Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

kata not supporting cpuset/cpus via cri? #1079

Closed
peter-wangxu opened this issue Dec 28, 2018 · 8 comments
Closed

kata not supporting cpuset/cpus via cri? #1079

peter-wangxu opened this issue Dec 28, 2018 · 8 comments
Assignees
@devimc
Labels
feature New functionality limitation Issue cannot be resolved

Comments

@peter-wangxu
Copy link

Description of problem

sudo docker run --name cpuset -d --cpus 2 ubuntu:latest sleep 1000

$ docker inspect a3c6c718df1e
[
    {
        "Id": "a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329",
        "Created": "2018-12-28T08:57:51.536880929Z",
        "Path": "sleep",
        "Args": [
            "1000"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 3107,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2018-12-28T08:57:54.048865781Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:ea4c82dcd15a33e3e9c4c37050def20476856a08e59526fbe533cc4e98387e39",
        "ResolvConfPath": "/var/lib/docker/containers/a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329/hostname",
        "HostsPath": "/var/lib/docker/containers/a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329/hosts",
        "LogPath": "/var/lib/docker/containers/a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329/a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329-json.log",
        "Name": "/cpuset",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "shareable",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "kata-runtime",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 2000000000,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": 0,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/asound",
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/b594a2fe867fe9ffc09374a20cd7c3dbec958043159dbc781d3298412771dc4e-init/diff:/var/lib/docker/overlay2/f960b3b362e0e00fb5d0b490ae166a1457fd71d954384a492bff115cc26a017a/diff:/var/lib/docker/overlay2/8f14df32c43aafc75f2ed28cd34f29ec64e65536fe2679df7f12e248321d77e0/diff:/var/lib/docker/overlay2/c9cea40e5eb480d51721c4a323cf58c7bcc0b3861fbd6212ab0a0e771987c160/diff:/var/lib/docker/overlay2/d8ca8d8b58b68a60a0a9f68d9ac542968caf49952f15d255eb2c272d48229d77/diff",
                "MergedDir": "/var/lib/docker/overlay2/b594a2fe867fe9ffc09374a20cd7c3dbec958043159dbc781d3298412771dc4e/merged",
                "UpperDir": "/var/lib/docker/overlay2/b594a2fe867fe9ffc09374a20cd7c3dbec958043159dbc781d3298412771dc4e/diff",
                "WorkDir": "/var/lib/docker/overlay2/b594a2fe867fe9ffc09374a20cd7c3dbec958043159dbc781d3298412771dc4e/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [],
        "Config": {
            "Hostname": "a3c6c718df1e",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "sleep",
                "1000"
            ],
            "Image": "ubuntu:latest",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {}
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "1f15e59ae26be28242d21cfeaae218812ee77c6d23ae9c7a6dd7eb4d5222fa47",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/1f15e59ae26b",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "16231dd45f18ebe3a4c09db5d9c42f8d492b3183838034cb2baccf7c77751e03",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:03",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "8e8972f0131f530c622fe4ea158523d84a90db69b5e33bf1ab30918ce56b7ce4",
                    "EndpointID": "16231dd45f18ebe3a4c09db5d9c42f8d492b3183838034cb2baccf7c77751e03",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:03",
                    "DriverOpts": null
                }
            }
        }
    }
]

cat /sys/fs/cgroup/cpuset/kata/a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329/cpuset.cpus
0-2

obviously, both the docker inspect and cgroup parameter did not respect my input --cpus 2

Expected result

we should see 0-1 from the output of cpuset.cpus

Actual result

  • in docker inspect output: ""
  • in cgroup output "0-2" which is set to all my cpus

kata-collect-data.sh

Meta details

Running kata-collect-data.sh version 1.4.1 (commit 45ea48e) at 2018-12-28.01:19:16.260745953-0800.

Runtime is /usr/bin/kata-runtime.

kata-env

Output of "/usr/bin/kata-runtime kata-env":

[Meta]
  Version = "1.0.19"

[Runtime]
  Debug = false
  DisableNewNetNs = false
  Path = "/usr/bin/kata-runtime"
  [Runtime.Version]
    Semver = "1.4.1"
    Commit = "45ea48e"
    OCI = "1.0.1-dev"
  [Runtime.Config]
    Path = "/usr/share/defaults/kata-containers/configuration.toml"

[Hypervisor]
  MachineType = "pc"
  Version = "QEMU emulator version 2.11.0\nCopyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers"
  Path = "/usr/bin/qemu-lite-system-x86_64"
  BlockDeviceDriver = "virtio-scsi"
  EntropySource = "/dev/urandom"
  Msize9p = 8192
  MemorySlots = 10
  Debug = false
  UseVSock = false

[Image]
  Path = "/usr/share/kata-containers/kata-containers-image_clearlinux_1.4.1_agent_3cf32a0a6b0.img"

[Kernel]
  Path = "/usr/share/kata-containers/vmlinuz-4.14.67.19-4.container"
  Parameters = ""

[Initrd]
  Path = ""

[Proxy]
  Type = "kataProxy"
  Version = "kata-proxy version 1.4.1-6553b83"
  Path = "/usr/libexec/kata-containers/kata-proxy"
  Debug = false

[Shim]
  Type = "kataShim"
  Version = "kata-shim version 1.4.1-6346110"
  Path = "/usr/libexec/kata-containers/kata-shim"
  Debug = false

[Agent]
  Type = "kata"

[Host]
  Kernel = "4.15.0-39-generic"
  Architecture = "amd64"
  VMContainerCapable = true
  SupportVSocks = true
  [Host.Distro]
    Name = "Ubuntu"
    Version = "18.04"
  [Host.CPU]
    Vendor = "GenuineIntel"
    Model = "Intel(R) Core(TM) i7-4770HQ CPU @ 2.20GHz"

[Netmon]
  Version = "kata-netmon version 1.4.1"
  Path = "/usr/libexec/kata-containers/kata-netmon"
  Debug = false
  Enable = false

Runtime config files

Runtime default config files

/etc/kata-containers/configuration.toml
/usr/share/defaults/kata-containers/configuration.toml

Runtime config file contents

Config file /etc/kata-containers/configuration.toml not found
Output of "cat "/usr/share/defaults/kata-containers/configuration.toml"":

# Copyright (c) 2017-2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#

# XXX: WARNING: this file is auto-generated.
# XXX:
# XXX: Source file: "cli/config/configuration.toml.in"
# XXX: Project:
# XXX:   Name: Kata Containers
# XXX:   Type: kata

[hypervisor.qemu]
path = "/usr/bin/qemu-lite-system-x86_64"
kernel = "/usr/share/kata-containers/vmlinuz.container"
image = "/usr/share/kata-containers/kata-containers.img"
machine_type = "pc"

