Tuesday, 2020-06-23

« Monday, 2020-06-22 Index Wednesday, 2020-06-24 »
*** sameo has quit IRC02:23
kata-irc-bot<dgibson> @archana.m.shinde @julio.montes so, I'm less interested in what new versions we support as whether we can drop support for old qemu versions (e.g. 2.10)03:23
*** bpradipt has joined #kata-dev04:21
*** pcaruana has joined #kata-dev06:20
kata-irc-bot<archana.m.shinde> @dgibson Yes, I think we can drop support for qemu 2.10 especially if it helps simplify code06:21
*** dklyle has quit IRC06:26
*** jodh has joined #kata-dev06:45
kata-irc-bot<dgibson> @archana.m.shinde thanks, good to know06:50
kata-irc-bot<dgibson> @archana.m.shinde and the next question is just how many can we drop06:50
kata-irc-bot<dgibson> can we drop support for 3.1?  4.0? 4.1?06:50
kata-irc-bot<dgibson> not 4.1, I guess06:50
*** sameo has joined #kata-dev07:17
*** sameo has quit IRC07:20
*** sameo has joined #kata-dev07:20
*** hashar has joined #kata-dev07:26
*** davidgiluk has joined #kata-dev08:02
*** bpradipt has quit IRC08:09
*** hashar has quit IRC08:16
*** hashar_ has joined #kata-dev08:16
*** hashar_ is now known as hashar08:25
*** bpradipt has joined #kata-dev09:23
*** hashar is now known as hasharAway09:31
*** amorenoz_ has quit IRC10:07
*** amorenoz has joined #kata-dev10:10
*** hasharAway is now known as hasharLunch10:16
*** bpradipt has quit IRC10:38
*** bpradipt has joined #kata-dev10:43
*** amorenoz has quit IRC11:18
*** amorenoz_ has joined #kata-dev11:18
*** devimc has joined #kata-dev11:48
*** hasharLunch is now known as hashar11:51
fidenciodevimc: hey, I'm not sure what to do with the forward ports I've posted12:16
fidenciodevimc: travis doesn't seem to work for me :-/12:16
devimcfidencio: lemme take a look12:30
devimcfidencio: https://github.com/kata-containers/kata-containers/pull/310  ?12:31
fidenciodevimc: that one as well, but mainly: https://github.com/kata-containers/kata-containers/pull/30412:32
devimcfidencio: done12:34
devimcxD12:34
devimchttps://travis-ci.org/github/kata-containers/kata-containers/builds/701250122?utm_source=github_status&utm_medium=notification12:34
fidenciodevimc: if you have a hammer, every problem becomes a nail12:35
devimchaha12:35
*** georgk00 has quit IRC12:52
*** georgk has joined #kata-dev12:52
*** dklyle has joined #kata-dev12:58
*** devimc has quit IRC13:57
*** devimc has joined #kata-dev13:58
fidenciodevimc: can you hammer this one as well? https://github.com/kata-containers/kata-containers/pull/310 I've tried Yesterday, without success14:12
devimcfidencio: sure, I can try14:13
fidenciodevimc: thanks!14:14
devimcyey it works14:14
*** amorenoz__ has joined #kata-dev14:41
*** amorenoz_ has quit IRC14:43
*** amorenoz__ has quit IRC14:43
*** amorenoz has joined #kata-dev14:45
*** amorenoz has quit IRC14:48
*** amorenoz_ has joined #kata-dev14:48
*** amorenoz_ has quit IRC14:48
*** amorenoz has joined #kata-dev14:49
*** amorenoz has quit IRC14:53
*** amorenoz has joined #kata-dev14:54
*** crobinso has joined #kata-dev15:04
*** sameo has quit IRC15:18
*** sameo has joined #kata-dev15:19
kata-irc-bot<eric.ernst> devimc: hey there15:36
kata-irc-bot<eric.ernst> i believe containerd/cgroups has v2/rootless now15:36
*** amorenoz_ has joined #kata-dev15:45
*** amorenoz has quit IRC15:48
devimchey Eric, that's really cool15:53
kata-irc-bot<fidencio> @gabriela.cervantes.te, @salvador.fuentes, would you be able to test a patch for CRI-O that may fix the issue you pointed out in the meeting?15:55
kata-irc-bot<salvador.fuentes> @fidencio sure thing15:56
kata-irc-bot<eric.ernst> based on that, devimc, i’m wondering if we can cgroup mgr.15:57
kata-irc-bot<eric.ernst> It’s kind of a pain, since it works at a ‘different level’ than we use elsewhere (ie, we seem to work more with LinuxResources, where this is working with their own cgroup data structure).15:57
kata-irc-bot<eric.ernst> Rather than translate and keep state around for the cgroups, I think the container/cgroups was a bit easier?15:58
kata-irc-bot<eric.ernst> were there any other reasons for using libcontainer’s cgroup?15:58
kata-irc-bot<fidencio> https://github.com/fidencio/cri-o/tree/wip/pass-runtime-type-to-the-runtimes-option15:59
kata-irc-bot<fidencio> Using this branch you should be able to pass the runtime type as VM15:59
devimc@eric.ernst we already have cgroup mgr to encapsulate this, so the transition to containerd/cgroups should be easy, we move to libcontainer because it supports v2 and partially rootless16:00
kata-irc-bot<eric.ernst> I wonder if we need the encapsulation / what it buys us.16:05
kata-irc-bot<eric.ernst> Avoid need to ’load cgroup?”16:05
*** jodh has quit IRC16:05
kata-irc-bot<eric.ernst> and, that currently doesn’t really handle updating the cgroups based on new resources.16:06
kata-irc-bot<eric.ernst> anyway, i’ll look at it more, but I think it may make sense to move away from the libcontainer usage and just use containerd/cgroups16:07
kata-irc-bot<salvador.fuentes> ok thanks, let me try16:14
kata-irc-bot<fidencio> let me know if it works and I'll submit the PR to cri-o, if it does16:36
kata-irc-bot<salvador.fuentes> yeah, that worked, but now I am getting other errors, but not related to this issue: ``` # time="2020-06-23 16:36:34.229482427Z" level=debug msg="Response error: failed to create pod network sandbox k8s_podsandbox1_redhat.test.crio_redhat-test-crio_1(ca12146bf1a3bffbee6a8677755e89068c436b0cebc54e931 6a94b9d43b0812b): error adding loopback interface: failed to Statfs \"\": no such file or directory"16:43
kata-irc-botfile="go-grpc-middleware/chain.go:25" id=165cf8c4-3b45-484e-a0bb-bc374d577580 name=/runtime.v1alpha2.RuntimeSe rvice/RunPodSandbox # time="2020-06-23T16:36:34Z" level=fatal msg="run pod sandbox failed: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_podsandbox1_redhat.test.crio_redhat-test-crio_1(ca12146bf1a3bffbee 6a8677755e89068c436b0cebc54e9316a94b9d43b0812b): error adding loopback interface: failed to Statfs \"\": no16:43
kata-irc-botsuch file or directory"```16:43
kata-irc-bot<salvador.fuentes> @fidencio I think you can open the PR to fix the runtime_type issue, in the meantime I'll check this other issue16:46
kata-irc-bot<fidencio> Okay, my I take a look at the config used?16:47
kata-irc-bot<salvador.fuentes> I think it is the default one, iirc, the tests do not take the config in /etc/crio/crio.conf, right? I only exported  RUNTIME=containerd-shim-kata-v2 and RUNTIME_TYPE="vm"16:49
kata-irc-bot<eric.ernst> or, wdyt re: cgroup manager?16:58
kata-irc-bot<eric.ernst> it made sense to me when we were using the libcontainer cgroup manager, but not sure now.16:58
kata-irc-bot<eric.ernst> Or, devimc, can you clarify the gap with existing solution?17:00
kata-irc-bot<eric.ernst> (ie, device support?)17:00
