+++ This bug was initially created as a clone of Bug #1572869 +++ Description of problem: In openshift product we should avoid use k8s pause image as default infra image in /etc/crio/crio.conf Version-Release number of selected component (if applicable): cri-o-1.10.0-1.beta.1.gitc956614.el7.x86_64 openshift v3.10.0-0.30.0 How reproducible: Always Steps to Reproduce: 1.Check the pause image [root@host-172-16-120-149 ~]# grep "pause" /etc/crio/crio.conf # pause_image is the image which we use to instantiate infra containers. pause_image = "kubernetes/pause" # pause_command is the command to run in a pause_image to have a container just pause_command = "/pause" 2. 3. Actual results: Expected results: Additional info:
Clone the bug for 3.9
one question about crio. if both set 'pod-infra-container-image' in kubelet and 'pause_image' in crio.conf, which will take effect?
the crio.conf configuration takes effect.
Is this really a containers bug or an installer issue?
Whichever component we'd like to have it assigned to does not matter to me but I feel that those who know how to properly configure CRI-O should be responsible for ensuring that it's so.
https://github.com/openshift/openshift-ansible/pull/8262
Fix has been merged upstream. DeShuai can you please try it out.
Failed to start cri-o service. [root@ip-172-18-1-139 ~]# grep "pause" /etc/crio/crio.conf # pause_image is the image which we use to instantiate infra containers. pause_image = registry.reg-aws.openshift.com:443/openshift3/ose-pod:3.9 # pause_command is the command to run in a pause_image to have a container just pause_command = "/usr/bin/pod" pause_image should sting with quotation. //ansible job failed. TASK [container_runtime : Start the CRI-O service] ***************************** Thursday 10 May 2018 23:39:03 -0400 (0:00:00.068) 0:03:22.516 ********** fatal: [ec2-54-83-189-202.compute-1.amazonaws.com]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to start service cri-o: Job for cri-o.service failed because the control process exited with error code. See \"systemctl status cri-o.service\" and \"journalctl -xe\" for details.\n"} fatal: [ec2-34-203-233-41.compute-1.amazonaws.com]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to start service cri-o: Job for cri-o.service failed because the control process exited with error code. See \"systemctl status cri-o.service\" and \"journalctl -xe\" for details.\n"} //crio log [root@ip-172-18-1-139 ~]# journalctl -u cri-o.service -- Logs begin at Thu 2018-05-10 23:33:53 EDT, end at Fri 2018-05-11 01:14:27 EDT. -- May 10 23:41:12 ip-172-18-1-139.ec2.internal systemd[1]: Starting crio daemon... May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: NAME: May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: crio - crio server May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: USAGE: May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: crio [global options] command [command options] [arguments...] May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: VERSION: May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: 1.9.12 May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: COMMANDS: May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: config generate crio configuration files May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: help, h Shows a list of commands or help for one command May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: GLOBAL OPTIONS: May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --apparmor-profile value default apparmor profile name (default: "crio-default") May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --cgroup-manager value cgroup manager (cgroupfs or systemd) May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --cni-config-dir value CNI configuration files directory May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --cni-plugin-dir value CNI plugin binaries directory May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --config value path to configuration file (default: "/etc/crio/crio.conf") May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --conmon value path to the conmon executable May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --default-transport value default transport May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --enable-metrics enable metrics endpoint for the servier on localhost:9090 May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --enable-shared-pid-namespace enable using a shared PID namespace for containers in a pod May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --file-locking enable or disable file-based locking May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --image-volumes value image volume handling ('mkdir', 'bind', or 'ignore') (default: "mkdir") May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --insecure-registry value whether to disable TLS verification for the given registry May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --listen value path to crio socket May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --log value set the log file path where internal debug information is written May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --log-format value set the format used by logs ('text' (default), or 'json') (default: "text") May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --log-level value log messages above specified level: debug, info (default), warn, error, fatal or panic May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --log-size-max value maximum log size in bytes for a container (default: -1) May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --metrics-port value port for the metrics endpoint (default: 9090) May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --pause-command value name of the pause command in the pause image May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --pause-image value name of the pause image May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --pids-limit value maximum number of processes allowed in a container (default: 1024) May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --profile enable pprof remote profiler on localhost:6060 May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --profile-port value port for the pprof profiler (default: 6060) May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --registry value registry to be prepended when pulling unqualified images, can be specified multiple times May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --root value crio root dir May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --runroot value crio state dir May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --runtime value OCI runtime path May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --seccomp-profile value default seccomp profile path May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --selinux enable selinux support May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --signature-policy value path to signature policy file May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --storage-driver value storage driver May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --storage-opt value storage driver option May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --stream-address value bind address for streaming socket May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --stream-port value bind port for streaming socket (default: "10010") May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --help, -h show help May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: --version, -v print the version May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5078]: time="2018-05-10T23:41:12-04:00" level=fatal msg="Near line 125 (last key parsed 'crio.image.pause_image'): Expected value but found 'r' instead." May 10 23:41:12 ip-172-18-1-139.ec2.internal systemd[1]: cri-o.service: main process exited, code=exited, status=1/FAILURE May 10 23:41:12 ip-172-18-1-139.ec2.internal runc[5101]: container "cri-o" does not exist May 10 23:41:12 ip-172-18-1-139.ec2.internal systemd[1]: cri-o.service: control process exited, code=exited status=1 May 10 23:41:12 ip-172-18-1-139.ec2.internal systemd[1]: Failed to start crio daemon. May 10 23:41:12 ip-172-18-1-139.ec2.internal systemd[1]: Unit cri-o.service entered failed state.
DeShuai the issue has been fixed in https://github.com/openshift/openshift-ansible/pull/8337. Please re-test.
My bad, I meant fix for 3.9 branch is in https://github.com/openshift/openshift-ansible/pull/8338
Verify on penshift-ansible-3.9.30-1
*** Bug 1592017 has been marked as a duplicate of this bug. ***