# Optional space-separated list of options to pass to the guest kernel.
# For example, use `kernel_params = "vsyscall=emulate"` if you are having
# trouble running pre-2.15 glibc.
#
# WARNING: - any parameter specified here will take priority over the default
# parameter value of the same name used to start the virtual machine.
# Do not set values here unless you understand the impact of doing so as you
# may stop the virtual machine from booting.
# To see the list of default parameters, enable hypervisor debug, create a
# container and look for 'default-kernel-parameters' log entries.
kernel_params = ""

# Path to the firmware.
# If you want that qemu uses the default firmware leave this option empty
firmware = ""

# Machine accelerators
# comma-separated list of machine accelerators to pass to the hypervisor.
# For example, `machine_accelerators = "nosmm,nosmbus,nosata,nopit,static-prt,nofw"`
machine_accelerators=""

# Default number of vCPUs per SB/VM:
# unspecified or 0                --> will be set to 1
# < 0                             --> will be set to the actual number of physical cores
# > 0 <= number of physical cores --> will be set to the specified number
# > number of physical cores      --> will be set to the actual number of physical cores
default_vcpus = 1

# Default maximum number of vCPUs per SB/VM:
# unspecified or == 0             --> will be set to the actual number of physical cores or to the maximum number
#                                     of vCPUs supported by KVM if that number is exceeded
# > 0 <= number of physical cores --> will be set to the specified number
# > number of physical cores      --> will be set to the actual number of physical cores or to the maximum number
#                                     of vCPUs supported by KVM if that number is exceeded
# WARNING: Depending of the architecture, the maximum number of vCPUs supported by KVM is used when
# the actual number of physical cores is greater than it.
# WARNING: Be aware that this value impacts the virtual machine's memory footprint and CPU
# the hotplug functionality. For example, `default_maxvcpus = 240` specifies that until 240 vCPUs
# can be added to a SB/VM, but the memory footprint will be big. Another example, with
# `default_maxvcpus = 8` the memory footprint will be small, but 8 will be the maximum number of
# vCPUs supported by the SB/VM. In general, we recommend that you do not edit this variable,
# unless you know what are you doing.
default_maxvcpus = 0

# Bridges can be used to hot plug devices.
# Limitations:
# * Currently only pci bridges are supported
# * Until 30 devices per bridge can be hot plugged.
# * Until 5 PCI bridges can be cold plugged per VM.
#   This limitation could be a bug in qemu or in the kernel
# Default number of bridges per SB/VM:
# unspecified or 0   --> will be set to 1
# > 1 <= 5           --> will be set to the specified number
# > 5                --> will be set to 5
default_bridges = 1

# Default memory size in MiB for SB/VM.
# If unspecified then it will be set 2048 MiB.
default_memory = 2048
#
# Default memory slots per SB/VM.
# If unspecified then it will be set 10.
# This is will determine the times that memory will be hotadded to sandbox/VM.
#memory_slots = 10

# Disable block device from being used for a container's rootfs.
# In case of a storage driver like devicemapper where a container's
# root file system is backed by a block device, the block device is passed
# directly to the hypervisor for performance reasons.
# This flag prevents the block device from being passed to the hypervisor,
# 9pfs is used instead to pass the rootfs.
disable_block_device_use = false

# Block storage driver to be used for the hypervisor in case the container
# rootfs is backed by a block device. This is either virtio-scsi or
# virtio-blk.
block_device_driver = "virtio-scsi"

# Enable iothreads (data-plane) to be used. This causes IO to be
# handled in a separate IO thread. This is currently only implemented
# for SCSI.
#
enable_iothreads = false

# Enable pre allocation of VM RAM, default false
# Enabling this will result in lower container density
# as all of the memory will be allocated and locked
# This is useful when you want to reserve all the memory
# upfront or in the cases where you want memory latencies
# to be very predictable
# Default false
#enable_mem_prealloc = true

# Enable huge pages for VM RAM, default false
# Enabling this will result in the VM memory
# being allocated using huge pages.
# This is useful when you want to use vhost-user network
# stacks within the container. This will automatically
# result in memory pre allocation
#enable_hugepages = true

# Enable swap of vm memory. Default false.
# The behaviour is undefined if mem_prealloc is also set to true
#enable_swap = true

# This option changes the default hypervisor and kernel parameters
# to enable debug output where available. This extra output is added
# to the proxy logs, but only when proxy debug is also enabled.
#
# Default false
#enable_debug = true

# Disable the customizations done in the runtime when it detects
# that it is running on top a VMM. This will result in the runtime
# behaving as it would when running on bare metal.
#
#disable_nesting_checks = true

# This is the msize used for 9p shares. It is the number of bytes
# used for 9p packet payload.
#msize_9p = 8192

# If true and vsocks are supported, use vsocks to communicate directly
# with the agent and no proxy is started, otherwise use unix
# sockets and start a proxy to communicate with the agent.
# Default false
#use_vsock = true

# VFIO devices are hotplugged on a bridge by default.
# Enable hotplugging on root bus. This may be required for devices with
# a large PCI bar, as this is a current limitation with hotplugging on
# a bridge. This value is valid for "pc" machine type.
# Default false
#hotplug_vfio_on_root_bus = true

# If host doesn't support vhost_net, set to true. Thus we won't create vhost fds for nics.
# Default false
#disable_vhost_net = true
#
# Default entropy source.
# The path to a host source of entropy (including a real hardware RNG)
# /dev/urandom and /dev/random are two main options.
# Be aware that /dev/random is a blocking source of entropy.  If the host
# runs out of entropy, the VMs boot time will increase leading to get startup
# timeouts.
# The source of entropy /dev/urandom is non-blocking and provides a
# generally acceptable source of entropy. It should work well for pretty much
# all practical purposes.
#entropy_source= "/dev/urandom"

# Path to OCI hook binaries in the *guest rootfs*.
# This does not affect host-side hooks which must instead be added to
# the OCI spec passed to the runtime.
#
# You can create a rootfs with hooks by customizing the osbuilder scripts:
# https://github.com/kata-containers/osbuilder
#
# Hooks must be stored in a subdirectory of guest_hook_path according to their
# hook type, i.e. "guest_hook_path/{prestart,postart,poststop}".
# The agent will scan these directories for executable files and add them, in
# lexicographical order, to the lifecycle of the guest container.
# Hooks are executed in the runtime namespace of the guest. See the official documentation:
# https://github.com/opencontainers/runtime-spec/blob/v1.0.1/config.md#posix-platform-hooks
# Warnings will be logged if any error is encountered will scanning for hooks,
# but it will not abort container execution.
#guest_hook_path = "/usr/share/oci/hooks"

[factory]
# VM templating support. Once enabled, new VMs are created from template
# using vm cloning. They will share the same initial kernel, initramfs and
# agent memory by mapping it readonly. It helps speeding up new container
# creation and saves a lot of memory if there are many kata containers running
# on the same host.
#
# When disabled, new VMs are created from scratch.
#
# Default false
#enable_template = true

[proxy.kata]
path = "/usr/libexec/kata-containers/kata-proxy"

# If enabled, proxy messages will be sent to the system log
# (default: disabled)
#enable_debug = true

[shim.kata]
path = "/usr/libexec/kata-containers/kata-shim"

# If enabled, shim messages will be sent to the system log
# (default: disabled)
#enable_debug = true

[agent.kata]
# There is no field for this section. The goal is only to be able to
# specify which type of agent the user wants to use.

