Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add openSUSE example config (using JeOS image for OpenStack). #91

Merged
merged 1 commit into from
Jun 29, 2021
Merged

Add openSUSE example config (using JeOS image for OpenStack). #91

merged 1 commit into from
Jun 29, 2021

Conversation

jandubois
Copy link
Member

Unfortunately I couldn't find a corresponding image for aarch64.

Also containerd still failing:

jan@lima-opensuse:/Users/jan> nerdctl pull ghcr.io/stargz-containers/nginx:1.19-alpine-org
ghcr.io/stargz-containers/nginx:1.19-alpine-org:                                  resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:d942e5263869b00ed3174fb76573165dc89e391bfafa43e9134a9c6e0bf0ec87:    done           |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:4fe11ac2b8ee14157911dd2029b6e30b7aed3888f4549e733aa51930a4af52af: done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:72ab4137bd85aae7970407cbf4ba98ec0a7cb9d302e93a38bb665ba5fddf6f5d:   downloading    |--------------------------------------|    0.0 B/8.0 KiB
elapsed: 1.0 s                                                                    total:  3.1 Ki (3.1 KiB/s)
FATA[0001] failed to prepare extraction snapshot "extract-934522752-ByGC sha256:8ea3b23f387bedc5e3cee574742d748941443c328a75f511eb37b0d8b6164130": connection error: desc = "transport: Error while dialing dial unix:///run/user/501/containerd-fuse-overlayfs.sock: timeout": unavailable

@jandubois jandubois added the enhancement New feature or request label Jun 28, 2021
@jandubois
Copy link
Member Author

Executing /mnt/lima-cidata/boot/40-install-containerd.sh 
+ '[' '' '!=' 1 ']'
+ '[' 1 '!=' 1 ']'
+ command -v systemctl
+ '[' '!' -x /usr/local/bin/nerdctl ']'+ tar Cxzf /usr/local /mnt/lima-cidata/nerdctl-full.tgz
+ '[' '' = 1 ']'
+ '[' 1 = 1 ']'
+ modprobe tap
modprobe: FATAL: Module tap not found in directory /lib/modules/5.3.18-59.5-default
+ true
+ '[' '!' -e /home/jan.linux/.config/containerd/config.toml ']'
+ mkdir -p /home/jan.linux/.config/containerd
+ cat
+ chown -R jan /home/jan.linux/.config
+ selinux=
+ command -v selinuxenabled
+ '[' '!' -e '/home/jan}}.linux/.config/systemd/user/containerd.service' ']'
+ '[' -e /run/user/501/systemd/private ']'
+ '[' -n '' ']'
+ sudo -iu jan XDG_RUNTIME_DIR=/run/user/501 systemctl --user enable --now dbus
The unit files have no installation config (WantedBy=, RequiredBy=, Also=,
Alias= settings in the [Install] section, and DefaultInstance= for template
units). This means they are not meant to be enabled using systemctl.

