On Wed, May 23, 2018 at 2:15 PM, Bruce Ashfield <[email protected]> wrote: > > > On Wed, May 23, 2018 at 7:19 AM, Nicolai Weis <[email protected]> wrote: >> >> On Tue, May 22, 2018 at 7:38 AM, Nicolai Weis <nicolai.weis at web.de> >> wrote: >> >> > > Hi all, >> > > >> > > In a project I want to integrate lxc-containers into the >> > > core-image-minimal for the minnowboard turbot. Therefore I'm using the >> > > krogoth branch (have to use this branch) for the meta-layers. >> > > As described in the README-file I add meta-virtualization, meta-oe, >> > > meta-networking, meta-filesystems and meta-python to the >> > > bblayers.conf. In >> > > the local.conf >> > > I added at the end of the file BBFILE_PRIORITY_openembedded-layer = >> > > "4" >> > > and IMAGE_INSTALL_append = " lxc" (lxc_2.0.0.bb). >> > > >> > > After the sucessful build I start the image and created with the >> > > busybox-template - should I use a different template? - a lxc-busybox >> > > container. I tried to start the container, but the error >> > > "1079 failed initializing cgroup support" appeared. lxc-checkconfig >> > > showed >> > > cgroup-namespaces: required. I tried to solve this with adding >> > > cgroup-lite >> > > to IMAGE_INSTALL_append, but it >> > > didn't change anything (only let cgroup-namespaces disappear and >> > > showed >> > > Cgroup clone_children flag: enabled). I'm using sysvinit instead of >> > > systemd. >> >> >> > What kernel are you using ? This typically means that the kernel config >> > isn't correct. >> > If you aren't using linux-yocto, then the fragments we have in the layer >> > are likely >> > not being applied, and you'll need to manually configure your kernel >> > with >> > the right >> > >> options. >> >> In the minnowboard image I'm using the kernel version >> 4.4.26-rt19-yocto-preempt-rt. >> I tried it with a qemux image with the kernel version >> 4.4.26-yocto-standard, too. > > > You are fine with both of these kernels. I know that we've run LXC against > them in the past >> >> > Otherwise, it could be that the cgroups are not being mounted properly >> > by >> > your >> > recipe, so have a look and confirm if cgroups or cgroups2 are in fact >> > mounted in >> > your image. >> >> I did the mounting with the cgroups-mount script under the /bin directory >> (comming through adding cgroups-lite to the image). Inside /sys/fs/cgroup >> directory >> there are the mounted folders with blkio, cpu, cpuacct, cpuset, debug, >> devices, freezer, memory and net_cls. Furthermore I checked it with a >> cgroups_check-config.sh from docker. >> The output showed following missing configs, but I don't think they are >> the reason that the lxc-busybox container doesn't start: >> - Generally necessary - missing: CONFIG_VETH, >> CONFIG_IP_NF_TARGET_MASQUERADE, CONFIG_NETFILTER_XT_MATCH_ADDRTYPE, >> CONFIG_NETFILTER_XT_MATCH_IPVS, CONFIG_IP_NF_NAT, >> CONFIG_DEVPTS_MULTIPLE_INSTANCES >> - Optional Features - missing: CONFIG_CGROUP_PIDS, >> CONFIG_BLK_DEV_THROTTLING, CONFIG_CFQ_GROUP_IOSCHED, CONFIG_CGROUP_PERF, >> CONFIG_CGROUP_HUGETLB, CONFIG_CGROUP_NET_PRIO, >> CONFIG_CFS_BANDWIDTH, CONFIG_RT_GROUP_SCHED, CONFIG_IP_VS, >> CONFIG_IP_VS_NFCT, CONFIG_IP_VS_RR >> >> With lxc-start -n Test -F it showed that start.c: 1079 failed initializing >> cgroup support comes after cgfsng.c: 431 no systemd controller mountpoint >> found. If I try to mount systemd (I'm using sysvinit and so mounting systemd >> makes no sense to me) there are a lot of other failures. > > > Both lxc and docker have over time evolved to have very specific > expectations of mounts (and in particular cgroup mounts), which is made > worse with the versions moving from cgroup to cgroup2 mount structures. > > It could also just be that our sysvinit support has bit-rotted. I know that > I've been using systemd for quite a long time and haven't heard of a lot of > sysvinit testing. > > My suggestion is that we need to dive into the code to see what mount > structure that LXC version is looking for, and then figure out how to > manually mount it (which I've done in the past), or get cgroups-lite to take > care of it. > > Bruce
I actually had a cgroup-lite uprev in flight which has now been sent to the list. I also have plans to uprev LXC in the next week or so, along with making some changes, such as dropping the lxc-setup package which has its roots from early iterations of the systemd/sysvinit split, which can be done differently now. If I find the time to get this done you should see the series soon. Mark > >> > Bruce >> >> >> > > Do I have to change some configurations in the lxc-recipe? I would be >> > > very >> > > grateful if you can give me some information about it. >> > > >> > > Thanks >> > > Nicolai > > > > > -- > "Thou shalt not follow the NULL pointer, for chaos and madness await thee at > its end" > > -- > _______________________________________________ > meta-virtualization mailing list > [email protected] > https://lists.yoctoproject.org/listinfo/meta-virtualization > -- _______________________________________________ meta-virtualization mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-virtualization
