> CONF_VERSION = "2" >> >> >>> >> >> >>> >> >> >>> >> >> >>> DL_DIR ?= "${BSPDIR}/downloads/" >> >> >>> >> >> >>> ACCEPT_FSL_EULA = "1" >> >> >>> >> >> >>> >> >> >>> >> >> >>> # Switch to Debian packaging and include package-management in the >> >> >>> image >> >> >>> >> >> >>> PACKAGE_CLASSES = "package_deb" >> >> >>> >> >> >>> EXTRA_IMAGE_FEATURES += "package-management" >> >> >>> >> >> >>> DISTRO_FEATURES:append = " virtualization" >> >> >>> >> >> >>> IMAGE_INSTALL:append = " docker-ce" >> >> >>> >> >> >>> IMAGE_INSTALL:append = " kernel-modules" >> >> >>> >> >> >>> >> >> >>> >> >> >>> EXTRA_IMAGE_FEATURES = "debug-tweaks tools-profile" >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> >>> bblayers.conf >> >> >>> >> >> >>> >> >> >>> >> >> >>> LCONF_VERSION = "7" >> >> >>> >> >> >>> >> >> >>> >> >> >>> BBPATH = "${TOPDIR}" >> >> >>> >> >> >>> BSPDIR := ${@os.path.abspath(os.path.dirname(d.getVar('FILE', True)) >> >> >>> + '/../..')} >> >> >>> >> >> >>> >> >> >>> >> >> >>> BBFILES ?= "" >> >> >>> >> >> >>> BBLAYERS = " \ >> >> >>> >> >> >>> ${BSPDIR}/sources/poky/meta \ >> >> >>> >> >> >>> ${BSPDIR}/sources/poky/meta-poky \ >> >> >>> >> >> >>> \ >> >> >>> >> >> >>> ${BSPDIR}/sources/meta-openembedded/meta-oe \ >> >> >>> >> >> >>> ${BSPDIR}/sources/meta-openembedded/meta-multimedia \ >> >> >>> >> >> >>> ${BSPDIR}/sources/meta-openembedded/meta-python \ >> >> >>> >> >> >>> \ >> >> >>> >> >> >>> ${BSPDIR}/sources/meta-freescale \ >> >> >>> >> >> >>> ${BSPDIR}/sources/meta-freescale-3rdparty \ >> >> >>> >> >> >>> ${BSPDIR}/sources/meta-freescale-distro \ >> >> >>> >> >> >>> " >> >> >>> >> >> >>> >> >> >>> >> >> >>> # i.MX Yocto Project Release layers >> >> >>> >> >> >>> BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-bsp" >> >> >>> >> >> >>> BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-sdk" >> >> >>> >> >> >>> BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-ml" >> >> >>> >> >> >>> BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-v2x" >> >> >>> >> >> >>> #BBLAYERS += "${BSPDIR}/sources/meta-nxp-demo-experience" >> >> >>> >> >> >>> >> >> >>> >> >> >>> #BBLAYERS += "${BSPDIR}/sources/meta-browser/meta-chromium" >> >> >>> >> >> >>> #BBLAYERS += "${BSPDIR}/sources/meta-clang" >> >> >>> >> >> >>> #BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-gnome" >> >> >>> >> >> >>> BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking" >> >> >>> >> >> >>> BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems" >> >> >>> >> >> >>> BBLAYERS += "${BSPDIR}/sources/meta-virtualization" >> >> >>> >> >> >>> BBLAYERS += "${BSPDIR}/sources/meta-teledyne-wapng" >> >> >>> >> >> >>> BBLAYERS += "${BSPDIR}/sources/meta-aws" >> >> >>> >> >> >>> >> >> >>> >> >> >>> Regards >> >> >>> >> >> >>> Simon >> >> >>> >> >> >>> >> >> >>> On Thu, Feb 23, 2023 at 12:03 PM Bruce Ashfield >> >> >>> <[email protected]> wrote: >> >> >>>> >> >> >>>> On Wed, Feb 22, 2023 at 9:47 PM SIMON BABY <[email protected]> >> >> >>>> wrote: >> >> >>>>> >> >> >>>>> Hello Team, >> >> >>>>> >> >> >>>>> Can I know what are the changes required in yocto to run docker and >> >> >>>>> its dependencies on my target embedded system. I have added the >> >> >>>>> below changes. Do I need more plugins and packages ? >> >> >>>>> >> >> >>>>> bblayers.conf: >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking" >> >> >>>>> >> >> >>>>> BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems" >> >> >>>>> >> >> >>>>> BBLAYERS += "${BSPDIR}/sources/meta-virtualization" >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> local.conf: >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> DISTRO_FEATURES:append = " virtualization" >> >> >>>>> >> >> >>>>> IMAGE_INSTALL:append = " docker-ce" >> >> >>>>> >> >> >>>> >> >> >>>> You likely are missing kernel configuration values required to run >> >> >>>> the >> >> >>>> containers. >> >> >>>> >> >> >>>> What kernel are you using (linux-yocto?), and are you on the master >> >> >>>> branch of the layers ? >> >> >>>> >> >> >>>> As you can see, it is working in my latest tests: >> >> >>>> >> >> >>>> root@qemux86-64:~# docker --version >> >> >>>> Docker version 23.0.1, build a5ee5b1dfc >> >> >>>> root@qemux86-64:~# docker pull alpine >> >> >>>> Using default tag: latest >> >> >>>> latest: Pulling from library/alpine >> >> >>>> 63b65145d645: Pull complete >> >> >>>> Digest: >> >> >>>> sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a >> >> >>>> Status: Downloaded newer image for alpine:latest >> >> >>>> docker.io/library/alpine:latest >> >> >>>> root@qemux86-64:~# docker run -it alpine /bin/sh >> >> >>>> / # >> >> >>>> >> >> >>>> Try adding "kernel-modules" to your IMAGE_INSTALL, and see if that >> >> >>>> makes a difference. >> >> >>>> >> >> >>>> Bruce >> >> >>>> >> >> >>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> WIth the above changes and tested on the target I am getting the >> >> >>>>> below error when try to run "docker run hello-world" >> >> >>>>> >> >> >>>>> >> >> >>>>> root@imx8mpevk:~# docker run hello-world >> >> >>>>> DEBU[2023-02-23T00:53:57.064704083Z] Calling HEAD /_ping >> >> >>>>> DEBU[2023-02-23T00:53:57.068355788Z] Calling POST >> >> >>>>> /v1.41/containers/create >> >> >>>>> DEBU[2023-02-23T00:53:57.069098805Z] form data: >> >> >>>>> {“AttachStderr”:true,“AttachStdin”:false,“AttachStdout”:true,“Cmd”:null,“Domainname”:“”,“Entrypoint”:null,“Env”:null,“HostConfig”:{“AutoRemove”:false,“Binds”:null,“BlkioDeviceReadBps”:null,“BlkioDeviceReadIOps”:null,“BlkioDeviceWriteBps”:null,“BlkioDeviceWriteIOps”:null,“BlkioWeight”:0,“BlkioWeightDevice”:,“CapAdd”:null,“CapDrop”:null,“Cgroup”:“”,“CgroupParent”:“”,“CgroupnsMode”:“”,“ConsoleSize”:[0,0],“ContainerIDFile”:“”,“CpuCount”:0,“CpuPercent”:0,“CpuPeriod”:0,“CpuQuota”:0,“CpuRealtimePeriod”:0,“CpuRealtimeRuntime”:0,“CpuShares”:0,“CpusetCpus”:“”,“CpusetMems”:“”,“DeviceCgroupRules”:null,“DeviceRequests”:null,“Devices”:,“Dns”:,“DnsOptions”:,“DnsSearch”:,“ExtraHosts”:null,“GroupAdd”:null,“IOMaximumBandwidth”:0,“IOMaximumIOps”:0,“IpcMode”:“”,“Isolation”:“”,“KernelMemory”:0,“KernelMemoryTCP”:0,“Links”:null,“LogConfig”:{“Config”:{},“Type”:“”},“MaskedPaths”:null,“Memory”:0,“MemoryReservation”:0,“MemorySwap”:0,“MemorySwappiness”:-1,“NanoCpus”:0,“NetworkMode”:“default”,“OomKillDisable”:false,“OomScoreAdj”:0,“PidMode”:“”,“PidsLimit”:0,“PortBindings”:{},“Privileged”:false,“PublishAllPorts”:false,“ReadonlyPaths”:null,“ReadonlyRootfs”:false,“RestartPolicy”:{“MaximumRetryCount”:0,“Name”:“no”},“SecurityOpt”:null,“ShmSize”:0,“UTSMode”:“”,“Ulimits”:null,“UsernsMode”:“”,“VolumeDriver”:“”,“VolumesFrom”:null},“Hostname”:“”,“Image”:“hello-world”,“Labels”:{},“NetworkingConfig”:{“EndpointsConfig”:{}},“OnBuild”:null,“OpenStdin”:false,“Platform”:null,“StdinOnce”:false,“Tty”:false,“User”:“”,“Volumes”:{},“WorkingDir”:“”} >> >> >>>>> DEBU[25846.680992] docker0: port 1(veth659d267) entered blocking >> >> >>>>> state >> >> >>>>> [25846.681041] docker0: port 1(veth659d267) entered disabled state >> >> >>>>> [2023-02-23T00:53:57.121358454Z] [25846.681312] device veth659d267 >> >> >>>>> entered promiscuous mode >> >> >>>>> container mounted via layerStore:[25846.681392] audit: type=1700 >> >> >>>>> audit(1677113637.219:205): dev=veth659d267 prom=256 old_prom=0 >> >> >>>>> auid=4294967295 uid=0 gid=0 ses=4294967295 >> >> >>>>> &{/var/lib/docker/overlay2/d664e[25846.683022] audit: type=1300 >> >> >>>>> audit(1677113637.219:205): arch=c00000b7 syscall=206 success=yes >> >> >>>>> exit=40 a0=d a1=4000c507b0 a2=28 a3=0 items=0 ppid=409 pid=1551 >> >> >>>>> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 >> >> >>>>> fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” >> >> >>>>> exe=“/usr/bin/dockerd” key=(null) >> >> >>>>> 7963d79b51cb1322f9995853ff56f54a3[25846.683091] audit: type=1327 >> >> >>>>> audit(1677113637.219:205): >> >> >>>>> proctitle=2F7573722F62696E2F646F636B657264002D44 >> >> >>>>> aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} >> >> >>>>> container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 >> >> >>>>> DEBU[2023-02-23T00:53:57.184741848Z] Calling POST >> >> >>>>> /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/attach?stderr=1&stdout=1&stream=1 >> >> >>>>> DEBU[2023-02-23T00:53:57.185112606Z] attach: stderr: begin >> >> >>>>> DEBU[2023-02-23T00:53:57.185130357Z] attach: stdout: begin >> >> >>>>> DEBU[2023-02-23T00:53:57.186340258Z] Calling POST >> >> >>>>> /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/wait?condition=next-exit >> >> >>>>> DEBU[2023-02-23T00:53:57.188347802Z] Calling POST >> >> >>>>> /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start >> >> >>>>> DEBU[2023-02-23T00:53:57.190864983Z] container mounted via >> >> >>>>> layerStore: >> >> >>>>> &{/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged >> >> >>>>> 0xaaaabdb0b060 0xaaaabdb0b060} >> >> >>>>> container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 >> >> >>>>> DEBU[2023-02-23T00:53:57.191993758Z] Assigning addresses for >> >> >>>>> endpoint crazy_bell’s interface on network bridge >> >> >>>>> DEBU[2023-02-23T00:53:57.192083760Z] >> >> >>>>> RequestAddress(LocalDefault/172.17.0.0/16, , map) >> >> >>>>> DEBU[2023-02-23T00:53:57.192149761Z] Request address >> >> >>>>> PoolID:172.17.0.0/16 App: ipam/default/data, ID: >> >> >>>>> LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: >> >> >>>>> 65533, Sequence: (0xc0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3 >> >> >>>>> Serial:false PrefAddress: >> >> >>>>> ERRO[2023-02-23T00:53:57.192262764Z] failed to set to initial >> >> >>>>> namespace, readlink /proc/1551/task/1555/ns/net: no such file or >> >> >>>>> directory, initns fd -1: bad file descriptor >> >> >>>>> DEBU[2023-02-23T00:53:57.252893597Z] Assigning addresses for >> >> >>>>> endpoint crazy_bell’s interface on network bridge >> >> >>>>> ERRO[2023-02-23T00:53:57.274329693Z] failed to set to initial >> >> >>>>> namespace, readlink /proc/1551/task/1555/ns/net: no such file or >> >> >>>>> directory, initns fd -1: bad file descriptor >> >> >>>>> DEBU[2023-02-23T00:53:57.294111754Z] Programming external >> >> >>>>> connectivity on endpoint crazy_bell >> >> >>>>> (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c) >> >> >>>>> ERRO[2023-02-23T00:53:57.299150489Z] failed [25846.962844] docker0: >> >> >>>>> port 1(veth659d267) entered disabled state >> >> >>>>> to set to initial namespace, readlink /proc/1551/task/1555/ns/net: >> >> >>>>> no such file or directory, initns fd -1: bad file descriptor >> >> >>>>> DEBU[2023-02-23T00:53:57.304933242Z] EnableService >> >> >>>>> 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 >> >> >>>>> START >> >> >>>>> DEBU[2023-02-23T00:53:57.305002118Z] Enabl[25846.996647] device >> >> >>>>> veth659d267 left promiscuous mode >> >> >>>>> eService 4f926f032e0566c4dbdfbb02[25846.996686] docker0: port >> >> >>>>> 1(veth659d267) entered disabled state >> >> >>>>> [25846.996703] audit: type=1700 audit(1677113637.488:206): >> >> >>>>> dev=veth659d267 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 >> >> >>>>> ses=4294967295 >> >> >>>>> 7787b42e6e19ef6e633864f09a4c9edbdb62d190 DONE >> >> >>>>> DEBU[2023-02-23T00:53:57.313909564Z] bundle dir created >> >> >>>>> bundle=/var/run/docker/containerd/4f926f032e0566c4dbdfbb027787b42e6e19ef[25847.040986] >> >> >>>>> audit: type=1300 audit(1677113637.488:206): arch=c00000b7 >> >> >>>>> syscall=206 success=yes exit=32 a0=d a1=4000ccd240 a2=20 a3=0 >> >> >>>>> items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 >> >> >>>>> fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 >> >> >>>>> comm=“dockerd” exe=“/usr/bin/dockerd” key=(null) >> >> >>>>> [25847.041004] audit: type=1327 audit(1677113637.488:206): >> >> >>>>> proctitle=2F7573722F62696E2F646F636B657264002D44 >> >> >>>>> 6e633864f09a4c9edbdb62d190 module=libcontainerd namespace=moby >> >> >>>>> root=/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged >> >> >>>>> ERRO[2023-02-23T00:53:57.445101824Z] stream copy error: reading >> >> >>>>> from a closed fifo >> >> >>>>> ERRO[2023-02-23T00:53:57.445126200Z] stream copy error: reading >> >> >>>>> from a closed fifo >> >> >>>>> DEBU[2023-02-23T00:53:57.445172451Z] attach: stderr: end >> >> >>>>> DEBU[2023-02-23T00:53:57.445174576Z] attach: stdout: end >> >> >>>>> DEBU[2023-02-23T00:53:57.445349705Z] attach done >> >> >>>>> DEBU[2023-02-23T00:53:57.469084602Z] Revoking external connectivity >> >> >>>>> on endpoint crazy_bell >> >> >>>>> (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c) >> >> >>>>> ERRO[2023-02-23T00:53:57.469206980Z] failed