Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] AL2023 with systemd 252 cause docker not able to run systemd on cgroupv2 #4047

Closed
peterzhuamazon opened this issue Sep 20, 2023 · 3 comments
Closed

[BUG] AL2023 with systemd 252 cause docker not able to run systemd on cgroupv2 #4047

peterzhuamazon opened this issue Sep 20, 2023 · 3 comments
Assignees
@peterzhuamazon @zelinh
Labels
bug Something isn't working cicd distributions docker integtest jenkins Jenkins related issue release v2.10.0

Comments

@peterzhuamazon
Copy link
Member

In old AL2 we have systemd 219 on the host with selinux disabled, which allows to use cgroupv1 for systemd to run in docker.

In new AL2023 we have systemd 252 on the host with selinux enabled by default, with cgroupv2 that cause these errors to show:

Failed to connect to bus: No such file or directory

...


$ docker run --rm -it --entrypoint=/usr/sbin/init -u root --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro opensearchstaging/ci-runner:ci-runner-rockylinux8-systemd-base-integtest-v3
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.33:  No such file or directory
[!!!!!!] Failed to allocate manager object, freezing.

There are two ways to resolve this:

  1. Revert back to the old cgroupv1: Unable to run systemd in docker with ro /sys/fs/cgroup after systemd 248 host upgrade moby/moby#42275 (comment)
  2. Set cgroup rw and use cgroupns=host: Container failling to start izer-xyz/3cx-docker#4

Additionally on AL2023, simply alter the /etc/selinux/config or setenforce will not change the behavior despite selinux showing sestatus as disabled on AL2023.

Use this, which needs to be set on the lib/compute/agent-nodes.ts in opensearch-ci repo.

sudo grubby --update-kernel ALL --args selinux=0

Then use this:

$  docker run --rm -it --entrypoint=/usr/lib/systemd/systemd -u root --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host opensearchstaging/ci-runner:ci-runner-rockylinux8-systemd-base-integtest-v3

Thanks.
@github-actions github-actions bot added the untriaged Issues that have not yet been triaged label Sep 20, 2023
@peterzhuamazon peterzhuamazon moved this from Backlog to In Progress in OpenSearch Engineering Effectiveness Sep 20, 2023
@peterzhuamazon peterzhuamazon removed the untriaged Issues that have not yet been triaged label Sep 20, 2023
@peterzhuamazon peterzhuamazon mentioned this issue Sep 20, 2023
Merged
@peterzhuamazon
Copy link
Member Author

peterzhuamazon commented Sep 20, 2023
edited
Loading

PRs:

@peterzhuamazon
Copy link
Member Author

peterzhuamazon commented Sep 20, 2023
edited
Loading

More related:

This was referenced Sep 20, 2023
Merged
Merged
Merged
@peterzhuamazon
Copy link
Member Author

We have resolved this issue with both deb and rpm fixed in IntegTest now.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@peterzhuamazon peterzhuamazon

@zelinh zelinh

Labels
bug Something isn't working cicd distributions docker integtest jenkins Jenkins related issue release v2.10.0
Projects
OpenSearch Engineering Effectiveness
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peterzhuamazon @zelinh