1860176 – OCI Runtime kata-runtime is in use by a container, but is not available

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1860176 - OCI Runtime kata-runtime is in use by a container, but is not available

Summary: OCI Runtime kata-runtime is in use by a container, but is not available

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	podman
Sub Component:
Version:	8.4
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	8.0
Assignee:	Jindrich Novy
QA Contact:	Joy Pu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-07-23 21:35 UTC by Qian Cai
Modified:	2021-05-18 15:33 UTC (History)
CC List:	8 users (show)
Fixed In Version:	podman-3.0.0-0.19.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-05-18 15:32:55 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Qian Cai 2020-07-23 21:35:38 UTC

Description of problem:
Running a kata container in one terminal, and then,

# podman ps
ERRO[0000] OCI Runtime kata-runtime is in use by a container, but is not available (not in configuration file or not installed) 
CONTAINER ID  IMAGE                                   COMMAND  CREATED        STATUS            PORTS   NAMES
7badedb40528  registry.access.redhat.com/ubi8:latest  bash     7 minutes ago  Up 7 minutes ago          crazy_hellman

Version-Release number of selected component (if applicable):
podman-2.0.0-0.9.rc7.module+el8.3.0+7084+c16098dd.x86_64
kata-runtime-1.11.0-0.3.rc0.el8.x86_64

How reproducible:
always

Steps to Reproduce:
1. git clone https://gitlab.cee.redhat.com/qcai/kata
2. cd kata; ./test.sh
3. yum -y install /var/cache/dnf/AdvancedVirt-Nightly-*/*
4. ./test.sh
5. podman ps (from another terminal)

Comment 1 Matthew Heon 2020-07-23 22:30:49 UTC

Can you provide a `podman inspect` for the container created by the test script? Also, your `/etc/containers/containers.conf` or `/etc/containers/libpod.conf` would be helpful (if they exist)

Podman should be popping up that message if `podman ps` cannot find the kata-runtime binary. It looks like it's specified as `--runtime=/usr/bin/kata-runtime` in the test script (absolute path, not name). I suspect it's not in the configuration files, either.

I think we expect this error if a runtime is manually specified by path, and not included in the configuration files (subsequent Podman invocations won't be able to find the runtime unless it's handed to them via `--runtime=/usr/bin/kata-runtime`). This is probably not a necessary error, though. We can have Podman search $PATH for the given runtime and instantiate it if we try and access a container using it. Question would be if this is confusing behavior to the user, as we just pulled a runtime they did not explicitly specify via configuration or command line into their Podman command.

Comment 2 Qian Cai 2020-07-23 23:25:45 UTC

# podman inspect 7badedb40528
ERRO[0000] OCI Runtime kata-runtime is in use by a container, but is not available (not in configuration file or not installed) 
[
    {
        "Id": "7badedb40528d6d8ca75f962148a82b9dd052d22ac525ed7b724d898d2aef58f",
        "Created": "2020-07-23T17:18:40.107825641-04:00",
        "Path": "bash",
        "Args": [
            "bash"
        ],
        "State": {
            "OciVersion": "1.0.2-dev",
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 85385,
            "ConmonPid": 85187,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2020-07-23T17:18:57.601869553-04:00",
            "FinishedAt": "0001-01-01T00:00:00Z",
            "Healthcheck": {
                "Status": "",
                "FailingStreak": 0,
                "Log": null
            }
        },
        "Image": "a1f8c969978652a6d1b2dfb265ae0c6c346da69000160cd3ecd5f619e26fa9f3",
        "ImageName": "registry.access.redhat.com/ubi8:latest",
        "Rootfs": "",
        "Pod": "",
        "ResolvConfPath": "/var/run/containers/storage/overlay-containers/7badedb40528d6d8ca75f962148a82b9dd052d22ac525ed7b724d898d2aef58f/userdata/resolv.conf",
        "HostnamePath": "/var/run/containers/storage/overlay-containers/7badedb40528d6d8ca75f962148a82b9dd052d22ac525ed7b724d898d2aef58f/userdata/hostname",
        "HostsPath": "/var/run/containers/storage/overlay-containers/7badedb40528d6d8ca75f962148a82b9dd052d22ac525ed7b724d898d2aef58f/userdata/hosts",
        "StaticDir": "/var/lib/containers/storage/overlay-containers/7badedb40528d6d8ca75f962148a82b9dd052d22ac525ed7b724d898d2aef58f/userdata",
        "OCIConfigPath": "/var/lib/containers/storage/overlay-containers/7badedb40528d6d8ca75f962148a82b9dd052d22ac525ed7b724d898d2aef58f/userdata/config.json",
        "OCIRuntime": "kata-runtime",
        "LogPath": "/var/lib/containers/storage/overlay-containers/7badedb40528d6d8ca75f962148a82b9dd052d22ac525ed7b724d898d2aef58f/userdata/ctr.log",
        "LogTag": "",
        "ConmonPidFile": "/var/run/containers/storage/overlay-containers/7badedb40528d6d8ca75f962148a82b9dd052d22ac525ed7b724d898d2aef58f/userdata/conmon.pid",
        "Name": "crazy_hellman",
        "RestartCount": 0,
        "Driver": "overlay",
        "MountLabel": "system_u:object_r:container_file_t:s0:c103,c1003",
        "ProcessLabel": "system_u:system_r:container_kvm_t:s0:c103,c1003",
        "AppArmorProfile": "",
        "EffectiveCaps": [
            "CAP_AUDIT_WRITE",
            "CAP_CHOWN",
            "CAP_DAC_OVERRIDE",
            "CAP_FOWNER",
            "CAP_FSETID",
            "CAP_KILL",
            "CAP_MKNOD",
            "CAP_NET_BIND_SERVICE",
            "CAP_NET_RAW",
            "CAP_SETFCAP",
            "CAP_SETGID",
            "CAP_SETPCAP",
            "CAP_SETUID",
            "CAP_SYS_CHROOT"
        ],
        "BoundingCaps": [
            "CAP_AUDIT_WRITE",
            "CAP_CHOWN",
            "CAP_DAC_OVERRIDE",
            "CAP_FOWNER",
            "CAP_FSETID",
            "CAP_KILL",
            "CAP_MKNOD",
            "CAP_NET_BIND_SERVICE",
            "CAP_NET_RAW",
            "CAP_SETFCAP",
            "CAP_SETGID",
            "CAP_SETPCAP",
            "CAP_SETUID",
            "CAP_SYS_CHROOT"
        ],
        "ExecIDs": [],
        "GraphDriver": {
            "Name": "overlay",
            "Data": {
                "LowerDir": "/var/lib/containers/storage/overlay/1da86dd5dbd9e4d52991b5846320796527b223a8bc5c770caa644281a94fd828/diff:/var/lib/containers/storage/overlay/226bfaae015f1d5712cfced3b5b628206618eaacf72f4a44d0e4084071996319/diff",
                "MergedDir": "/var/lib/containers/storage/overlay/21df3bb6a8cf806694d8fb0ecfa991a342e9d8f2dfe1943559602dc441301fb2/merged",
                "UpperDir": "/var/lib/containers/storage/overlay/21df3bb6a8cf806694d8fb0ecfa991a342e9d8f2dfe1943559602dc441301fb2/diff",
                "WorkDir": "/var/lib/containers/storage/overlay/21df3bb6a8cf806694d8fb0ecfa991a342e9d8f2dfe1943559602dc441301fb2/work"
            }
        },
        "Mounts": [
            {
                "Type": "bind",
                "Name": "",
                "Source": "/usr/bin/trinity",
                "Destination": "/usr/bin/trinity",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/dev/kmsg",
                "Destination": "/dev/kmsg",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "nosuid",
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Name": "",
                "Source": "/opt/ltp",
                "Destination": "/opt/ltp",
                "Driver": "",
                "Mode": "",
                "Options": [
                    "rbind"
                ],
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Dependencies": [],
        "NetworkSettings": {
            "EndpointID": "",
            "Gateway": "10.88.0.1",
            "IPAddress": "10.88.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "MacAddress": "2a:45:2c:58:2d:8a",
            "Bridge": "",
            "SandboxID": "",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": [],
            "SandboxKey": "/var/run/netns/cni-3baa67e3-1201-58e5-e41d-fb7d78ff5ed6"
        },
        "ExitCommand": [
            "/usr/bin/podman",
            "--root",
            "/var/lib/containers/storage",
            "--runroot",
            "/var/run/containers/storage",
            "--log-level",
            "error",
            "--cgroup-manager",
            "systemd",
            "--tmpdir",
            "/var/run/libpod",
            "--runtime",
            "/usr/bin/kata-runtime",
            "--storage-driver",
            "overlay",
            "--storage-opt",
            "overlay.mountopt=nodev,metacopy=on",
            "--events-backend",
            "file",
            "container",
            "cleanup",
            "7badedb40528d6d8ca75f962148a82b9dd052d22ac525ed7b724d898d2aef58f"
        ],
        "Namespace": "",
        "IsInfra": false,
        "Config": {
            "Hostname": "7badedb40528",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": true,
            "OpenStdin": true,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "TERM=xterm",
                "container=podman",
                "HOSTNAME=7badedb40528",
                "HOME=/root"
            ],
            "Cmd": [
                "bash"
            ],
            "Image": "registry.access.redhat.com/ubi8:latest",
            "Volumes": null,
            "WorkingDir": "/",
            "Entrypoint": "",
            "OnBuild": null,
            "Labels": {
                "architecture": "x86_64",
                "build-date": "2020-07-22T12:11:33.547097",
                "com.redhat.build-host": "cpt-1007.osbs.prod.upshift.rdu2.redhat.com",
                "com.redhat.component": "ubi8-container",
                "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
                "description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
                "distribution-scope": "public",
                "io.k8s.description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
                "io.k8s.display-name": "Red Hat Universal Base Image 8",
                "io.openshift.expose-services": "",
                "io.openshift.tags": "base rhel8",
                "maintainer": "Red Hat, Inc.",
                "name": "ubi8",
                "release": "343",
                "summary": "Provides the latest release of Red Hat Universal Base Image 8.",
                "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.2-343",
                "vcs-ref": "0fede9a6ae85a36962206913c66bfe9965c49940",
                "vcs-type": "git",
                "vendor": "Red Hat, Inc.",
                "version": "8.2"
            },
            "Annotations": {
                "io.container.manager": "libpod",
                "io.kubernetes.cri-o.Created": "2020-07-23T17:18:40.107825641-04:00",
                "io.kubernetes.cri-o.TTY": "true",
                "io.podman.annotations.autoremove": "FALSE",
                "io.podman.annotations.init": "FALSE",
                "io.podman.annotations.privileged": "FALSE",
                "io.podman.annotations.publish-all": "FALSE",
                "org.opencontainers.image.stopSignal": "0"
            },
            "StopSignal": 0,
            "CreateCommand": [
                "podman",
                "--runtime=/usr/bin/kata-runtime",
                "run",
                "--cpus",
                "16",
                "-m",
                "16g",
                "-v",
                "/dev/kmsg:/dev/kmsg",
                "-v",
                "/opt/ltp:/opt/ltp",
                "-v",
                "/usr/bin/trinity:/usr/bin/trinity",
                "-it",
                "ubi8",
                "bash"
            ]
        },
        "HostConfig": {
            "Binds": [
                "/usr/bin/trinity:/usr/bin/trinity:rw,rprivate,rbind",
                "/dev/kmsg:/dev/kmsg:rw,rprivate,nosuid,rbind",
                "/opt/ltp:/opt/ltp:rw,rprivate,rbind"
            ],
            "CgroupMode": "host",
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "k8s-file",
                "Config": null
            },
            "NetworkMode": "bridge",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": [],
            "CapDrop": [],
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": [],
            "GroupAdd": [],
            "IpcMode": "private",
            "Cgroup": "",
            "Cgroups": "default",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "private",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": [],
            "Tmpfs": {},
            "UTSMode": "private",
            "UsernsMode": "",
            "ShmSize": 65536000,
            "Runtime": "oci",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 17179869184,
            "NanoCpus": 16000000000,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 100000,
            "CpuQuota": 1600000,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DiskQuota": 0,
            "KernelMemory": 0,
            "MemoryReservation": 0,
            "MemorySwap": 34359738368,
            "MemorySwappiness": -1,
            "OomKillDisable": false,
            "PidsLimit": 4096,
            "Ulimits": [
                {
                    "Name": "RLIMIT_NOFILE",
                    "Soft": 1048576,
                    "Hard": 1048576
                },
                {
                    "Name": "RLIMIT_NPROC",
                    "Soft": 4194304,
                    "Hard": 4194304
                }
            ],
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0
        }
    }
]