to set to initial >> >> >>>>> namespace, readlink /proc/1551/task/1558/ns/net: no such file or >> >> >>>>> directory, initns fd -1: bad file descriptor >> >> >>>>> ERRO[2023-02-23T00:53:57.475388115Z] failed to set to initial >> >> >>>>> namespace, readlink /proc/1551/task/1558/ns/net: no such file or >> >> >>>>> directory, initns fd -1: bad file descriptor >> >> >>>>> ERRO[2023-02-23T00:53:57.489002290Z] failed to set to initial >> >> >>>>> namespace, readlink /proc/1551/task/1558/ns/net: no such file or >> >> >>>>> directory, initns fd -1: bad file descriptor >> >> >>>>> DEBU[2023-02-23T00:53:57.587904715Z] Releasing addresses for >> >> >>>>> endpoint crazy_bell’s interface on network bridge >> >> >>>>> DEBU[2023-02-23T00:53:57.610361084Z] >> >> >>>>> ReleaseAddress(LocalDefault/172.17.0.0/16, 172.17.0.2) >> >> >>>>> DEBU[2023-02-23T00:53:57.619890544Z] Released address >> >> >>>>> PoolID:LocalDefault/172.17.0.0/16, Address:172.17.0.2 Sequence:App: >> >> >>>>> ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, >> >> >>>>> Bits: 65536, Unselected: 65532, Sequence: (0xe0000000, 1)->(0x0, >> >> >>>>> 2046)->(0x1, 1)->end Curr:3 >> >> >>>>> ERRO[2023-02-23T00:53:57.659608292Z] >> >> >>>>> 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 >> >> >>>>> cleanup: failed to delete container from containerd: no such >> >> >>>>> container >> >> >>>>> ERRO[2023-02-23T00:53:57.659718420Z] Handler for POST >> >> >>>>> /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start >> >> >>>>> returned error: failed to create shim task: OCI runtime create >> >> >>>>> failed: runc create failed: unable to start container process: >> >> >>>>> can’t get final child’s PID from pipe: EOF: unknown >> >> >>>>> docker: Error response from daemon: failed to create shim task: OCI >> >> >>>>> runtime create failed: runc create failed: unable to start >> >> >>>>> container process: can’t get final child’s PID from pipe: EOF: >> >> >>>>> unknown. >> >> >>>>> ERRO[0000] error waiting for container: context canceled >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> Regards >> >> >>>>> >> >> >>>>> Simon >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>>> >> >> >>>> >> >> >>>> >> >> >>>> -- >> >> >>>> - Thou shalt not follow the NULL pointer, for chaos and madness await >> >> >>>> thee at its end >> >> >>>> - "Use the force Harry" - Gandalf, Star Trek II >> >> >>> >> >> >>> >> >> >>> >> >> >>> >> >> > >> >> > >> >> > -- >> >> > - Thou shalt not follow the NULL pointer, for chaos and madness await >> >> > thee at its end >> >> > - "Use the force Harry" - Gandalf, Star Trek II >> >> >> >> >> >> >> >> >> -- >> - Thou shalt not follow the NULL pointer, for chaos and madness await >> thee at its end >> - "Use the force Harry" - Gandalf, Star Trek II > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7923): https://lists.yoctoproject.org/g/meta-virtualization/message/7923 Mute This Topic: https://lists.yoctoproject.org/mt/97175886/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/leave/6693005/21656/1014668956/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
