Re: Where is docker.cfg file in rocko? #yocto #meta-virtualization


Bruce Ashfield
 



On Wed, Jan 5, 2022 at 4:46 AM <thitgahamtonghop@...> wrote:
>
> [Edited Message Follows]
>
> Hi,
> So I am having problem running docker image. When I run command: docker run hello-world, this is the output:
>
> docker: Error response from daemon: failed to create endpoint elastic_hypatia on network bridge: failed to add the host (vethf9c4250) <=> sandbox (vethc439d7e) pair interfaces: operation not supported.
> ERRO[0000] error waiting for container: context canceled
>
> So I suspect that the veth module is missing and as checking, I ran the check-config.sh script, and here is what I get
>
>  
> info: reading kernel config from /proc/config.gz ...
>  
> Generally Necessary:
> - check-config.sh: line 159: [: missing `]'
> check-config.sh: line 160: /sys/fs/cgroup/memory: Is a directory
> cgroup hierarchy: single mountpoint! [/sys/fs/cgroup/memory]
>     (see https://github.com/tianon/cgroupfs-mount)
> - CONFIG_NAMESPACES: enabled
> - CONFIG_NET_NS: enabled
> - CONFIG_PID_NS: enabled
> - CONFIG_IPC_NS: enabled
> - CONFIG_UTS_NS: enabled
> - CONFIG_CGROUPS: enabled
> - CONFIG_CGROUP_CPUACCT: enabled
> - CONFIG_CGROUP_DEVICE: enabled
> - CONFIG_CGROUP_FREEZER: enabled
> - CONFIG_CGROUP_SCHED: enabled
> - CONFIG_CPUSETS: enabled
> - CONFIG_MEMCG: enabled
> - CONFIG_KEYS: enabled
> - CONFIG_VETH: missing
> - CONFIG_BRIDGE: enabled (as module)
> - CONFIG_BRIDGE_NETFILTER: enabled (as module)
> - CONFIG_NF_NAT_IPV4: enabled (as module)
> - CONFIG_IP_NF_FILTER: enabled (as module)
> - CONFIG_IP_NF_TARGET_MASQUERADE: missing
> - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: missing
> - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
> - CONFIG_NETFILTER_XT_MATCH_IPVS: missing
> - CONFIG_IP_NF_NAT: missing
> - CONFIG_NF_NAT: enabled (as module)
> - CONFIG_NF_NAT_NEEDED: enabled
> - CONFIG_POSIX_MQUEUE: enabled
> - CONFIG_DEVPTS_MULTIPLE_INSTANCES: missing
>  
> Optional Features:
> - CONFIG_USER_NS: enabled
> - CONFIG_SECCOMP: enabled
> - CONFIG_CGROUP_PIDS: missing
> - CONFIG_MEMCG_SWAP: enabled
> - CONFIG_MEMCG_SWAP_ENABLED: enabled
>     (cgroup swap accounting is currently enabled)
> - CONFIG_LEGACY_VSYSCALL_EMULATE: enabled
> - CONFIG_MEMCG_KMEM: enabled
> - CONFIG_BLK_CGROUP: enabled
> - CONFIG_BLK_DEV_THROTTLING: missing
> - CONFIG_IOSCHED_CFQ: enabled
> - CONFIG_CFQ_GROUP_IOSCHED: missing
> - CONFIG_CGROUP_PERF: missing
> - CONFIG_CGROUP_HUGETLB: missing
> - CONFIG_NET_CLS_CGROUP: enabled
> - CONFIG_CGROUP_NET_PRIO: missing
> - CONFIG_CFS_BANDWIDTH: missing
> - CONFIG_FAIR_GROUP_SCHED: enabled
> - CONFIG_RT_GROUP_SCHED: enabled
> - CONFIG_IP_VS: missing
> - CONFIG_IP_VS_NFCT: missing
> - CONFIG_IP_VS_RR: missing
> - CONFIG_EXT3_FS: enabled
> - CONFIG_EXT3_FS_XATTR: missing
> - CONFIG_EXT3_FS_POSIX_ACL: enabled
> - CONFIG_EXT3_FS_SECURITY: enabled
>     (enable these ext3 configs if you are using ext3 as backing filesystem)
> - CONFIG_EXT4_FS: enabled
> - CONFIG_EXT4_FS_POSIX_ACL: enabled
> - CONFIG_EXT4_FS_SECURITY: enabled
> - Network Drivers:
>   - "overlay":
>     - CONFIG_VXLAN: missing
>       Optional (for encrypted networks):
>       - CONFIG_CRYPTO: enabled
>       - CONFIG_CRYPTO_AEAD: enabled
>       - CONFIG_CRYPTO_GCM: enabled (as module)
>       - CONFIG_CRYPTO_SEQIV: enabled (as module)
>       - CONFIG_CRYPTO_GHASH: enabled (as module)
>       - CONFIG_XFRM: enabled
>       - CONFIG_XFRM_USER: enabled (as module)
>       - CONFIG_XFRM_ALGO: enabled
>       - CONFIG_INET_ESP: enabled (as module)
>       - CONFIG_INET_XFRM_MODE_TRANSPORT: enabled
>   - "ipvlan":
>     - CONFIG_IPVLAN: missing
>   - "macvlan":
>     - CONFIG_MACVLAN: missing
>     - CONFIG_DUMMY: enabled (as module)
>   - "ftp,tftp client in container":
>     - CONFIG_NF_NAT_FTP: enabled (as module)
>     - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
>     - CONFIG_NF_NAT_TFTP: enabled (as module)
>     - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
> - Storage Drivers:
>   - "aufs":
>     - CONFIG_AUFS_FS: enabled
>   - "btrfs":
>     - CONFIG_BTRFS_FS: enabled
>     - CONFIG_BTRFS_FS_POSIX_ACL: enabled
>   - "devicemapper":
>     - CONFIG_BLK_DEV_DM: enabled
>     - CONFIG_DM_THIN_PROVISIONING: missing
>   - "overlay":
>     - CONFIG_OVERLAY_FS: missing
>   - "zfs":
>     - /dev/zfs: missing
>     - zfs command: missing
>     - zpool command: missing
>  
> Limits:
> - /proc/sys/kernel/keys/root_maxkeys: 1000000
>
> Even running modprobe veth showing that veth is not there:
>
> modprobe: FATAL: Module veth not found in directory /lib/modules/4.4.113-yocto-standard
>
> And here is the output of lxc-checkconfig
>
> --- Namespaces ---
> Namespaces: enabled
> Utsname namespace: enabled
> Ipc namespace: enabled
> Pid namespace: enabled
> User namespace: enabled
> Network namespace: enabled
> Multiple /dev/pts instances: missing
>  
> --- Control groups ---
> Cgroup: enabled
> Cgroup clone_children flag: enabled
> Cgroup device: enabled
> Cgroup sched: enabled
> Cgroup cpu account: enabled
> Cgroup memory controller: enabled
> Cgroup cpuset: enabled
>  
> --- Misc ---
> Veth pair device: missing
> Macvlan: missing
> Vlan: enabled
> Bridges: enabled
> Advanced netfilter: enabled
> CONFIG_NF_NAT_IPV4: enabled
> CONFIG_NF_NAT_IPV6: missing
> CONFIG_IP_NF_TARGET_MASQUERADE: missing
> CONFIG_IP6_NF_TARGET_MASQUERADE: missing
> CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
> FUSE (for use with lxcfs): enabled
>  
> --- Checkpoint/Restore ---
> checkpoint restore: missing
> CONFIG_FHANDLE: enabled
> CONFIG_EVENTFD: enabled
> CONFIG_EPOLL: enabled
> CONFIG_UNIX_DIAG: missing
> CONFIG_INET_DIAG: enabled
> CONFIG_PACKET_DIAG: missing
> CONFIG_NETLINK_DIAG: missing
> File capabilities: enabled
>  
> Note : Before booting a new kernel, you can check its configuration
> usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
>
> After going around the internet, I found out that somebody had the same issue with me: https://marc.info/?l=openembedded-devel&m=154773496216135&w=2, and they also think that veth missing is the problem. And as suggestion, I added in my local.conf:
> CORE_IMAGE_EXTRA_INSTALL += "kernel-modules docker"
> But they also mentioned the actual solution is :
>
> I found the issue.  The veth kernel parameter was not enabled.  Once I added
> CONFIG_VETH=y to my docker.cfg file, I was able to successfully run a
> docker container in my openembedded OS
>
> So where could I do the same? I've used the rocko version and it doesn't have the linux/docker.cfg file? Or could I can create one by myself?
>
> P/S:
> I found in meta-virtualization/recipes-kernel/linux/linux-yocto/ the file docker.cfg, but there is no option as CONFIG_VETH, but in the file lxc.cfg, it exists and already 'y'. I don't really know what needed to actually used this. Why the veth module is not appeared?
>

Correct. Similar fragments did exist in the rocko timeframe, but if you are looking for docker support .. a newer (and supported) release is highly recommended.

Using the fragments depends on your kernel provider. 

If it is linux yocto, then there is a .inc file in the layer that is enabled whenever virtualization is in the DISTRO_FEATURES. That .inc file adds the fragments to the linux-yocto SRC_URI, and the options will be enabled (https://git.yoctoproject.org/meta-virtualization/tree/recipes-kernel/linux/linux-yocto_virtualization.inc?h=rocko)

If your kernel provider is linux-yocto based (i.e. it supports fragments), then you could individually add the fragments via KERNEL_FEATURES (check the yocto docs for details).

And finally, if you do have CONFIG_VETH enabled as a module (versus built in), you'd also need to make sure the specific kernel module package is installed to your image, or all modules are installed (via the kernel-modules package that you have mentioned above).

Bruce



>
>


--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

Join meta-virtualization@lists.yoctoproject.org to automatically receive all group messages.