runtime Support systemd-cgroup

When configuring CRI-O to use cgroup_manager = "systemd" these errors appeared:

flag provided but not defined: -systemd-cgroup

Seems like currently we do not support this configuration.

Log from Openshift node:

W0922 13:52:49.950732   14775 pod_container_deletor.go:77] Container "e76dd72c2fce4af198f7e807b7f8edfa7d9a396bb8d304eefcad77f6f4de28d1" not found in pod's containers
E0922 13:52:51.036317   14775 remote_runtime.go:86] RunPodSandbox from runtime service failed: rpc error: code = 2 desc = container create failed: time="2017-09-22T13:52:50Z" level=error msg="flag provided but not defined: -systemd-cgroup" 
flag provided but not defined: -systemd-cgroup
E0922 13:52:51.036401   14775 kuberuntime_sandbox.go:54] CreatePodSandbox for pod "hello-openshift_default(46934edf-9f9d-11e7-96a2-525400123456)" failed: rpc error: code = 2 desc = container create failed: time="2017-09-22T13:52:50Z" level=error msg="flag provided but not defined: -systemd-cgroup" 
flag provided but not defined: -systemd-cgroup
E0922 13:52:51.036438   14775 kuberuntime_manager.go:619] createPodSandbox for pod "hello-openshift_default(46934edf-9f9d-11e7-96a2-525400123456)" failed: rpc error: code = 2 desc = container create failed: time="2017-09-22T13:52:50Z" level=error msg="flag provided but not defined: -systemd-cgroup" 
flag provided but not defined: -systemd-cgroup
E0922 13:52:51.036556   14775 pod_workers.go:182] Error syncing pod 46934edf-9f9d-11e7-96a2-525400123456 ("hello-openshift_default(46934edf-9f9d-11e7-96a2-525400123456)"), skipping: failed to "CreatePodSandbox" for "hello-openshift_default(46934edf-9f9d-11e7-96a2-525400123456)" with CreatePodSandboxError: "CreatePodSandbox for pod \"hello-openshift_default(46934edf-9f9d-11e7-96a2-525400123456)\" failed: rpc error: code = 2 desc = container create failed: time=\"2017-09-22T13:52:50Z\" level=error msg=\"flag provided but not defined: -systemd-cgroup\" \nflag provided but not defined: -systemd-cgroup\n"
I0922 13:52:52.000664   14775 operation_generator.go:609] MountVolume.SetUp succeeded for volume "kubernetes.io/secret/46934edf-9f9d-11e7-96a2-525400123456-default-token-vrh7j" (spec.Name: "default-token-vrh7j") pod "46934edf-9f9d-11e7-96a2-525400123456" (UID: "46934edf-9f9d-11e7-96a2-525400123456").
I0922 13:52:52.262855   14775 kuberuntime_manager.go:458] Container {Name:hello-openshift Image:openshift/hello-openshift Command:[] Args:[] WorkingDir: Ports:[{Name: HostPort:0 ContainerPort:8080 Protocol:TCP HostIP:}] EnvFrom:[] Env:[] Resources:{Limits:map[] Requests:map[]} VolumeMounts:[{Name:tmp ReadOnly:false MountPath:/tmp SubPath:} {Name:default-token-vrh7j ReadOnly:true MountPath:/var/run/secrets/kubernetes.io/serviceaccount SubPath:}] LivenessProbe:nil ReadinessProbe:nil Lifecycle:nil TerminationMessagePath:/dev/termination-log TerminationMessagePolicy:File ImagePullPolicy:IfNotPresent SecurityContext:&SecurityContext{Capabilities:&Capabilities{Add:[],Drop:[MKNOD SYS_CHROOT],},Privileged:*false,SELinuxOptions:&SELinuxOptions{User:,Role:,Type:,Level:s0:c3,c2,},RunAsUser:nil,RunAsNonRoot:nil,ReadOnlyRootFilesystem:nil,} Stdin:false StdinOnce:false TTY:false} is dead, but RestartPolicy says that we should restart it.
W0922 13:52:52.970135   14775 pod_container_deletor.go:77] Container "29db170440f8c60aff96eb2372bc4dd940f5d7a1a7746df9222381961fba6616" not found in pod's containers
I0922 13:52:53.003371   14775 reconciler.go:201] UnmountVolume operation started for volume "kubernetes.io/empty-dir/46934edf-9f9d-11e7-96a2-525400123456-tmp" (spec.Name: "tmp") from pod "46934edf-9f9d-11e7-96a2-525400123456" (UID: "46934edf-9f9d-11e7-96a2-525400123456").
I0922 13:52:53.003548   14775 reconciler.go:201] UnmountVolume operation started for volume "kubernetes.io/secret/46934edf-9f9d-11e7-96a2-525400123456-default-token-vrh7j" (spec.Name: "default-token-vrh7j") from pod "46934edf-9f9d-11e7-96a2-525400123456" (UID: "46934edf-9f9d-11e7-96a2-525400123456").