Comment 3 Qian Cai 2020-07-23 23:26:52 UTC

Neither /etc/containers/containers.conf nor /etc/containers/libpod.conf exist.

Comment 4 Daniel Walsh 2020-07-24 12:04:02 UTC

This looks like we are verifying the configuration of running containers?

	// Once for each missing runtime, we want to error.
	logrus.Errorf("OCI Runtime %s is in use by a container, but is not available (not in configuration file or not installed)", name)
This should definitely be a warning or maybe lesser.

Comment 5 Daniel Walsh 2020-07-24 12:05:58 UTC

func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt.Bucket) error {
Calls
			ociRuntime = getMissingRuntime(runtimeName, s.runtime)

When you specify a container with a --runc flag, which prints this error.  I do not see why this is an error, or even a warning.
Should be info or maybe debug.

Comment 6 Daniel Walsh 2020-07-24 12:14:58 UTC

https://github.com/containers/podman/pull/7077

Comment 7 Tom Sweeney 2020-07-24 18:42:00 UTC

Assigning to Matt Heon as he's taken over the PR noted in https://bugzilla.redhat.com/show_bug.cgi?id=1860176#c6

Comment 8 Matthew Heon 2020-07-29 18:43:32 UTC

https://github.com/containers/podman/pull/7126 is a new fix.

Comment 9 Daniel Walsh 2020-09-15 20:35:22 UTC

This is getting closer

Comment 11 Matthew Heon 2020-10-20 15:27:23 UTC

This is merged upstream. It is too late to make 8.3.1, but will make it in for 8.4.

Comment 16 Joy Pu 2021-02-08 13:50:04 UTC

Test with podman-3.0.0-0.38rc2.module+el8.4.0+9804+5385893b.x86_64 and the message is gone. So set this to verified. Details:
# podman --runtime /usr/bin/kata-runtime run -d registry.access.redhat.com/ubi8  sleep 99
bf33fd8a910de53c55dc585bcd2ffe10d7f0f534897a80fe38eaeeb789e36f69
# podman ps
CONTAINER ID  IMAGE                            COMMAND   CREATED         STATUS            PORTS   NAMES
bf33fd8a910d  registry.access.redhat.com/ubi8  sleep 99  11 seconds ago  Up 7 seconds ago          gallant_haibt

Comment 18 errata-xmlrpc 2021-05-18 15:32:55 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1796

Note You need to log in before you can comment on or make changes to this bug.