Bug 1990469
Summary: | docker rhel9 vm not resolving with "getaddrinfo() thread failed to start" | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | michal novacek <mnovacek> |
Component: | docker | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED WONTFIX | QA Contact: | Alex Jia <ajia> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.6 | CC: | ajia, amurdaca, jnovy, lsm5, pasik, redhat.com, smccarty, tsweeney, walters, ypu |
Target Milestone: | rc | Keywords: | Extras |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-12-07 12:28:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
michal novacek
2021-08-05 13:17:51 UTC
The same behaviour can be observed on physical hardware with all packages upgraded to latest Z-stream. Package versions: kernel-3.10.0-957.61.1.el7.x86_64 docker-1.13.1-102.git7f2769b.el7.x86_64 Running ubi8 image instead of ubi9 the container can resolve correctly. This is just the latest iteration of seccomp rules vs glibc, see e.g. https://bugzilla.redhat.com/show_bug.cgi?id=1900021 and https://bugzilla.redhat.com/show_bug.cgi?id=1985499 We need to remind our customers of this matrix https://access.redhat.com/support/policy/rhel-container-compatibility (which should be extended to include RHEL9) and that the general rule is that you can run RHEL N on a RHEL N+1 kernel, but not RHEL N+1 on RHEL N kernel. And in this case, 7 is much less than 9. Basically if you want to run RHEL9 or modern userspace in a container, keep your host up to date. It's certainly be really helpful for glibc if we backported the "return ENOSYS instead of EPERM" bits to our docker/podman as far back as is reasonable though. But OTOH it's exactly the kind of churn that also incurs some risk in the RHEL7 lifecycle now. (In reply to Colin Walters from comment #5) > This is just the latest iteration of seccomp rules vs glibc, see e.g. > https://bugzilla.redhat.com/show_bug.cgi?id=1900021 and > https://bugzilla.redhat.com/show_bug.cgi?id=1985499 > > We need to remind our customers of this matrix > https://access.redhat.com/support/policy/rhel-container-compatibility (which > should be extended to include RHEL9) and that the general rule is that you > can run RHEL N on a RHEL N+1 kernel, but not RHEL N+1 on RHEL N kernel. And > in this case, 7 is much less than 9. > > Basically if you want to run RHEL9 or modern userspace in a container, keep > your host up to date. I understand that having rhel7.6 as a host is way behind so what would be recommended solution to run rhel9 containers? We cannot really run rhel9 for production purposes so my expectation would be that rhel8 should be able to run rhel9 containers. Is it? Michal, Yes, you can run rhel9 containers on a rhel8 host. There has been some early testing for that. Just a note, you would be running using Podman instead of Docker. I ran into this issue on Ubuntu 20.04 when trying to run a Fedora rawhide image. The work around was to use: --security-opt seccomp=unconfined on the docker command line. I am also trying to run the image with a Gitlab runner but the OS is Ubuntu 20.04. John, could you highlight which way is which, do you mean you are running an Ubuntu container image on a Fedora rawhide host, or vice versa? (In reply to Scott McCarty from comment #10) > John, could you highlight which way is which, do you mean you are running an > Ubuntu container image on a Fedora rawhide host, or vice versa? Ubuntu 20.04 host and running Fedora as the container. From my understanding this is because of change in Fedora on the version of glibc. All, did this ever get resolved? All, I'm closing this issue as running a RHEL9 container image on a RHEL7 host is not supported per: https://access.redhat.com/support/policy/rhel-container-compatibility |