-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Containers created with cgroup_manager=cgroupfs fail obscurely with new default settings #7830
Comments
Thanks for opening the issue, @owtaylor! Podman does not store the cgroup-manager a container has been started with. It's a global setting. If a container is created with It recently bit me as well and I'd love Podman to store the cgroup manager in the database and reuse it for further commands. |
I guess parsing the cgroup-manager out of the ExitCommand would be bad form? Presumably, there is something about the container configuration that is causing this particular bug (wild guess - CgroupParent=""?) - if there's not a general solution to this that covers all cases, shouldn't it be possible to catch this particular case and do something reasonable / present a good error message? |
I have a PR that will fix this for new containers, but I don't think we can fix existing containers easily. |
When we create a container, we assign a cgroup parent based on the current cgroup manager in use. This parent is only usable with the cgroup manager the container is created with, so if the default cgroup manager is later changed or overridden, the container will not be able to start. To solve this, store the cgroup manager that created the container in container configuration, so we can guarantee a container with a systemd cgroup parent will always be started with systemd cgroups. Unfortunately, this is very difficult to test in CI, due to the fact that we hard-code cgroup manager on all invocations of Podman in CI. Fixes containers#7830 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
When we create a container, we assign a cgroup parent based on the current cgroup manager in use. This parent is only usable with the cgroup manager the container is created with, so if the default cgroup manager is later changed or overridden, the container will not be able to start. To solve this, store the cgroup manager that created the container in container configuration, so we can guarantee a container with a systemd cgroup parent will always be started with systemd cgroups. Unfortunately, this is very difficult to test in CI, due to the fact that we hard-code cgroup manager on all invocations of Podman in CI. Fixes containers#7830 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
At some point in the past, apparently libpod wrote a libpod.conf that included
cgroup_manager=cgroupfs
(small chance that I added it manually as a workaround for some issue in the past.)When I upgraded to podman-2.1.1, I got the new warning:
I inspected
libpod.conf
, determined that there was nothing in there that looked like local configuration, and deleted it. At this point, my old containers no longer started, with the error message:After an hour or so of investigation, noticing that new containers did start, and diffing debug output between new and old containers, I determined that it was possible to start my old containers with a manual --cgroup-manager=cgroupfs.
it was pointed out to me that there's a note in the podman(1) man page: Note: Setting this flag can cause certain commands to break when called on containers previously created by the other CGroup manager type." - but even if I had found this note, it would not necessarily been clear to me that "certain commands" includes starting the container - the wording sounds like it's referring to edge cases.
Steps to reproduce the issue:
Describe the results you expected:
One of the following:
From a toolbox perspective, 1 or 2 would be better, since the user doesn't invoke podman directly, and just expects their previously created toolbox to keep working. Having toolbox detect the situation and add
--cgroup-manager
seems less than ideal.Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
Yes
The text was updated successfully, but these errors were encountered: