| kata-irc-bot | <archana.m.shinde> what if you run a privileged nested container instead? | 00:21 |
|---|---|---|
| kata-irc-bot | <archana.m.shinde> setting sysctl requires a read/write sysfs iirc, and that is achieved in privileged mode | 00:22 |
| kata-irc-bot | <archana.m.shinde> I dont think just having CAP_SYS_ADMIN is sifficient | 00:22 |
| kata-irc-bot | <parthasl> @archana.m.shinde tried privileged but getting error - starting container process caused "apply caps: operation not permitted": unknown. | 00:34 |
| kata-irc-bot | <parthasl> its simple - `docker run --privileged -t -i --rm ubuntu:latest bash` | 00:34 |
| kata-irc-bot | <eric.ernst> You could run in a prestart hook? | 00:52 |
| kata-irc-bot | <eric.ernst> If you're root on the host, you can write to the underlying proc/sys? | 00:52 |
| kata-irc-bot | <parthasl> @eric.ernst i'm not sure on how to run prestart hook? any reference doc? | 00:59 |
| kata-irc-bot | <eric.ernst> looking for it now. | 01:02 |
| kata-irc-bot | <eric.ernst> its described in the toml i know. | 01:02 |
| kata-irc-bot | <parthasl> Thanks @eric.ernst will take a look. | 01:27 |
| *** fuentess1 has quit IRC | 02:11 | |
| *** th0din has quit IRC | 02:14 | |
| *** th0din has joined #kata-general | 02:15 | |
| *** sameo has joined #kata-general | 05:38 | |
| *** sgarzare has joined #kata-general | 07:10 | |
| *** pvdp66556 has joined #kata-general | 08:52 | |
| *** fuentess has joined #kata-general | 11:46 | |
| *** devimc has joined #kata-general | 12:17 | |
| *** fuentess has quit IRC | 12:39 | |
| *** fuentess has joined #kata-general | 12:40 | |
| kata-irc-bot | <gerrit.schwerthelm> It works, virtualization in kata-containers is possible. :) Thanks for everyone who helped me out. This is the Kernel config that made it happen: https://github.com/metal-stack/kernel/blob/enable-kvm/config-mainline-x86_64 | 13:03 |
| *** devimc has quit IRC | 13:25 | |
| *** devimc has joined #kata-general | 13:29 | |
| kata-irc-bot | <gerrit.schwerthelm> Me again, sorry. :flushed: Anybody seen this before? ```root@kata-pod:/# docker pull kindest/node:v1.18.2 v1.18.2: Pulling from kindest/node | 15:43 |
| kata-irc-bot | d51af753c3d3: Pull complete fc878cd0a91c: Pull complete | 15:43 |
| kata-irc-bot | 6154df8ff988: Pull complete fee5db0ff82f: Pull complete 65f86a4d5f65: Pull complete | 15:43 |
| kata-irc-bot | 21a979f63fed: Extracting [==================================================>] 73.68MB/73.68MB e5a0f9400e15: Download complete | 15:43 |
| kata-irc-bot | failed to register layer: Error processing tar file(exit status 1): failed to mknod("/etc/systemd/system/default.target.wants/e2scrub_reap.service", S_IFCHR, 0): operation not permitted``` For smaller docker images everything just works. For example running docker's `hello-world` works just fine. | 15:43 |
| kata-irc-bot | <eric.ernst> sweet! | 15:47 |
| *** sgarzare has quit IRC | 16:11 | |
| *** Rene__ has joined #kata-general | 17:33 | |
| kata-irc-bot | <parthasl> Hello, I see clock drift in kata containers, its not consistent across all nodes. when i do ntp forcesync on base node; it picks up time properly in kata containers and drifts after few days. For now, we just do ntp forcesync periodically. Is there a better alternative for this? | 17:38 |
| kata-irc-bot | <archana.m.shinde> @parthasl We had fixed this issue, wonder if there was a regression introduced | 17:48 |
| kata-irc-bot | <archana.m.shinde> what kernel version are you using on your host? | 17:48 |
| kata-irc-bot | <parthasl> on host - Linux 3.10.0-1127.13.1.el7.YAHOO.20200629.61.x86_64 | 17:58 |
| kata-irc-bot | <archana.m.shinde> @parthasl We added support for host time sync with this : https://github.com/kata-containers/osbuilder/issues/255 | 18:01 |
| kata-irc-bot | <archana.m.shinde> it makes use of ptp, but the hypercall that it relies on was added in kernel 4.10 | 18:01 |
| kata-irc-bot | <archana.m.shinde> so you would need kernel host version at least 4.10 for it to work | 18:02 |
| kata-irc-bot | <archana.m.shinde> For more details, see this https://github.com/kata-containers/runtime/issues/1279 | 18:03 |
| kata-irc-bot | <parthasl> ah ok, so it will be consistent but may become inconsistent at times. let me try to upgrade kernel on the host. | 18:05 |
| *** sameo has quit IRC | 19:51 | |
| *** devimc has quit IRC | 20:54 | |
| *** fuentess has quit IRC | 22:44 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!