I0922 13:52:53.003735   14775 operation_generator.go:684] UnmountVolume.TearDown succeeded for volume "kubernetes.io/empty-dir/46934edf-9f9d-11e7-96a2-525400123456-tmp" (OuterVolumeSpecName: "tmp") pod "46934edf-9f9d-11e7-96a2-525400123456" (UID: "46934edf-9f9d-11e7-96a2-525400123456"). InnerVolumeSpecName "tmp". PluginName "kubernetes.io/empty-dir", VolumeGidValue ""
I0922 13:52:53.021155   14775 operation_generator.go:684] UnmountVolume.TearDown succeeded for volume "kubernetes.io/secret/46934edf-9f9d-11e7-96a2-525400123456-default-token-vrh7j" (OuterVolumeSpecName: "default-token-vrh7j") pod "46934edf-9f9d-11e7-96a2-525400123456" (UID: "46934edf-9f9d-11e7-96a2-525400123456"). InnerVolumeSpecName "default-token-vrh7j". PluginName "kubernetes.io/secret", VolumeGidValue ""
I0922 13:52:53.103940   14775 reconciler.go:363] Detached volume "kubernetes.io/secret/46934edf-9f9d-11e7-96a2-525400123456-default-token-vrh7j" (spec.Name: "default-token-vrh7j") devicePath: ""
I0922 13:52:53.104144   14775 reconciler.go:363] Detached volume "kubernetes.io/empty-dir/46934edf-9f9d-11e7-96a2-525400123456-tmp" (spec.Name: "tmp") devicePath: ""
E0922 13:52:53.342682   14775 kubelet.go:1669] Failed to check if disk space is available for the runtime: failed to get fs info for "runtime": ImagesFsInfo: unknown runtime: remote
E0922 13:52:54.081609   14775 remote_runtime.go:86] RunPodSandbox from runtime service failed: rpc error: code = 2 desc = container create failed: time="2017-09-22T13:52:53Z" level=error msg="flag provided but not defined: -systemd-cgroup" 
flag provided but not defined: -systemd-cgroup
E0922 13:52:54.081809   14775 kuberuntime_sandbox.go:54] CreatePodSandbox for pod "hello-openshift_default(46934edf-9f9d-11e7-96a2-525400123456)" failed: rpc error: code = 2 desc = container create failed: time="2017-09-22T13:52:53Z" level=error msg="flag provided but not defined: -systemd-cgroup" 
flag provided but not defined: -systemd-cgroup
E0922 13:52:54.081891   14775 kuberuntime_manager.go:619] createPodSandbox for pod "hello-openshift_default(46934edf-9f9d-11e7-96a2-525400123456)" failed: rpc error: code = 2 desc = container create failed: time="2017-09-22T13:52:53Z" level=error msg="flag provided but not defined: -systemd-cgroup" 
flag provided but not defined: -systemd-cgroup
E0922 13:52:54.082051   14775 pod_workers.go:182] Error syncing pod 46934edf-9f9d-11e7-96a2-525400123456 ("hello-openshift_default(46934edf-9f9d-11e7-96a2-525400123456)"), skipping: failed to "CreatePodSandbox" for "hello-openshift_default(46934edf-9f9d-11e7-96a2-525400123456)" with CreatePodSandboxError: "CreatePodSandbox for pod \"hello-openshift_default(46934edf-9f9d-11e7-96a2-525400123456)\" failed: rpc error: code = 2 desc = container create failed: time=\"2017-09-22T13:52:53Z\" level=error msg=\"flag provided but not defined: -systemd-cgroup\" \nflag provided but not defined: -systemd-cgroup\n"

Sep 22 '17 13:09 chavafg

Agreed. It appears runc supports this (global non-OCI-required) option [*], but cc-runtime currently doesn't:

$ sudo docker-runc  --help|grep systemd
   --systemd-cgroup    enable systemd cgroup support, expects cgroupsPath to be of form "slice:prefix:name" for e.g. "system.slice:runc:434234"
$ sudo docker-runc --version
runc version 1.0.0-rc2
commit: 9c2d8d184e5da67c95d601382adf14862e4f2228
spec: 1.0.0-rc2-dev

[*] - https://github.com/opencontainers/runtime-spec/blob/master/runtime.md

Sep 22 '17 14:09 jodh-intel

Technically it's not an OCI issue, it's a runc compatibility issue, so tagging with that too.

Sep 22 '17 14:09 jodh-intel

@jodh-intel kubelet also supports both cgroupfs and systemd semantics

Sep 25 '17 08:09 sameo

runtime runtime copied to clipboard

Support systemd-cgroup

runtime
runtime copied to clipboard