kata-irc-bot<fidencio> would be good to also export `RUNTIME_ROOT="/run/vc"`17:05
devimc@eric.ernst rootless cgroups, not sure if libcontainer already supports them17:06
kata-irc-bot<fidencio> Also, is there some way to export``manage_ns_lifecycle = true ?`17:06
kata-irc-bot<eric.ernst> ok.  Do we have what we need wrt containerd/cgroups for device support?17:12
kata-irc-bot<eric.ernst> FWICS, using *just* containerd/cgroups may be feasible at this point; it looks like cgroup manager pkg you made is mostly using libcontainer, and seems to be mostly focused on devices17:13
*** hashar has quit IRC17:25
*** hashar has joined #kata-dev17:25
kata-irc-bot<salvador.fuentes> oh ok, not sure about `manage_ns_lifecycle` , let  me check17:31
kata-irc-bot<fidencio> Also, seems that my patch screwed up setting runtime_root :slightly_smiling_face:17:35
kata-irc-bot<fidencio> I'm cooking a new version here17:35
kata-irc-bot<salvador.fuentes> ohh ok, thanks17:36
kata-irc-bot<fidencio> Okay, I've force-pushed the patch to the same branch17:50
kata-irc-bot<fidencio> That one should be good to go17:50
kata-irc-bot<salvador.fuentes> thanks, checking17:52
*** bpradipt has quit IRC18:18
*** hashar is now known as hasharAway18:23
kata-irc-bot<eric.ernst> devimc ^^19:01
devimc@eric.ernst we can reuse that package, just the replace the calls to libcontainer with calls to containerd/cgroups19:07
devimcthe device cgroup was not easy to support19:07
*** davidgiluk has quit IRC19:22
*** Yarboa has joined #kata-dev19:34
kata-irc-bot<salvador.fuentes> exported those variables and updated with your latest changes. Now I am getting ```# time="2020-06-23T20:11:35.889232355Z" level=error msg="createContainer failed" ID=19e5a55f6f4ef161acfef29886d1a3cf183e55f76788e25a9d0b67b26787e424 error="rpc error: code = Internal desc = EINVAL: Invalid argu$ ent" source=virtcontainers subsystem=kata_agent```20:14
kata-irc-bot<salvador.fuentes> that comes from kata20:14
kata-irc-bot<salvador.fuentes> any idea @archana.m.shinde ^20:14
kata-irc-bot<eric.ernst> The main item I was questioning if it makes sense to keep an entire structure in place.20:19
kata-irc-bot<eric.ernst> It seems we would need to recalculate most of it (linux resources) each time there’s a container update.20:20
kata-irc-bot<eric.ernst> might be good to talk through in realtime.20:46
*** devimc has quit IRC20:51
kata-irc-bot<archana.m.shinde> But looks like that could be from the agent21:02
kata-irc-bot<archana.m.shinde> can you enable kata agent logs and see if you find a more useful message?21:02
*** sameo has quit IRC21:06
kata-irc-bot<salvador.fuentes> @archana.m.shinde seems to be related to cgroup manager. As default it is configured as systemd and thats the error I got. Tried to change to cgroupfs and now I get:21:17
kata-irc-bot<salvador.fuentes> ```# time="2020-06-23 20:57:38.407141596Z" level=debug msg="Response error: cri-o configured with cgroupfs cgroup manager, but received systemd slice as parent: pod_123-456.slice" file="go-grpc-middleware/chain.go:25" id=5894d1d4-a704-4e65-80c0-b34a5ec8f5b9 name=/runtime.v1alpha2.RuntimeService/RunPodSandbox```21:17
kata-irc-bot<salvador.fuentes> seems like somewhere else I need to change the configuration?21:17
kata-irc-bot<archana.m.shinde> yeah21:17
kata-irc-bot<salvador.fuentes> btw, for kata 1.x I do not have to change all this, is this different on both implementations?21:17