[netmon]
# If enabled, the network monitoring process gets started when the
# sandbox is created. This allows for the detection of some additional
# network being added to the existing network namespace, after the
# sandbox has been created.
# (default: disabled)
#enable_netmon = true

# Specify the path to the netmon binary.
path = "/usr/libexec/kata-containers/kata-netmon"

# If enabled, netmon messages will be sent to the system log
# (default: disabled)
#enable_debug = true

[runtime]
# If enabled, the runtime will log additional debug messages to the
# system log
# (default: disabled)
#enable_debug = true
#
# Internetworking model
# Determines how the VM should be connected to the
# the container network interface
# Options:
#
#   - bridged
#     Uses a linux bridge to interconnect the container interface to
#     the VM. Works for most cases except macvlan and ipvlan.
#
#   - macvtap
#     Used when the Container network interface can be bridged using
#     macvtap.
#
#   - none
#     Used when customize network. Only creates a tap device. No veth pair.
#
#   - tcfilter
#     Uses tc filter rules to redirect traffic from the network interface
#     provided by plugin to a tap interface connected to the VM.
#
internetworking_model="macvtap"

# If enabled, the runtime will create opentracing.io traces and spans.
# (See https://www.jaegertracing.io/docs/getting-started).
# (default: disabled)
#enable_tracing = true

# If enabled, the runtime will not create a network namespace for shim and hypervisor processes.
# This option may have some potential impacts to your host. It should only be used when you know what you're doing.
# `disable_new_netns` conflicts with `enable_netmon`
# `disable_new_netns` conflicts with `internetworking_model=bridged` and `internetworking_model=macvtap`. It works only
# with `internetworking_model=none`. The tap device will be in the host network namespace and can connect to a bridge
# (like OVS) directly.
# If you are using docker, `disable_new_netns` only works with `docker run --net=none`
# (default: false)
#disable_new_netns = true

KSM throttler

version

Output of "/usr/libexec/kata-ksm-throttler/kata-ksm-throttler --version":

kata-ksm-throttler version 1.5.0-rc1-83ecff0

systemd service

Image details

---
osbuilder:
  url: "https://github.com/kata-containers/osbuilder"
  version: "unknown"
rootfs-creation-time: "2018-12-11T01:27:16.046924344+0000Z"
description: "osbuilder rootfs"
file-format-version: "0.0.2"
architecture: "x86_64"
base-distro:
  name: "Clear"
  version: "26730"
  packages:
    default:
      - "iptables-bin"
      - "libudev0-shim"
      - "systemd"
    extra:

agent:
  url: "https://github.com/kata-containers/agent"
  name: "kata-agent"
  version: "1.4.1-3cf32a0a6b03b3b64c1ffbda3b7bb91876f7f2aa"
  agent-is-init-daemon: "no"

Initrd details

No initrd

Logfiles

Runtime logs

Recent runtime problems found in system journal:

time="2018-12-27T23:27:27.75456668-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=c7cfd08fb989a98a13ca4c2f9466e63d5b119a1c9651dc02220eb1229e888d78 error="open /run/vc/sbs/c7cfd08fb989a98a13ca4c2f9466e63d5b119a1c9651dc02220eb1229e888d78/devices.json: no such file or directory" name=kata-runtime pid=9960 sandbox=c7cfd08fb989a98a13ca4c2f9466e63d5b119a1c9651dc02220eb1229e888d78 sandboxid=c7cfd08fb989a98a13ca4c2f9466e63d5b119a1c9651dc02220eb1229e888d78 source=virtcontainers subsystem=sandbox
time="2018-12-27T23:27:27.809288273-08:00" level=error msg="Unable to launch /usr/bin/qemu-lite-system-x86_64: exit status 1" arch=amd64 command=create container=c7cfd08fb989a98a13ca4c2f9466e63d5b119a1c9651dc02220eb1229e888d78 name=kata-runtime pid=9960 source=virtcontainers subsystem=qmp
time="2018-12-27T23:27:27.809393986-08:00" level=error msg="Could not access KVM kernel module: No such file or directory\nqemu-lite-system-x86_64: failed to initialize KVM: No such file or directory\n" arch=amd64 command=create container=c7cfd08fb989a98a13ca4c2f9466e63d5b119a1c9651dc02220eb1229e888d78 name=kata-runtime pid=9960 source=virtcontainers subsystem=qmp
time="2018-12-27T23:27:27.865797589-08:00" level=error msg="Could not access KVM kernel module: No such file or directory\nqemu-lite-system-x86_64: failed to initialize KVM: No such file or directory\n" arch=amd64 command=create container=c7cfd08fb989a98a13ca4c2f9466e63d5b119a1c9651dc02220eb1229e888d78 name=kata-runtime pid=9960 source=runtime
time="2018-12-27T23:27:43.343145074-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=ea82ce3e9068f0eb94293a75d806a1d2faf5d04a7ad3d1457e41a22ed92d6f75 error="open /run/vc/sbs/ea82ce3e9068f0eb94293a75d806a1d2faf5d04a7ad3d1457e41a22ed92d6f75/devices.json: no such file or directory" name=kata-runtime pid=10052 sandbox=ea82ce3e9068f0eb94293a75d806a1d2faf5d04a7ad3d1457e41a22ed92d6f75 sandboxid=ea82ce3e9068f0eb94293a75d806a1d2faf5d04a7ad3d1457e41a22ed92d6f75 source=virtcontainers subsystem=sandbox
time="2018-12-27T23:27:43.371913188-08:00" level=error msg="Unable to launch /usr/bin/qemu-lite-system-x86_64: exit status 1" arch=amd64 command=create container=ea82ce3e9068f0eb94293a75d806a1d2faf5d04a7ad3d1457e41a22ed92d6f75 name=kata-runtime pid=10052 source=virtcontainers subsystem=qmp
time="2018-12-27T23:27:43.372085206-08:00" level=error msg="Could not access KVM kernel module: No such file or directory\nqemu-lite-system-x86_64: failed to initialize KVM: No such file or directory\n" arch=amd64 command=create container=ea82ce3e9068f0eb94293a75d806a1d2faf5d04a7ad3d1457e41a22ed92d6f75 name=kata-runtime pid=10052 source=virtcontainers subsystem=qmp
time="2018-12-27T23:27:43.417478943-08:00" level=error msg="Could not access KVM kernel module: No such file or directory\nqemu-lite-system-x86_64: failed to initialize KVM: No such file or directory\n" arch=amd64 command=create container=ea82ce3e9068f0eb94293a75d806a1d2faf5d04a7ad3d1457e41a22ed92d6f75 name=kata-runtime pid=10052 source=runtime
time="2018-12-27T23:29:24.413559905-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=5b5edeb990184080ffaa9efdd563cddd0db9cd585653ebea04604f866c27381b error="open /run/vc/sbs/5b5edeb990184080ffaa9efdd563cddd0db9cd585653ebea04604f866c27381b/devices.json: no such file or directory" name=kata-runtime pid=10136 sandbox=5b5edeb990184080ffaa9efdd563cddd0db9cd585653ebea04604f866c27381b sandboxid=5b5edeb990184080ffaa9efdd563cddd0db9cd585653ebea04604f866c27381b source=virtcontainers subsystem=sandbox
time="2018-12-27T23:29:24.43413892-08:00" level=error msg="Unable to launch /usr/bin/qemu-lite-system-x86_64: exit status 1" arch=amd64 command=create container=5b5edeb990184080ffaa9efdd563cddd0db9cd585653ebea04604f866c27381b name=kata-runtime pid=10136 source=virtcontainers subsystem=qmp
time="2018-12-27T23:29:24.434491876-08:00" level=error msg="Could not access KVM kernel module: No such file or directory\nqemu-lite-system-x86_64: failed to initialize KVM: No such file or directory\n" arch=amd64 command=create container=5b5edeb990184080ffaa9efdd563cddd0db9cd585653ebea04604f866c27381b name=kata-runtime pid=10136 source=virtcontainers subsystem=qmp
time="2018-12-27T23:29:24.477640815-08:00" level=error msg="Could not access KVM kernel module: No such file or directory\nqemu-lite-system-x86_64: failed to initialize KVM: No such file or directory\n" arch=amd64 command=create container=5b5edeb990184080ffaa9efdd563cddd0db9cd585653ebea04604f866c27381b name=kata-runtime pid=10136 source=runtime
time="2018-12-27T23:30:27.472794599-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=11a7076e503aea36f9e7ee79850c2af21e39502ca9d74dbb09aee3b63c325632 error="open /run/vc/sbs/11a7076e503aea36f9e7ee79850c2af21e39502ca9d74dbb09aee3b63c325632/devices.json: no such file or directory" name=kata-runtime pid=10296 sandbox=11a7076e503aea36f9e7ee79850c2af21e39502ca9d74dbb09aee3b63c325632 sandboxid=11a7076e503aea36f9e7ee79850c2af21e39502ca9d74dbb09aee3b63c325632 source=virtcontainers subsystem=sandbox
time="2018-12-27T23:30:27.501946733-08:00" level=error msg="Unable to launch /usr/bin/qemu-lite-system-x86_64: exit status 1" arch=amd64 command=create container=11a7076e503aea36f9e7ee79850c2af21e39502ca9d74dbb09aee3b63c325632 name=kata-runtime pid=10296 source=virtcontainers subsystem=qmp
time="2018-12-27T23:30:27.502037222-08:00" level=error msg="Could not access KVM kernel module: No such file or directory\nqemu-lite-system-x86_64: failed to initialize KVM: No such file or directory\n" arch=amd64 command=create container=11a7076e503aea36f9e7ee79850c2af21e39502ca9d74dbb09aee3b63c325632 name=kata-runtime pid=10296 source=virtcontainers subsystem=qmp
time="2018-12-27T23:30:27.554274363-08:00" level=error msg="Could not access KVM kernel module: No such file or directory\nqemu-lite-system-x86_64: failed to initialize KVM: No such file or directory\n" arch=amd64 command=create container=11a7076e503aea36f9e7ee79850c2af21e39502ca9d74dbb09aee3b63c325632 name=kata-runtime pid=10296 source=runtime
time="2018-12-27T23:34:24.981184429-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=613fd12fbcedddbdd59cf845a459aa7534014dfece850a2cf8f053d50880f002 error="open /run/vc/sbs/613fd12fbcedddbdd59cf845a459aa7534014dfece850a2cf8f053d50880f002/devices.json: no such file or directory" name=kata-runtime pid=2394 sandbox=613fd12fbcedddbdd59cf845a459aa7534014dfece850a2cf8f053d50880f002 sandboxid=613fd12fbcedddbdd59cf845a459aa7534014dfece850a2cf8f053d50880f002 source=virtcontainers subsystem=sandbox
time="2018-12-27T23:35:15.43733499-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=59f6840de5bcdf76121eba8cbd0136e90229201e248de75731c0ea3c2fd78284 error="open /run/vc/sbs/59f6840de5bcdf76121eba8cbd0136e90229201e248de75731c0ea3c2fd78284/devices.json: no such file or directory" name=kata-runtime pid=2624 sandbox=59f6840de5bcdf76121eba8cbd0136e90229201e248de75731c0ea3c2fd78284 sandboxid=59f6840de5bcdf76121eba8cbd0136e90229201e248de75731c0ea3c2fd78284 source=virtcontainers subsystem=sandbox
time="2018-12-27T23:51:58.160439727-08:00" level=error msg="failed to destroy cgroup" arch=amd64 command=delete container=59f6840de5bcdf76121eba8cbd0136e90229201e248de75731c0ea3c2fd78284 error="failed to clear cgroup processes" name=kata-runtime pid=11816 sandbox=59f6840de5bcdf76121eba8cbd0136e90229201e248de75731c0ea3c2fd78284 source=virtcontainers subsystem=sandbox
time="2018-12-27T23:54:10.697498255-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=2ed628db2f447ac9748a3603f5c0509055a18f0080300a59e85bdf0ea8d84b94 error="open /run/vc/sbs/2ed628db2f447ac9748a3603f5c0509055a18f0080300a59e85bdf0ea8d84b94/devices.json: no such file or directory" name=kata-runtime pid=11918 sandbox=2ed628db2f447ac9748a3603f5c0509055a18f0080300a59e85bdf0ea8d84b94 sandboxid=2ed628db2f447ac9748a3603f5c0509055a18f0080300a59e85bdf0ea8d84b94 source=virtcontainers subsystem=sandbox
time="2018-12-28T00:14:29.743256262-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=a5f4af4e44c33eb404e72e6cb26c7ece72a645421990fbacde28f15c64411cd1 error="open /run/vc/sbs/a5f4af4e44c33eb404e72e6cb26c7ece72a645421990fbacde28f15c64411cd1/devices.json: no such file or directory" name=kata-runtime pid=12702 sandbox=a5f4af4e44c33eb404e72e6cb26c7ece72a645421990fbacde28f15c64411cd1 sandboxid=a5f4af4e44c33eb404e72e6cb26c7ece72a645421990fbacde28f15c64411cd1 source=virtcontainers subsystem=sandbox
time="2018-12-28T00:54:40.880096021-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=0cf4e7fc872a38850ee344ec75edeaf8b1801179aae505078ce67db0e4a159f6 error="open /run/vc/sbs/0cf4e7fc872a38850ee344ec75edeaf8b1801179aae505078ce67db0e4a159f6/devices.json: no such file or directory" name=kata-runtime pid=2629 sandbox=0cf4e7fc872a38850ee344ec75edeaf8b1801179aae505078ce67db0e4a159f6 sandboxid=0cf4e7fc872a38850ee344ec75edeaf8b1801179aae505078ce67db0e4a159f6 source=virtcontainers subsystem=sandbox
time="2018-12-28T00:55:30.022319005-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=a7bd9f7512c6d1b99e67ab9f6da7def85e0cfe92ff519e2ac0f6f9f65541e658 error="open /run/vc/sbs/a7bd9f7512c6d1b99e67ab9f6da7def85e0cfe92ff519e2ac0f6f9f65541e658/devices.json: no such file or directory" name=kata-runtime pid=2802 sandbox=a7bd9f7512c6d1b99e67ab9f6da7def85e0cfe92ff519e2ac0f6f9f65541e658 sandboxid=a7bd9f7512c6d1b99e67ab9f6da7def85e0cfe92ff519e2ac0f6f9f65541e658 source=virtcontainers subsystem=sandbox
time="2018-12-28T00:55:33.12169593-08:00" level=error msg="rpc error: code = Internal desc = Could not run process: container_linux.go:348: starting container process caused \"process_linux.go:279: applying cgroup configuration for process caused \\\"failed to write 0,2 to cpuset.cpus: write /sys/fs/cgroup/cpuset/docker/a7bd9f7512c6d1b99e67ab9f6da7def85e0cfe92ff519e2ac0f6f9f65541e658/cpuset.cpus: invalid argument\\\"\"" arch=amd64 command=create container=a7bd9f7512c6d1b99e67ab9f6da7def85e0cfe92ff519e2ac0f6f9f65541e658 name=kata-runtime pid=2802 source=runtime
time="2018-12-28T00:56:27.550942815-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=2b3e9a687fc5a483775b9d5096b8e9135f41bda70698cee2b7c5bd6c60ed7cb4 error="open /run/vc/sbs/2b3e9a687fc5a483775b9d5096b8e9135f41bda70698cee2b7c5bd6c60ed7cb4/devices.json: no such file or directory" name=kata-runtime pid=2939 sandbox=2b3e9a687fc5a483775b9d5096b8e9135f41bda70698cee2b7c5bd6c60ed7cb4 sandboxid=2b3e9a687fc5a483775b9d5096b8e9135f41bda70698cee2b7c5bd6c60ed7cb4 source=virtcontainers subsystem=sandbox
time="2018-12-28T00:56:29.473260179-08:00" level=error msg="rpc error: code = Internal desc = Could not run process: container_linux.go:348: starting container process caused \"process_linux.go:279: applying cgroup configuration for process caused \\\"failed to write 0-1 to cpuset.cpus: write /sys/fs/cgroup/cpuset/docker/2b3e9a687fc5a483775b9d5096b8e9135f41bda70698cee2b7c5bd6c60ed7cb4/cpuset.cpus: invalid argument\\\"\"" arch=amd64 command=create container=2b3e9a687fc5a483775b9d5096b8e9135f41bda70698cee2b7c5bd6c60ed7cb4 name=kata-runtime pid=2939 source=runtime
time="2018-12-28T00:57:51.874910267-08:00" level=warning msg="fetch sandbox device failed" arch=amd64 command=create container=a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329 error="open /run/vc/sbs/a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329/devices.json: no such file or directory" name=kata-runtime pid=3054 sandbox=a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329 sandboxid=a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329 source=virtcontainers subsystem=sandbox
time="2018-12-28T01:11:25.615742894-08:00" level=error msg="failed to destroy cgroup" arch=amd64 command=delete container=0cf4e7fc872a38850ee344ec75edeaf8b1801179aae505078ce67db0e4a159f6 error="failed to clear cgroup processes" name=kata-runtime pid=3478 sandbox=0cf4e7fc872a38850ee344ec75edeaf8b1801179aae505078ce67db0e4a159f6 source=virtcontainers subsystem=sandbox

Proxy logs

Recent proxy problems found in system journal:

time="2018-12-27T23:34:29.747387242-08:00" level=fatal msg="channel error" error="accept unix /run/vc/sbs/613fd12fbcedddbdd59cf845a459aa7534014dfece850a2cf8f053d50880f002/proxy.sock: use of closed network connection" name=kata-proxy pid=2445 sandbox=613fd12fbcedddbdd59cf845a459aa7534014dfece850a2cf8f053d50880f002 source=proxy
time="2018-12-27T23:51:58.092656073-08:00" level=fatal msg="channel error" error="accept unix /run/vc/sbs/59f6840de5bcdf76121eba8cbd0136e90229201e248de75731c0ea3c2fd78284/proxy.sock: use of closed network connection" name=kata-proxy pid=2662 sandbox=59f6840de5bcdf76121eba8cbd0136e90229201e248de75731c0ea3c2fd78284 source=proxy
time="2018-12-28T00:10:53.094174387-08:00" level=fatal msg="channel error" error="accept unix /run/vc/sbs/2ed628db2f447ac9748a3603f5c0509055a18f0080300a59e85bdf0ea8d84b94/proxy.sock: use of closed network connection" name=kata-proxy pid=11955 sandbox=2ed628db2f447ac9748a3603f5c0509055a18f0080300a59e85bdf0ea8d84b94 source=proxy
time="2018-12-28T00:55:33.085565998-08:00" level=fatal msg="channel error" error="accept unix /run/vc/sbs/a7bd9f7512c6d1b99e67ab9f6da7def85e0cfe92ff519e2ac0f6f9f65541e658/proxy.sock: use of closed network connection" name=kata-proxy pid=2839 sandbox=a7bd9f7512c6d1b99e67ab9f6da7def85e0cfe92ff519e2ac0f6f9f65541e658 source=proxy
time="2018-12-28T00:56:29.413480559-08:00" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/2b3e9a687fc5a483775b9d5096b8e9135f41bda70698cee2b7c5bd6c60ed7cb4/kata.sock: use of closed network connection" name=kata-proxy pid=2977 sandbox=2b3e9a687fc5a483775b9d5096b8e9135f41bda70698cee2b7c5bd6c60ed7cb4 source=proxy
time="2018-12-28T01:11:25.55107924-08:00" level=fatal msg="failed to handle exit signal" error="close unix @->/run/vc/vm/0cf4e7fc872a38850ee344ec75edeaf8b1801179aae505078ce67db0e4a159f6/kata.sock: use of closed network connection" name=kata-proxy pid=2679 sandbox=0cf4e7fc872a38850ee344ec75edeaf8b1801179aae505078ce67db0e4a159f6 source=proxy
time="2018-12-28T01:14:35.036872567-08:00" level=fatal msg="channel error" error="accept unix /run/vc/sbs/a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329/proxy.sock: use of closed network connection" name=kata-proxy pid=3090 sandbox=a3c6c718df1e4f5ec595ea13894d5446ff5c504b0d4b346288926f2bb32dd329 source=proxy

Shim logs

No recent shim problems found in system journal.

Throttler logs

No recent throttler problems found in system journal.

Container manager details

Have docker

Docker

Output of "docker version":

Client:
 Version:           18.09.0
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        4d60db4
 Built:             Wed Nov  7 00:49:01 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.0
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.4
  Git commit:       4d60db4
  Built:            Wed Nov  7 00:16:44 2018
  OS/Arch:          linux/amd64
  Experimental:     false

Output of "docker info":

Containers: 19
 Running: 0
 Paused: 0
 Stopped: 19
Images: 3
Server Version: 18.09.0
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: kata-runtime runc
Default Runtime: kata-runtime
Init Binary: docker-init
containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39
runc version: 45ea48e
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-39-generic
Operating System: Ubuntu 18.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 3
Total Memory: 2.908GiB
Name: ubuntu
ID: QL43:4ZYI:46HP:SP35:ZGYY:GBAW:W54Z:2GQL:S25Y:EWOW:H4EA:JWZ3
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: No swap limit support

Output of "systemctl show docker":

Type=notify
Restart=always
NotifyAccess=main
RestartUSec=2s
TimeoutStartUSec=infinity
TimeoutStopUSec=infinity
RuntimeMaxUSec=infinity
WatchdogUSec=0
WatchdogTimestamp=Fri 2018-12-28 00:43:54 PST
WatchdogTimestampMonotonic=471657593
PermissionsStartOnly=no
RootDirectoryStartOnly=no
RemainAfterExit=no
GuessMainPID=yes
MainPID=2277
ControlPID=0
FileDescriptorStoreMax=0
NFileDescriptorStore=0
StatusErrno=0
Result=success
UID=[not set]
GID=[not set]
NRestarts=0
ExecMainStartTimestamp=Fri 2018-12-28 00:43:53 PST
ExecMainStartTimestampMonotonic=470485717
ExecMainExitTimestampMonotonic=0
ExecMainPID=2277
ExecMainCode=0
ExecMainStatus=0
ExecStart={ path=/usr/bin/dockerd ; argv[]=/usr/bin/dockerd -H unix:// --add-runtime kata-runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime ; ignore_errors=no ; start_time=[Fri 2018-12-28 00:43:53 PST] ; stop_time=[n/a] ; pid=2277 ; code=(null) ; status=0/0 }
ExecReload={ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
Slice=system.slice
ControlGroup=/system.slice/docker.service
MemoryCurrent=[not set]
CPUUsageNSec=[not set]
TasksCurrent=48
IPIngressBytes=18446744073709551615
IPIngressPackets=18446744073709551615
IPEgressBytes=18446744073709551615
IPEgressPackets=18446744073709551615
Delegate=yes
DelegateControllers=cpu cpuacct io blkio memory devices pids
CPUAccounting=no
CPUWeight=[not set]
StartupCPUWeight=[not set]
CPUShares=[not set]
StartupCPUShares=[not set]
CPUQuotaPerSecUSec=infinity
IOAccounting=no
IOWeight=[not set]
StartupIOWeight=[not set]
BlockIOAccounting=no
BlockIOWeight=[not set]
StartupBlockIOWeight=[not set]
MemoryAccounting=no
MemoryLow=0
MemoryHigh=infinity
MemoryMax=infinity
MemorySwapMax=infinity
MemoryLimit=infinity
DevicePolicy=auto
TasksAccounting=yes
TasksMax=infinity
IPAccounting=no
UMask=0022
LimitCPU=infinity
LimitCPUSoft=infinity
LimitFSIZE=infinity
LimitFSIZESoft=infinity
LimitDATA=infinity
LimitDATASoft=infinity
LimitSTACK=infinity
LimitSTACKSoft=8388608
LimitCORE=infinity
LimitCORESoft=infinity
LimitRSS=infinity
LimitRSSSoft=infinity
LimitNOFILE=infinity
LimitNOFILESoft=infinity
LimitAS=infinity
LimitASSoft=infinity
LimitNPROC=infinity
LimitNPROCSoft=infinity
LimitMEMLOCK=16777216
LimitMEMLOCKSoft=16777216
LimitLOCKS=infinity
LimitLOCKSSoft=infinity
LimitSIGPENDING=11667
LimitSIGPENDINGSoft=11667
LimitMSGQUEUE=819200
LimitMSGQUEUESoft=819200
LimitNICE=0
LimitNICESoft=0
LimitRTPRIO=0
LimitRTPRIOSoft=0
LimitRTTIME=infinity
LimitRTTIMESoft=infinity
OOMScoreAdjust=0
Nice=0
IOSchedulingClass=0
IOSchedulingPriority=0
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
TimerSlackNSec=50000
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardInputData=
StandardOutput=journal
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SyslogLevel=6
SyslogFacility=3
LogLevelMax=-1
SecureBits=0
CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend
AmbientCapabilities=
DynamicUser=no
RemoveIPC=no
MountFlags=
PrivateTmp=no
PrivateDevices=no
ProtectKernelTunables=no
ProtectKernelModules=no
ProtectControlGroups=no
PrivateNetwork=no
PrivateUsers=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=no
UtmpMode=init
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=0
LockPersonality=no
RuntimeDirectoryPreserve=no
RuntimeDirectoryMode=0755
StateDirectoryMode=0755
CacheDirectoryMode=0755
LogsDirectoryMode=0755
ConfigurationDirectoryMode=0755
MemoryDenyWriteExecute=no
RestrictRealtime=no
RestrictNamespaces=no
MountAPIVFS=no
KeyringMode=private
KillMode=process
KillSignal=15
SendSIGKILL=yes
SendSIGHUP=no
Id=docker.service
Names=docker.service
Requires=system.slice sysinit.target
Wants=network-online.target
BindsTo=containerd.service
WantedBy=multi-user.target
Conflicts=shutdown.target
Before=shutdown.target multi-user.target
After=sysinit.target systemd-journald.socket network-online.target basic.target system.slice firewalld.service
Documentation=https://docs.docker.com
Description=Docker Application Container Engine
LoadState=loaded
ActiveState=active
SubState=running
FragmentPath=/lib/systemd/system/docker.service
UnitFileState=enabled
UnitFilePreset=enabled
StateChangeTimestamp=Fri 2018-12-28 00:43:54 PST
StateChangeTimestampMonotonic=471657595
InactiveExitTimestamp=Fri 2018-12-28 00:43:53 PST
InactiveExitTimestampMonotonic=470485769
ActiveEnterTimestamp=Fri 2018-12-28 00:43:54 PST
ActiveEnterTimestampMonotonic=471657595
ActiveExitTimestamp=Fri 2018-12-28 00:43:53 PST
ActiveExitTimestampMonotonic=470459075
InactiveEnterTimestamp=Fri 2018-12-28 00:43:53 PST
InactiveEnterTimestampMonotonic=470484098
CanStart=yes
CanStop=yes
CanReload=yes
CanIsolate=no
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
OnFailureJobMode=replace
IgnoreOnIsolate=no
NeedDaemonReload=no
JobTimeoutUSec=infinity
JobRunningTimeoutUSec=infinity
JobTimeoutAction=none
ConditionResult=yes
AssertResult=yes
ConditionTimestamp=Fri 2018-12-28 00:43:53 PST
ConditionTimestampMonotonic=470484730
AssertTimestamp=Fri 2018-12-28 00:43:53 PST
AssertTimestampMonotonic=470484730
Transient=no
Perpetual=no
StartLimitIntervalUSec=1min
StartLimitBurst=3
StartLimitAction=none
FailureAction=none
SuccessAction=none
InvocationID=df847262eecc4ba488191c756a34882f
CollectMode=inactive

Have kubectl

Kubernetes

Output of "kubectl version":

Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.1", GitCommit:"eec55b9ba98609a46fee712359c7b5b365bdd920", GitTreeState:"clean", BuildDate:"2018-12-13T10:39:04Z", GoVersion:"go1.11.2", Compiler:"gc", Platform:"linux/amd64"}
The connection to the server localhost:8080 was refused - did you specify the right host or port?

Output of "kubectl config view":

apiVersion: v1
clusters: []
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []

Output of "systemctl show kubelet":

Restart=no
NotifyAccess=none
RestartUSec=100ms
TimeoutStartUSec=1min 30s
TimeoutStopUSec=1min 30s
RuntimeMaxUSec=infinity
WatchdogUSec=0
WatchdogTimestampMonotonic=0
PermissionsStartOnly=no
RootDirectoryStartOnly=no
RemainAfterExit=no
GuessMainPID=yes
MainPID=0
ControlPID=0
FileDescriptorStoreMax=0
NFileDescriptorStore=0
StatusErrno=0
Result=success
UID=[not set]
GID=[not set]
NRestarts=0
ExecMainStartTimestampMonotonic=0
ExecMainExitTimestampMonotonic=0
ExecMainPID=0
ExecMainCode=0
ExecMainStatus=0
MemoryCurrent=[not set]
CPUUsageNSec=[not set]
TasksCurrent=[not set]
IPIngressBytes=18446744073709551615
IPIngressPackets=18446744073709551615
IPEgressBytes=18446744073709551615
IPEgressPackets=18446744073709551615
Delegate=no
CPUAccounting=no
CPUWeight=[not set]
StartupCPUWeight=[not set]
CPUShares=[not set]
StartupCPUShares=[not set]
CPUQuotaPerSecUSec=infinity
IOAccounting=no
IOWeight=[not set]
StartupIOWeight=[not set]
BlockIOAccounting=no
BlockIOWeight=[not set]
StartupBlockIOWeight=[not set]
MemoryAccounting=no
MemoryLow=0
MemoryHigh=infinity
MemoryMax=infinity
MemorySwapMax=infinity
MemoryLimit=infinity
DevicePolicy=auto
TasksAccounting=yes
TasksMax=3500
IPAccounting=no
UMask=0022
LimitCPU=infinity
LimitCPUSoft=infinity
LimitFSIZE=infinity
LimitFSIZESoft=infinity
LimitDATA=infinity
LimitDATASoft=infinity
LimitSTACK=infinity
LimitSTACKSoft=8388608
LimitCORE=infinity
LimitCORESoft=0
LimitRSS=infinity
LimitRSSSoft=infinity
LimitNOFILE=1048576
LimitNOFILESoft=1048576
LimitAS=infinity
LimitASSoft=infinity
LimitNPROC=11667
LimitNPROCSoft=11667
LimitMEMLOCK=16777216
LimitMEMLOCKSoft=16777216
LimitLOCKS=infinity
LimitLOCKSSoft=infinity
LimitSIGPENDING=11667
LimitSIGPENDINGSoft=11667
LimitMSGQUEUE=819200
LimitMSGQUEUESoft=819200
LimitNICE=0
LimitNICESoft=0
LimitRTPRIO=0
LimitRTPRIOSoft=0
LimitRTTIME=infinity
LimitRTTIMESoft=infinity
OOMScoreAdjust=0
Nice=0
IOSchedulingClass=0
IOSchedulingPriority=0
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
TimerSlackNSec=50000
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardInputData=
StandardOutput=inherit
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SyslogLevel=6
SyslogFacility=3
LogLevelMax=-1
SecureBits=0
CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend
AmbientCapabilities=
DynamicUser=no
RemoveIPC=no
MountFlags=
PrivateTmp=no
PrivateDevices=no
ProtectKernelTunables=no
ProtectKernelModules=no
ProtectControlGroups=no
PrivateNetwork=no
PrivateUsers=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=no
UtmpMode=init
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=0
LockPersonality=no
RuntimeDirectoryPreserve=no
RuntimeDirectoryMode=0755
StateDirectoryMode=0755
CacheDirectoryMode=0755
LogsDirectoryMode=0755
ConfigurationDirectoryMode=0755
MemoryDenyWriteExecute=no
RestrictRealtime=no
RestrictNamespaces=no
MountAPIVFS=no
KeyringMode=private
KillMode=control-group
KillSignal=15
SendSIGKILL=yes
SendSIGHUP=no
Id=kubelet.service
Names=kubelet.service
Description=kubelet.service
LoadState=not-found
ActiveState=inactive
SubState=dead
StateChangeTimestampMonotonic=0
InactiveExitTimestampMonotonic=0
ActiveEnterTimestampMonotonic=0
ActiveExitTimestampMonotonic=0
InactiveEnterTimestampMonotonic=0
CanStart=no
CanStop=yes
CanReload=no
CanIsolate=no
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
OnFailureJobMode=replace
IgnoreOnIsolate=no
NeedDaemonReload=no
JobTimeoutUSec=infinity
JobRunningTimeoutUSec=infinity
JobTimeoutAction=none
ConditionResult=no
AssertResult=no
ConditionTimestampMonotonic=0
AssertTimestampMonotonic=0
LoadError=org.freedesktop.DBus.Error.FileNotFound "No such file or directory"
Transient=no
Perpetual=no
StartLimitIntervalUSec=10s
StartLimitBurst=5
StartLimitAction=none
FailureAction=none
SuccessAction=none
CollectMode=inactive

