离线环境下，系统没有apparmor时无法安装集群

[itzhoujun]

Which command or component sealos run 安装集群

The Description of the question 安装集群时报错： 由于是离线场景，无法直接apt安装apparmor，是否可以在集群镜像中带上apparmor实现离线安装呢？

系统：ubuntu18.04 内核：4.15.0

[itzhoujun]

最后想办法手动弄了deb包安装了apparmor就OK了。 不过如果sealos能够兼容缺少apparmor的情况就厉害了。

[cuisongliu]

[itzhoujun]

有结论吗

[fanux]

这个问题还需要再跟进一下，sealos 在 debian ARM 的服务器上必现 @cuisongliu

[fanux]

sealos run labring/kubernetes-docker:v1.20.5-4.1.3 labring/calico:v3.22.1 \
  -p xxx --masters 192.168.0.165,192.168.0.82,192.168.0.188 \
  --nodes 192.168.0.52,192.168.0.156,192.168.0.7

临时解决办法，用 labring/kubernetes-docker:v1.20.5-4.1.3 这个镜像亲测没什么问题

[fanux]

Oct 13 22:12:14 racknerd-4f290c kubelet[31773]: E1013 22:12:14.361653   31773 remote_runtime.go:442] "CreateContainer in sandbox from runtime service failed" err="rpc error: code = Unknown desc = failed to create containerd container: get apparmor_parser version: exec: \"apparmor_parser\": executable file not found in $PATH" podSandboxID="78deccd920aee3c81f6dab8e0eae710d7ffc3cbd96694a3217792657547d9afd"

容器起不来，init timeout，高优先级，很让人痛苦的问题

[fanux]

apt install apparmor-utils apparmor-profiles apparmor-profiles-extra

[SignorMercurio]

It seems disable_apparmor will not stop the check for the existence of apparmor userland utilities, though it does disable apparmor functionalities.

As mentioned in https://github.com/rancher/k3os/issues/702#issuecomment-849513559, we can either disable apparmor at kernel boot or install the apparmor userland. And https://github.com/rancher/k3os/pull/709 fixed this in the former way. However, we're not likely to tamper with kernel params and will provide a package for installing apparmor offline in the future.

A temporary fix for Ubuntu/Debian would be:

$ sudo apt install apparmor apparmor-utils

[cuisongliu]

https://github.com/labring/cluster-image/commit/8b4bb02e739df1ed30b08a642ec9d1ab892c8be3

[cuisongliu]

已经解决。重新铺镜像修改这个问题。

[cuisongliu]

https://github.com/labring/cluster-image/issues/211