kata-irc-bot<archana.m.shinde> maybe it is configured in the tests somewhere21:18
kata-irc-bot<archana.m.shinde> fuentess: not sure21:23
kata-irc-bot<archana.m.shinde> https://github.com/fidencio/cri-o/blob/23193ea43643053d4b118daccd2d8c0e336f455b/test/helpers.bash#L6821:23
kata-irc-bot<archana.m.shinde> but I see the above that the cgroup manager is systemd there21:23
kata-irc-bot<archana.m.shinde> should check with devimc if some cgroup support is missing for shimv2 although I doubt it21:24
kata-irc-bot<fidencio> I've been using shimv2 with cgroupsv1, haven't faced issues strict related to that21:25
kata-irc-bot<fidencio> @salvador.fuentes, what's the easiest way for me to try that?21:25
kata-irc-bot<salvador.fuentes> yeah, it is weird as I can also run k8s21:25
kata-irc-bot<salvador.fuentes> so if you already have an environment with kata-shimv2 and you have the tests repo cloned, you can try with these:...21:26
kata-irc-bot<fidencio> I have an environment with shimv2 setup, but I'm not sure how easily I can build something in that machine (RHCOS, immutable OS, joy ...) But, gimme the instructions and I'll give it a try Tomorrow (too late to connect back to the VPN Today ;-))21:27
kata-irc-bot<salvador.fuentes> ```export CONTAINER_CGROUP_MANAGER=cgroupfs export RUNTIME_ROOT=/run/vc export RUNTIME_TYPE=vm export RUNTIME=containerd-shim-kata-v2   # From tests repo: sudo -E PATH=$PATH make crio```21:28
kata-irc-bot<salvador.fuentes> and of course, build cri-o with your changes21:28
kata-irc-bot<salvador.fuentes> that is what I have tried locally21:28
kata-irc-bot<fidencio> right, I'll give it a try Tomorrow and let you know!21:28
kata-irc-bot<salvador.fuentes> ok, thanks Fabiano :slightly_smiling_face:21:29
kata-irc-bot<fidencio> np! and the atch adding the RUNTIME_TYPE should be merged soon, already got the needed reviews, it's just a matter of a clean CI run21:29
kata-irc-bot<salvador.fuentes> great, thanks21:30
kata-irc-bot<archana.m.shinde> fuentess: Wonder if it is picking any configs from /etc/crio/crio.conf21:31
kata-irc-bot<archana.m.shinde> I remember it has a cgroup config there as well21:32
kata-irc-bot<salvador.fuentes> I already looked at that configuration and I have: `cgroup_manager = "cgroupfs"`  and `conmon_cgroup = "pod"` , although not sure if both settings are related?21:33
kata-irc-bot<fidencio> @salvador.fuentes what does your `/etc/crio/crio.conf` looks like? is there something in `/etc/crio/crio.conf.d`?21:34
kata-irc-bot<fidencio> and the kata configuration file?21:34
kata-irc-bot<salvador.fuentes> @fidencio this is my crio.conf: https://seashells.io/v/gaQPuRND  and nothing inside /etc/crio/crio.conf.d21:39
kata-irc-bot<salvador.fuentes> and on Kata, I don't have any special configuration, just default ones and enabled logging: https://seashells.io/v/3v7gjPcZ21:40
*** Yarboa has quit IRC21:43
kata-irc-bot<fidencio> not exactly comparing side-by-side but one thing that I could spot here21:49
kata-irc-bot<fidencio> I use: `sanbox_cgroup_only=true`21:50
kata-irc-bot<fidencio> I also use q35 as machine type21:50
kata-irc-bot<fidencio> and both my guest and host do *not* have cgroupsv2 enabled21:50
*** hasharAway has quit IRC22:11
*** th0din has quit IRC23:15
*** th0din has joined #kata-dev23:16
*** kgz has quit IRC23:29
*** kgz has joined #kata-dev23:31
« Monday, 2020-06-22 Index Wednesday, 2020-06-24 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!