[meta-virtualization] RFT/FYI: docker/containerd/runc uprevs pushed to master

Wed Apr 4 05:32:16 PDT 2018

Hello Bruce,

Yes I was missing the bbappend for kernel config. Got it working after I wrote the mail to you.

Are your changes committed to git repo? Is it in the master branch of Yocto?

Regards,
Shakthi

-----Original Message-----
From: Bruce Ashfield [mailto:bruce.ashfield at gmail.com] 
Sent: Wednesday, April 04, 2018 5:57 PM
To: Shakthi Pradeep (tpradeep) <tpradeep at cisco.com>
Cc: meta-virtualization at yoctoproject.org
Subject: Re: [meta-virtualization] RFT/FYI: docker/containerd/runc uprevs pushed to master

On Wed, Apr 4, 2018 at 12:57 AM, Shakthi Pradeep (tpradeep) <tpradeep at cisco.com> wrote:
> Hello Bruce,
>
>
>
> Timing is Perfect !!!
>
>
>
> I am currently trying to get Docker CE to work with Yocto. I could 
> include the Docker executable in ISO but when I run it I get some errors.
>
>
>
> When I boot the image looks like Docker service start is failing due 
> to missing kernel modules. Please refer attached screenshot and below 
> error log.

Do you have a bbappend for your 4.8 kernel that adds the docker configuration fragments ?

That's the most likely reason for the issues.

I was able to run a whole suite of tests against 4.12, 4.14 and 4.15 so those kernels + fragments are known to work.

Bruce

>
>
>
> * docker.service - Docker Application Container Engine
>
>    Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor
> preset: enabled)
>
>    Active: failed (Result: exit-code) since Tue 2018-04-03 13:17:51 
> UTC; 17min ago
>
>      Docs: https://docs.docker.com
>
>   Process: 317 ExecStart=/usr/bin/dockerd -H fd:// (code=exited,
> status=1/FAILURE)
>
> Main PID: 317 (code=exited, status=1/FAILURE)
>
>
>
> Apr 03 13:17:51 intel-x86-64 dockerd[317]:
> time="2018-04-03T13:17:51.035178755Z" level=warning msg="Running 
> modprobe xt_conntrack failed with message: `modprobe: WARNING: Module 
> xt_conntrack not found in directory 
> /lib/modules/4.8.24-WR9.0.0.10_standard`, error: exit status 1"
>
> Apr 03 13:17:51 intel-x86-64 dockerd[317]:
> time="2018-04-03T13:17:51.040727372Z" level=info msg="Firewalld running:
> false"
>
> Apr 03 13:17:51 intel-x86-64 dockerd[317]:
> time="2018-04-03T13:17:51.170575344Z" level=warning msg="Could not 
> load necessary modules for IPSEC rules: Running modprobe xfrm_user 
> failed with
> message: `modprobe: WARNING: Module xfrm_user not found in directory 
> /lib/modules/4.8.24-WR9.0.0.10_standard`, error: exit status 1"
>
> Apr 03 13:17:51 intel-x86-64 dockerd[317]:
> time="2018-04-03T13:17:51.172397913Z" level=info msg="Default bridge
> (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option 
> --bip can be used to set a preferred IP address"
>
> Apr 03 13:17:51 intel-x86-64 dockerd[317]: Error starting daemon: 
> Error initializing network controller: Error creating default "bridge" network:
> Failed to Setup IP tables: Unable to enable ACCEPT INCOMING rule:  
> (iptables
> failed: iptables --wait -I FORWARD -o docker0 -m conntrack --ctstate 
> RELATED,ESTABLISHED -j ACCEPT: iptables: No chain/target/match by that name.
>
> Apr 03 13:17:51 intel-x86-64 dockerd[317]:  (exit status 1))
>
> Apr 03 13:17:51 intel-x86-64 systemd[1]: docker.service: Main process 
> exited, code=exited, status=1/FAILURE
>
> Apr 03 13:17:51 intel-x86-64 systemd[1]: Failed to start Docker 
> Application Container Engine.
>
> Apr 03 13:17:51 intel-x86-64 systemd[1]: docker.service: Unit entered 
> failed state.
>
> Apr 03 13:17:51 intel-x86-64 systemd[1]: docker.service: Failed with 
> result 'exit-code'.
>
>
>
> Regards,
>
> Shakthi
>
>
>
> -----Original Message-----
> From: meta-virtualization-bounces at yoctoproject.org
> [mailto:meta-virtualization-bounces at yoctoproject.org] On Behalf Of 
> Bruce Ashfield
> Sent: Wednesday, April 04, 2018 8:44 AM
> To: meta-virtualization at yoctoproject.org
> Subject: [meta-virtualization] RFT/FYI: docker/containerd/runc uprevs 
> pushed to master
>
>
>
> Hi all,
>
>
>
> After spending a few days de-tangling the moby/docker/runc/containerd 
> and oe-core go infrastructure changes, I was able to run 
> docker/runc/containerd through a system/stress test and everything seems to be working.
>
>
>
> There were a few regressions that I worked through, as well as 
> build/packaging changes, but I'm no longer seeing any issues and all 
> the patches/functionality have been carried forward.
>
>
>
> One thing of note is that the docker and open containers containerd 
> split/fork is no longer an issue, so I've modified the default to be 
> the opencontainers variant. Similarly, the docker and opencontainers 
> runc are very similar. I've kept both variants of both recipes for 
> now, since I'd like to track things for a bit longer before declaring 
> the split unnecessary.
>
>
>
> Also for those that care, I created a reference docker-ce recipe that 
> tracks the docker-ce repo versus the components themselves.  Right now 
> it is reference only, since it needs a bit more work, but I wanted to 
> get it out there, in case someone really cares about docker-ce (I 
> don't really, but someone might!).
>
>
>
> Summary: I just pushed the following changes to master:
>
>
>
>   d7d310ae4113 meta-virt: prefer containerd-opencontainers
>
>   935e3d969ef1 containerd: uprev to v1.0.2
>
>   f5fbfa8ac4db docker-ce: introduce reference recipe/build
>
>   a5074cecf18f docker: uprev to 18.03.0
>
>   e3d960f4fcd9 runc: uprev to 1.0.0-rc5
>
>
>
> If anyone sees regressions, build or architecture issues .. report 
> them to me (and the list) and we'll get them fixed up.
>
>
>
> Cheers,
>
>
>
> Bruce
>
>
>
> --
>
> "Thou shalt not follow the NULL pointer, for chaos and madness await 
> thee at its end"
>
> --
>
> _______________________________________________
>
> meta-virtualization mailing list
>
> meta-virtualization at yoctoproject.org
>
> https://lists.yoctoproject.org/listinfo/meta-virtualization

--
"Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end"