| *** sameo has quit IRC | 01:07 | |
| *** sgarzare has joined #kata-general | 07:19 | |
| *** Rene__ has quit IRC | 07:22 | |
| *** sameo has joined #kata-general | 07:30 | |
| *** pvdp66556 has quit IRC | 11:48 | |
| *** devimc has joined #kata-general | 12:08 | |
| *** fuentess has joined #kata-general | 12:24 | |
| *** devimc has quit IRC | 13:10 | |
| *** devimc has joined #kata-general | 13:11 | |
| kata-irc-bot | <gerrit.schwerthelm> Thanks already for your help, Jakob. In the meantime I compiled multiple Kernels (using the kernel config from your `build_kernel.sh` script and enabling Virtualization modules), but the VM does not start up. :( Error in the kernel log is: ```... EXT4-fs (pmem0p1): DAX unsupported by block device. ... No filesystem could mount root, tried: ext4 ...``` Do you know this problem maybe or point me into a direction on how to | 13:11 |
|---|---|---|
| kata-irc-bot | solve this? I would be very thankful indeed. ,:) | 13:11 |
| devimc | @gerrit.schwerthelm I guess your image doesn't have the DAX metadata https://github.com/kata-containers/osbuilder/blob/master/image-builder/image_builder.sh#L97 | 13:45 |
| *** fuentess has quit IRC | 14:52 | |
| *** fuentess1 has joined #kata-general | 14:52 | |
| *** devimc has quit IRC | 14:56 | |
| *** devimc has joined #kata-general | 14:58 | |
| kata-irc-bot | <gerrit.schwerthelm> Hey! I did not build an own OS image, I am still using the one that starts with the original kernel: ```... # /usr/share/defaults/kata-containers/configuration.toml [hypervisor.qemu] image = "/usr/share/kata-containers/kata-containers.img" ...``` | 15:10 |
| devimc | sorry I need more context | 15:12 |
| kata-irc-bot | <gerrit.schwerthelm> No problem, thanks for willing to help. :slightly_smiling_face: I am trying to virtualize _again_ in a kata-container (nested virtualization with qemu hypervisor). For this, I attempted to build a kernel which has all the virtualization modules enabled. But the kernel that I built does not start due to the kernel panic error you saw. Only thing I altered is the path to the kernel in the `configuration.toml` , which points | 15:24 |
| kata-irc-bot | to my custom-built kernel. Was not touching anything else. | 15:24 |
| devimc | @gerrit.schwerthelm thanks, did you use fragments to build your kernel ? | 15:29 |
| devimc | https://github.com/kata-containers/packaging/tree/master/kernel/configs/fragments | 15:29 |
| devimc | to run kata containers you will need those CONFIGs | 15:29 |
| devimc | does your host kernel support nested virtualization ? | 15:30 |
| kata-irc-bot | <gerrit.schwerthelm> Host kernel supports nested virtualization and is a bare metal server. I think, I used the fragments. I've tried to build a 4.14.199 kernel config for x86 with the command: `./build-kernel.sh -v 4.14.199 -g intel -c $(pwd)/configs/x86_64_kata_kvm_4.14.x -f -d setup` In the end, the script asks me a lot of questions, which is why I aborted the script with a keyboard interrupt. Then, I changed into the newly created | 15:38 |
| kata-irc-bot | `kata-linux-4.14.199-89` directory and ran `make menuconfig` , enabled the Virtualization modules and saved everything to `.config`. Then built the kernel... and the error came up. :( | 15:39 |
| devimc | @gerrit.schwerthelm that's an old kernel - afaik we don't support fragments for that version | 15:40 |
| devimc | copy this config in your kernel directory | 15:41 |
| devimc | https://github.com/kata-containers/packaging/blob/master/kernel/configs/x86_64_kata_kvm_4.14.x | 15:41 |
| devimc | cp x86_64_kata_kvm_4.14.x .config | 15:41 |
| devimc | run: make oldconfig | 15:41 |
| devimc | them: make menuconfig - and enable nested virtualization | 15:42 |
| devimc | *then | 15:42 |
| *** sgarzare has quit IRC | 16:06 | |
| kata-irc-bot | <gerrit.schwerthelm> On `make oldconfig` ... how do I answer all those questions? | 16:20 |
| devimc | @gerrit.schwerthelm yes | 16:31 |
| devimc | few questions I think | 16:31 |
| devimc | because you are using linux 4.14.199 | 16:32 |
| devimc | and that config is for 4.14.67 | 16:32 |
| kata-irc-bot | <gerrit.schwerthelm> You were right, it were just a few questions this time. Also the error changed with this kernel. It's now coming from user space, the kernel logs look clean now. :slightly_smiling_face: This is now left: ```ERRO[0001] rpc error: code = Internal desc = Could not run process: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"proc\\\" to | 17:02 |