No crio

Packages

Have dpkg
Output of "dpkg -l|egrep "(cc-oci-runtimecc-runtimerunv|kata-proxy|kata-runtime|kata-shim|kata-ksm-throttler|kata-containers-image|linux-container|qemu-)"":

ii  kata-containers-image                      1.4.1-4                                      amd64        Kata containers image
ii  kata-ksm-throttler                         1.4.1.git+83ecff0-4                          amd64
ii  kata-linux-container                       4.14.67.19-4                                 amd64        linux kernel optimised for container-like workloads.
ii  kata-proxy                                 1.4.1+git.6553b83-4                          amd64
ii  kata-runtime                               1.4.1+git.45ea48e-4                          amd64
ii  kata-shim                                  1.4.1+git.6346110-4                          amd64
ii  qemu-lite                                  2.11.0+git.87517afd72-4                      amd64        linux kernel optimised for container-like workloads.
ii  qemu-vanilla                               2.11.2+git.0982a56a55-4                      amd64        linux kernel optimised for container-like workloads.

No rpm
This was referenced Dec 28, 2018
Closed
Closed
@peter-wangxu
Copy link
Author

peter-wangxu commented Dec 28, 2018
edited
Loading

similar failure on cpuset-cpus parameters

$ docker run -d  --cpuset-cpus="0-1"  ubuntu sleep 30000
347be183369a3a73d0a1be40dc64a418401f219e8aa1f34a6a9efd58c0b4e331
docker: Error response from daemon: OCI runtime create failed: rpc error: code = Internal desc = Could not run process: container_linux.go:348: starting container process caused "process_linux.go:279: applying cgroup configuration for process caused \"failed to write 0-1 to cpuset.cpus: write /sys/fs/cgroup/cpuset/docker/347be183369a3a73d0a1be40dc64a418401f219e8aa1f34a6a9efd58c0b4e331/cpuset.cpus: invalid argument\"": unknown.

while no error with runc:

# docker run -d  --cpuset-cpus="0-1"  --runtime runc  ubuntu sleep 30000
7852efd248e08125a91b703db545913785d257db00d1a560717e85cb8dba0fac

@peter-wangxu peter-wangxu changed the title kata not supporting cpuset via cri? kata not supporting cpuset/cpus via cri? Dec 28, 2018
@egernst
Copy link
Member

egernst commented Dec 28, 2018
edited
Loading

Thanks for the issue, @peter-wangxu

To clarify, your original comment / issue description just suggestes --cpus 2 -- this should work with Kata today. Your comment does make use of --cpuset-cpus, though, which is not supported today.
We have an issue open currently around CPU affinity, though this was testing in particular from a cpu-manager perspective -- see #878

I believe this covers the same issue. WDYT? I'm hoping to get this feature added once more of us are back from holidays.

@egernst
Copy link
Member

egernst commented Dec 28, 2018

@jcvenegas - FYI.

@egernst egernst added limitation Issue cannot be resolved feature New functionality labels Dec 28, 2018
@peter-wangxu
Copy link
Author

hi @egernst, thanks for point out my flaw in the original issue.

What I expected is the --cpus 2 was reflected by the cgroup cpu.cfs_period_us and cpu.cfs_quota_us

  • docker runc behavior:
 sudo docker run --name cpus_runc --runtime runc -d --cpus 2 ubuntu:latest sleep 1000

peter@ubuntu:/sys/fs/cgroup/cpu/docker/1824e5251ce38ac1efbdaf78845e405319fcf7b505fca881ade888b1fe2c47bd$ cat cpu.cfs_period_us
100000
peter@ubuntu:/sys/fs/cgroup/cpu/docker/1824e5251ce38ac1efbdaf78845e405319fcf7b505fca881ade888b1fe2c47bd$ cat cpu.cfs_quota_us
200000
  • docker with kata behavior
$ sudo docker run --name cpus_kata --runtime kata-runtime -d --cpus 2 ubuntu:latest sleep 1000
5ef1ae1bc8a062d765fea2a1f034144e3968df06f4b5b5882ebcad16b575b05c
peter@ubuntu:/sys/fs/cgroup/cpu/kata/5ef1ae1bc8a062d765fea2a1f034144e3968df06f4b5b5882ebcad16b575b05c$ cat cpu.cfs_period_us
100000
peter@ubuntu:/sys/fs/cgroup/cpu/kata/5ef1ae1bc8a062d765fea2a1f034144e3968df06f4b5b5882ebcad16b575b05c$ cat cpu.cfs_quota_us
-1

My doubt is how kata throttles the qemu-based container? Did I miss something here?

@zhiminghufighting
Copy link

@egernst, i have the same question for this cpus resources seeting.

@devimc
Copy link

devimc commented Jan 11, 2019

@peter-wangxu @zhiminghufighting

My doubt is how kata throttles the qemu-based container? Did I miss something here?

a POD is a group of containers sharing something (network, etc), when kata is the runtime, those containers run inside a virtual machine (qemu), cgroups and namespaces are applied in the guest not in the host, it's no possible for a process (like qemu) be part of two or more cgroups at the same time. For example if the cpu constrain for container A is 2 and 3 for the container B, what should be the cpu constrain for qemu 2, 3 or 5? also this number must be updated when a container is created or finished.

@devimc
Copy link

devimc commented Feb 19, 2019

this issue is fixed in #1189

@devimc devimc self-assigned this Feb 19, 2019
@devimc
Copy link

devimc commented Feb 20, 2019

fixed #1189

@devimc devimc closed this as completed Feb 20, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@devimc devimc

Labels
feature New functionality limitation Issue cannot be resolved
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@peter-wangxu @devimc @egernst @zhiminghufighting