[meta-virtualization] RFT/FYI: docker/containerd/runc uprevs pushed to master

Shakthi Pradeep (tpradeep) tpradeep at cisco.com
Tue Apr 3 21:57:59 PDT 2018 

Hello Bruce,



Timing is Perfect !!!



I am currently trying to get Docker CE to work with Yocto. I could include the Docker executable in ISO but when I run it I get some errors.


When I boot the image looks like Docker service start is failing due to missing kernel modules. Please refer attached screenshot and below error log.

* docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2018-04-03 13:17:51 UTC; 17min ago
     Docs: https://docs.docker.com
  Process: 317 ExecStart=/usr/bin/dockerd -H fd:// (code=exited, status=1/FAILURE)
Main PID: 317 (code=exited, status=1/FAILURE)

Apr 03 13:17:51 intel-x86-64 dockerd[317]: time="2018-04-03T13:17:51.035178755Z" level=warning msg="Running modprobe xt_conntrack failed with message: `modprobe: WARNING: Module xt_conntrack not found in directory /lib/modules/4.8.24-WR9.0.0.10_standard`, error: exit status 1"
Apr 03 13:17:51 intel-x86-64 dockerd[317]: time="2018-04-03T13:17:51.040727372Z" level=info msg="Firewalld running: false"
Apr 03 13:17:51 intel-x86-64 dockerd[317]: time="2018-04-03T13:17:51.170575344Z" level=warning msg="Could not load necessary modules for IPSEC rules: Running modprobe xfrm_user failed with message: `modprobe: WARNING: Module xfrm_user not found in directory /lib/modules/4.8.24-WR9.0.0.10_standard`, error: exit status 1"
Apr 03 13:17:51 intel-x86-64 dockerd[317]: time="2018-04-03T13:17:51.172397913Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Apr 03 13:17:51 intel-x86-64 dockerd[317]: Error starting daemon: Error initializing network controller: Error creating default "bridge" network: Failed to Setup IP tables: Unable to enable ACCEPT INCOMING rule:  (iptables failed: iptables --wait -I FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT: iptables: No chain/target/match by that name.
Apr 03 13:17:51 intel-x86-64 dockerd[317]:  (exit status 1))
Apr 03 13:17:51 intel-x86-64 systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Apr 03 13:17:51 intel-x86-64 systemd[1]: Failed to start Docker Application Container Engine.
Apr 03 13:17:51 intel-x86-64 systemd[1]: docker.service: Unit entered failed state.
Apr 03 13:17:51 intel-x86-64 systemd[1]: docker.service: Failed with result 'exit-code'.



Regards,

Shakthi



-----Original Message-----
From: meta-virtualization-bounces at yoctoproject.org [mailto:meta-virtualization-bounces at yoctoproject.org] On Behalf Of Bruce Ashfield
Sent: Wednesday, April 04, 2018 8:44 AM
To: meta-virtualization at yoctoproject.org
Subject: [meta-virtualization] RFT/FYI: docker/containerd/runc uprevs pushed to master



Hi all,



After spending a few days de-tangling the moby/docker/runc/containerd and oe-core go infrastructure changes, I was able to run docker/runc/containerd through a system/stress test and everything seems to be working.



There were a few regressions that I worked through, as well as build/packaging changes, but I'm no longer seeing any issues and all the patches/functionality have been carried forward.



One thing of note is that the docker and open containers containerd split/fork is no longer an issue, so I've modified the default to be the opencontainers variant. Similarly, the docker and opencontainers runc are very similar. I've kept both variants of both recipes for now, since I'd like to track things for a bit longer before declaring the split unnecessary.



Also for those that care, I created a reference docker-ce recipe that tracks the docker-ce repo versus the components themselves.  Right now it is reference only, since it needs a bit more work, but I wanted to get it out there, in case someone really cares about docker-ce (I don't really, but someone might!).



Summary: I just pushed the following changes to master:



  d7d310ae4113 meta-virt: prefer containerd-opencontainers

  935e3d969ef1 containerd: uprev to v1.0.2

  f5fbfa8ac4db docker-ce: introduce reference recipe/build

  a5074cecf18f docker: uprev to 18.03.0

  e3d960f4fcd9 runc: uprev to 1.0.0-rc5



If anyone sees regressions, build or architecture issues .. report them to me (and the list) and we'll get them fixed up.



Cheers,



Bruce



--

"Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end"

--

_______________________________________________

meta-virtualization mailing list

meta-virtualization at yoctoproject.org<mailto:meta-virtualization at yoctoproject.org>

https://lists.yoctoproject.org/listinfo/meta-virtualization
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/meta-virtualization/attachments/20180404/7d979dd1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: docker.log
Type: application/octet-stream
Size: 2151 bytes
Desc: docker.log
URL: <http://lists.yoctoproject.org/pipermail/meta-virtualization/attachments/20180404/7d979dd1/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Docker 1.png
Type: image/png
Size: 13224 bytes
Desc: Docker 1.png
URL: <http://lists.yoctoproject.org/pipermail/meta-virtualization/attachments/20180404/7d979dd1/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Docker 2.png
Type: image/png
Size: 7220 bytes
Desc: Docker 2.png
URL: <http://lists.yoctoproject.org/pipermail/meta-virtualization/attachments/20180404/7d979dd1/attachment-0003.png>

More information about the meta-virtualization mailing list