Possible reasons for having this kind of units are:
• A unit may be statically enabled by being symlinked from another unit's
  .wants/ or .requires/ directory.
• A unit's purpose may be to act as a helper for some other unit which has
  a requirement dependency on it.
• A unit may be started when needed via activation (socket, path, timer,
  D-Bus, udev, scripted systemctl call, ...).
• In case of template units, the unit is meant to be enabled with some
  instance name specified.
+ sudo -iu jan XDG_RUNTIME_DIR=/run/user/501 containerd-rootless-setuptool.sh install
[INFO] Checking RootlessKit functionality
[INFO] Checking cgroup v2
[WARNING] Enabling cgroup v2 is highly recommended, see https://rootlesscontaine.rs/getting-started/common/cgroup2/
[INFO] Checking overlayfs
mount: /tmp/tmp.sUlv460EK2/m: permission denied.
[rootlesskit:child ] error: command [mount -t overlay -o lowerdir=/tmp/tmp.sUlv460EK2/l,upperdir=/tmp/tmp.sUlv460EK2/u,workdir=/tmp/tmp.sUlv460EK2/w overlay /tmp/tmp.sUlv460EK2/m] exited: exit status 32
[rootlesskit:parent] error: child exited: exit status 32
[WARNING] Overlayfs is not enabled, consider installing fuse-overlayfs snapshotter (`/usr/local/bin/containerd-rootless-setuptool.sh install-fuse-overlayfs`),  or see https://rootlesscontaine.rs/how-it-works/overlayfs/ to enable overlayfs.
[INFO] Requirements are satisfied
[INFO] Creating "/home/jan.linux/.config/systemd/user/containerd.service"
[INFO] Starting systemd unit "containerd.service"
+ systemctl --user start containerd.service
+ sleep 3
+ systemctl --user --no-pager --full status containerd.service
● containerd.service - containerd (Rootless)
     Loaded: loaded (/home/jan.linux/.config/systemd/user/containerd.service; disabled; vendor preset: disabled)
     Active: active (running) since Mon 2021-06-28 22:34:36 UTC; 3s ago
   Main PID: 2238 (rootlesskit)
     CGroup: /user.slice/user-501.slice/user@501.service/containerd.service
             ├─2238 rootlesskit --state-dir=/run/user/501/containerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --copy-up=/var/lib --propagation=rslave /usr/local/bin/containerd-rootless.sh
             ├─2249 /proc/self/exe --state-dir=/run/user/501/containerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --copy-up=/var/lib --propagation=rslave /usr/local/bin/containerd-rootless.sh
             ├─2267 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 2249 tap0
             └─2275 containerd
+ systemctl --user enable containerd.service
Created symlink /home/jan.linux/.config/systemd/user/default.target.wants/containerd.service → /home/jan.linux/.config/systemd/user/containerd.service.
[INFO] Installed "containerd.service" successfully.
[INFO] To control "containerd.service", run: `systemctl --user (start|stop|restart) containerd.service`
[INFO] To run "containerd.service" on system startup automatically, run: `sudo loginctl enable-linger jan`
[INFO] ------------------------------------------------------------------------------------------
[INFO] Use `nerdctl` to connect to the rootless containerd.
[INFO] You do NOT need to specify $CONTAINERD_ADDRESS explicitly.
+ sudo -iu jan XDG_RUNTIME_DIR=/run/user/501 containerd-rootless-setuptool.sh install-buildkit
[INFO] Creating "/home/jan.linux/.config/systemd/user/buildkit.service"
[INFO] Starting systemd unit "buildkit.service"
+ systemctl --user start buildkit.service
+ sleep 3
+ systemctl --user --no-pager --full status buildkit.service
● buildkit.service - BuildKit (Rootless)
     Loaded: loaded (/home/jan.linux/.config/systemd/user/buildkit.service; disabled; vendor preset: disabled)
     Active: active (running) since Mon 2021-06-28 22:34:40 UTC; 3s ago
   Main PID: 2365 (buildkitd)
     CGroup: /user.slice/user-501.slice/user@501.service/buildkit.service
             └─2365 buildkitd
+ systemctl --user enable buildkit.service
Created symlink /home/jan.linux/.config/systemd/user/default.target.wants/buildkit.service → /home/jan.linux/.config/systemd/user/buildkit.service.
[INFO] Installed "buildkit.service" successfully.
[INFO] To control "buildkit.service", run: `systemctl --user (start|stop|restart) buildkit.service`
+ sudo -iu jan XDG_RUNTIME_DIR=/run/user/501 containerd-rootless-setuptool.sh install-fuse-overlayfs
[INFO] Creating "/home/jan.linux/.config/systemd/user/containerd-fuse-overlayfs.service"
[INFO] Starting systemd unit "containerd-fuse-overlayfs.service"
+ systemctl --user start containerd-fuse-overlayfs.service
+ sleep 3
+ systemctl --user --no-pager --full status containerd-fuse-overlayfs.service
● containerd-fuse-overlayfs.service - containerd-fuse-overlayfs (Rootless)
     Loaded: loaded (/home/jan.linux/.config/systemd/user/containerd-fuse-overlayfs.service; disabled; vendor preset: disabled)
     Active: activating (auto-restart) (Result: exit-code) since Mon 2021-06-28 22:34:45 UTC; 750ms ago
    Process: 2464 ExecStart=/usr/local/bin/containerd-rootless-setuptool.sh nsenter containerd-fuse-overlayfs-grpc /run/user/501/containerd-fuse-overlayfs.sock /home/jan.linux/.local/share/containerd-fuse-overlayfs (code=exited, status=1/FAILURE)
   Main PID: 2464 (code=exited, status=1/FAILURE)
+ set +x
[ERROR] Failed to start containerd-fuse-overlayfs.service. Run `journalctl -n 20 --no-pager --user --unit containerd-fuse-overlayfs.service` to show the error log.
[ERROR] Before retrying installation, you might need to uninstall the current setup: `/usr/local/bin/containerd-rootless-setuptool.sh uninstall -f ; /usr/local/bin/rootlesskit rm -rf /home/jan.linux/.local/share/containerd`
LIMA| WARNING: Failed to execute /mnt/lima-cidata/boot/40-install-containerd.sh
LIMA| Exiting with code 1