| kata-irc-bot | rootfs \\\"/run/kata-containers/shared/containers/foo/rootfs\\\" at \\\"/proc\\\" caused \\\"mkdir /run/kata-containers/shared/containers/foo/rootfs/proc: read-only file system\\\"\"" arch=amd64 command=run container=foo name=kata-runtime pid=1640143 source=runtime rpc error: code = Internal desc = Could not run process: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused | 17:02 |
| kata-irc-bot | \"rootfs_linux.go:58: mounting \\\"proc\\\" to rootfs \\\"/run/kata-containers/shared/containers/foo/rootfs\\\" at \\\"/proc\\\" caused \\\"mkdir /run/kata-containers/shared/containers/foo/rootfs/proc: read-only file system\\\"\""``` | 17:02 |
| kata-irc-bot | <gerrit.schwerthelm> Oh. And this is only happening if I run the standalone thing. The pod is starting now! Let me check. :slightly_smiling_face: | 17:03 |
| devimc | @gerrit.schwerthelm ok - at least the agent is running | 17:04 |
| devimc | this could be a configuration problem | 17:04 |
| *** stackedsax has quit IRC | 17:36 | |
| *** CeeMac has quit IRC | 17:38 | |
| *** stackedsax has joined #kata-general | 17:49 | |
| *** CeeMac has joined #kata-general | 17:50 | |
| kata-irc-bot | <parthasl> Hello, Trying to use sysctl inside kata-container and getting this error. same with DIND. (kata 1.10.2 / containerd 1.13 / kubernetes) STDERR: sysctl: setting key "kernel.shmmax": Read-only file system ---- End output of sysctl -w "kernel.shmmax=17179869184" ---- Ran sysctl -w "kernel.shmmax=17179869184" returned 255 | 18:46 |
| devimc | @parthasl using debugging console? | 18:51 |
| devimc | anyway - try adding `rw` to the kernel cmdline | 18:52 |
| kata-irc-bot | <parthasl> no, this is the output from the container and I see /proc/sys is RO | 18:53 |
| devimc | 2.0 ? | 18:53 |
| devimc | ahh no | 18:53 |
| devimc | 1.x | 18:53 |
| kata-irc-bot | <parthasl> yes 1.10.2 | 18:54 |
| devimc | yeah try with the rw option | 18:55 |
| kata-irc-bot | <eric.ernst> :eyes: I was going to test this later today too. Let me know what you find @parthasl | 18:59 |
| kata-irc-bot | <eric.ernst> Curious if you need to run privileged. You using CRI or just docker cli? | 19:01 |
| kata-irc-bot | <parthasl> using CRI, yes running in privileged mode without host devices option | 19:02 |
| kata-irc-bot | <eric.ernst> But that doesn’t work? | 19:02 |
| kata-irc-bot | <parthasl> no that doesnt work, returns << Read-only file system >> | 19:04 |
| kata-irc-bot | <eric.ernst> One thing you could do is run a prestart hook. | 19:09 |
| kata-irc-bot | <eric.ernst> Or,... maybe agent isn’t able to write either. Can you attempt via debug console? | 19:09 |
| kata-irc-bot | <eric.ernst> I think you may need remount rw | 19:10 |
| kata-irc-bot | <parthasl> sure will try | 19:11 |
| kata-irc-bot | <eric.ernst> AFAIU it should work from dev console and/or from a prestart hook | 19:27 |
| *** devimc has quit IRC | 21:05 | |
| kata-irc-bot | <archana.m.shinde> @parthasl How are you setting the sysctl ? | 21:28 |
| kata-irc-bot | <archana.m.shinde> Take a look at this: https://github.com/kata-containers/documentation/blob/8d5f2f0783fc2f848514c5d2fd1991fd7b755be7/how-to/how-to-use-sysctls-with-kata.md | 21:29 |
| kata-irc-bot | <archana.m.shinde> ```kernel.shmmax = 18446744073692774399 / # sysctl -w "kernel.shmmax=17179869184" kernel.shmmax = 17179869184 / # / # sysctl kernel.shmmax kernel.shmmax = 17179869184``` | 21:40 |
| kata-irc-bot | <archana.m.shinde> works | 21:40 |
| kata-irc-bot | <archana.m.shinde> @chen.bo @jose.carlos.venegas.m I was just trying out the sysctl integration test for cloud-hypervisor, it works | 21:41 |
| kata-irc-bot | <archana.m.shinde> I think we should enable that | 21:41 |
| kata-irc-bot | <chen.bo> @archana.m.shinde Thanks a lot. I just sent a PR to enable it here: https://github.com/kata-containers/tests/pull/2901. | 21:41 |
| *** CeeMac has quit IRC | 21:52 | |
| *** stackedsax has quit IRC | 21:53 | |
| *** stackedsax has joined #kata-general | 21:56 | |
| *** CeeMac has joined #kata-general | 21:57 | |
| *** sameo has quit IRC | 22:42 | |
| kata-irc-bot | <parthasl> Thank you @archana.m.shinde, able to set it inside kata container. DIND (Kata) scenario with CAP_SYS_ADMIN privilege, getting Read only file system error | 23:37 |
| kata-irc-bot | <archana.m.shinde> you mean your nested container has CAP_SYS_ADMIN? | 23:48 |
| kata-irc-bot | <archana.m.shinde> @parthasl ^ | 23:48 |
| kata-irc-bot | <parthasl> yes | 23:49 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!