Bug 1678546
Summary: | Podman fails to create containers on RHEL 8 if CGroups V2 is enabled. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Ishan Kulkarni <ikulkarn> |
Component: | podman | Assignee: | Jindrich Novy <jnovy> |
Status: | CLOSED ERRATA | QA Contact: | Alex Jia <ajia> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.0 | CC: | ajia, bbreard, carl, dornelas, dwalsh, fsayyed, gscrivan, imcleod, jligon, jnovy, kanderso, lsm5, mheon, mrichter, oli.wade, santiago, smccarty, tsweeney, ypu |
Target Milestone: | rc | ||
Target Release: | 8.3 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | podman-2.0.5 or newer | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-02-16 14:21:45 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1844322 | ||
Bug Blocks: | 1186913, 1823908 |
Description
Ishan Kulkarni
2019-02-19 04:12:57 UTC
This is a known issue. Can we make this public? No reason that I see to hide it. Containers tools/specifically runc do not support CGroupsV2 yet. There is a large effort to add support going on right now, but there will need to be backported changes to the kernel, runc, podman and conmon to make it work. This will not happen that quickly. I would guess RHEL8.2 we might get support. We have opened a Change Request for Fedora 31 to move to CGroupsV2 by default to try to spur on the effort. https://fedoraproject.org/wiki/Changes/CGroupsV2 (In reply to Daniel Walsh from comment #1) > This is a known issue. Can we make this public? No reason that I see to > hide it. Sure, I have made the BZ public. Thanks now, people looking for this bugzilla will be able to find it. Had meeting on this, this week and pretty good progress is being made. Giueseppe, this should be fixed in podman-1.5, correct? As long as crun is part of RHEL8.1? Do you know if it has been added as a package? Not fully, there are still changes going on to support cgroups v2. I am not sure about the status of the crun package. Lokesh, do we have it now? moving to 8.3 Dan and Giuseppe I think crun is set for RHEL 8.3, is there anything further than Jindrich needs to do? Or am I off base and we need to push this to 8.4? If Jindrich can confirm that crun is in, then we are all set. I don't see crun imported yet. Giuseppe is working on it. Let me know if you need any help with this one. [root@kvm-08-guest29 ~]# rpm -q podman kernel podman-2.0.5-4.module+el8.3.0+8152+c5c3262e.x86_64 kernel-4.18.0-239.el8.x86_64 [root@kvm-08-guest29 ~]# cat /proc/cmdline BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-239.el8.x86_64 root=/dev/mapper/rhel_kvm--08--guest29-root ro crashkernel=auto resume=/dev/mapper/rhel_kvm--08--guest29-swap rd.lvm.lv=rhel_kvm-08-guest29/root rd.lvm.lv=rhel_kvm-08-guest29/swap console=ttyS0,115200 systemd.unified_cgroup_hierarchy=1 [root@kvm-08-guest29 ~]# findmnt -R /sys/fs/cgroup TARGET SOURCE FSTYPE OPTIONS /sys/fs/cgroup cgroup2 cgroup2 rw,nosuid,nodev,noexec,relatime,seclabel,nsdelegate [root@kvm-08-guest29 ~]# podman info | grep -i -A2 runtime ociRuntime: name: crun package: crun-0.14.1-2.module+el8.3.0+8152+c5c3262e.x86_64 [root@kvm-08-guest29 ~]# podman run --runtime=`which crun` registry.redhat.io/rhel8-beta/rhel ls Trying to pull registry.redhat.io/rhel8-beta/rhel... Getting image source signatures Copying blob 386105ae8b62 done Copying blob 619051b1fc41 done Writing manifest to image destination Storing signatures bin boot dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var Was there any change to the podman code needed here, or is this really just about getting crun in? Derrick, I'll let Matt or Jindrick correct me if I'm off base, but this is a crun only update at this point. The changes necessary for Podman to run with crun were put into place in earlier versions of Podman. Also worked on the following components w/ CgroupV2 enabled. [root@ibm-x3650m4-01-vm-15 ~]# rpm -q runc crun podman kernel runc-1.0.0-68.rc92.module+el8.3.1+8686+2a59bca3.x86_64 crun-0.15.1-1.module+el8.3.1+8686+2a59bca3.x86_64 podman-2.1.1-3.module+el8.3.1+8686+2a59bca3.x86_64 kernel-4.18.0-240.3.1.el8_3.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:0531 |