@AkihiroSuda AkihiroSuda added this to the v0.5.0 milestone Jun 29, 2021
AkihiroSuda
AkihiroSuda reviewed Jun 29, 2021
View reviewed changes
pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh
if ! command -v sshfs >/dev/null 2>&1; then
zypper install -y sshfs
fi
fi
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

suda@lima-opensuse:~> containerd-rootless-setuptool.sh nsenter containerd-fuse-overlayfs-grpc /run/user/501/containerd-fuse-overlayfs.sock /home/suda.linux/.local/share/containerd-fuse-overlayfs 
INFO[0000] containerd-fuse-overlayfs-grpc Version="v1.0.2" Revision="0c586ae77b866c333af73c6e9f9bf7a4b64cb06b" 
error: fuse-overlayfs not functional, make sure running with kernel >= 4.18: failed to mount fuse-overlayfs ({Type:fuse3.fuse-overlayfs Source:overlay Options:[lowerdir=/home/suda.linux/.local/share/containerd-fuse-overlayfs/fuseoverlayfs-check824306133/lower2:/home/suda.linux/.local/share/containerd-fuse-overlayfs/fuseoverlayfs-check824306133/lower1]}) on /home/suda.linux/.local/share/containerd-fuse-overlayfs/fuseoverlayfs-check824306133/merged: mount helper [mount.fuse3 [overlay /home/suda.linux/.local/share/containerd-fuse-overlayfs/fuseoverlayfs-check824306133/merged -o lowerdir=/home/suda.linux/.local/share/containerd-fuse-overlayfs/fuseoverlayfs-check824306133/lower2:/home/suda.linux/.local/share/containerd-fuse-overlayfs/fuseoverlayfs-check824306133/lower1 -t fuse-overlayfs]] failed: "": exec: "mount.fuse3": executable file not found in $PATH

Copy link
Member

@AkihiroSuda AkihiroSuda Jun 29, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zypper install -y fuse3 would be fine.

Also iptables needs to be installed. And modprobe ip_tables

AkihiroSuda
AkihiroSuda reviewed Jun 29, 2021
View reviewed changes
pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh Outdated
if ! command -v sshfs >/dev/null 2>&1; then
zypper install -y sshfs
fi
fi
# other dependencies are preinstalled on Arch Linux (https://linuximages.de/openstack/arch/)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment has to be moved to L58

AkihiroSuda
AkihiroSuda reviewed Jun 29, 2021
View reviewed changes
pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh Outdated
if [ "${LIMA_CIDATA_CONTAINERD_SYSTEM}" = 1 ] || [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ]; then
if [ ! -e /usr/sbin/iptables ]; then
zypper install -y iptables
modprobe ip_tables
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

modprobe must always happen here (even when /usr/sbin/iptables is already present.)
https://github.com/AkihiroSuda/lima/blob/eb3ef88dd3a9834ea15cec99e1be2073c4c4b16c/pkg/cidata/cidata.TEMPLATE.d/boot/40-install-containerd.sh#L28

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I've added it just after the modprobe tap line. I assume for modprobe ip_tables we don't need the || true part because a failure would be fatal?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can have || true because ip_tables can be built-in into the kernel

AkihiroSuda
AkihiroSuda approved these changes Jun 29, 2021
View reviewed changes
Copy link
Member

@AkihiroSuda AkihiroSuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@jandubois
Add openSUSE example config (using JeOS image for OpenStack).
9cc369e 
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
@AkihiroSuda AkihiroSuda merged commit d4fe56b into lima-vm:master Jun 29, 2021
@jandubois jandubois deleted the opensuse branch June 29, 2021 08:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request guest/opensuse
Projects
None yet
Milestone
v0.5.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jandubois @AkihiroSuda