On Mo, 06.11.17 12:35, Juanjo Presa (juan...@gmail.com) wrote:
> Hi,
> I am trying to run concourse CI (CI that run build process into
> docker/runc/whatever containers) on systemd-nspawn. I will try to explain
> what i do:
>
> 1.- First I make a .raw file that install/setup app (with mkosi).
> 2.- Run concourse container with "systemd-nspawn -bi concourse.raw
> --capability=all". App works but fails when starting docker container:
>
> runc create: exit status 1: container_linux.go:264: starting container
> process caused "process_linux.go:261: applying cgroup configuration for
> process caused \"mkdir
> /sys/fs/cgroup/cpuset/8638cb95-bbbc-4719-4509-5a1789fb100a: read-only file
> system\""
>
> 3.- Run binding cgroups filesystem rw with: "systemd-nspawn -bi
> concourse.raw --capability=all --bind=/sys/fs/cgroup". Failing again with:
>
> runc create: exit status 1: container_linux.go:264: starting container
> process caused "process_linux.go:339: container init caused
> \"rootfs_linux.go:69: creating device nodes caused \\"no such file or
> directory\\"\""
>
> Do you have any hint about how can I solve this problem? Thanks in
> advance.
You can't. Docker is broken. It shouldn't directly write to the
top-level control group. It should only operate within the cgroup it
gets assigned by systemd, and turn Delegate=yes on for it, so that
systemd knows that it wants to manage its own cgroup subtree.
Anything else voids your warranty, and breaks at various places, like
the above.
Lennart
--
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
