Hello Team,

Can I know what are the changes required in yocto to run docker and its dependencies on my target embedded system. I have added the below changes. Do I need more plugins and packages ?

bblayers.conf:



BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems"

BBLAYERS += "${BSPDIR}/sources/meta-virtualization"



local.conf:



DISTRO_FEATURES:append = " virtualization"

IMAGE_INSTALL:append = " docker-ce"

WIth the above changes and tested on the target I am getting the below error when try to run "docker run hello-world"


root@imx8mpevk:~# docker run hello-world
DEBU[2023-02-23T00:53:57.064704083Z] Calling HEAD /_ping
DEBU[2023-02-23T00:53:57.068355788Z] Calling POST /v1.41/containers/create
DEBU[2023-02-23T00:53:57.069098805Z] form data: {“AttachStderr”:true,“AttachStdin”:false,“AttachStdout”:true,“Cmd”:null,“Domainname”:“”,“Entrypoint”:null,“Env”:null,“HostConfig”:{“AutoRemove”:false,“Binds”:null,“BlkioDeviceReadBps”:null,“BlkioDeviceReadIOps”:null,“BlkioDeviceWriteBps”:null,“BlkioDeviceWriteIOps”:null,“BlkioWeight”:0,“BlkioWeightDevice”:,“CapAdd”:null,“CapDrop”:null,“Cgroup”:“”,“CgroupParent”:“”,“CgroupnsMode”:“”,“ConsoleSize”:[0,0],“ContainerIDFile”:“”,“CpuCount”:0,“CpuPercent”:0,“CpuPeriod”:0,“CpuQuota”:0,“CpuRealtimePeriod”:0,“CpuRealtimeRuntime”:0,“CpuShares”:0,“CpusetCpus”:“”,“CpusetMems”:“”,“DeviceCgroupRules”:null,“DeviceRequests”:null,“Devices”:,“Dns”:,“DnsOptions”:,“DnsSearch”:,“ExtraHosts”:null,“GroupAdd”:null,“IOMaximumBandwidth”:0,“IOMaximumIOps”:0,“IpcMode”:“”,“Isolation”:“”,“KernelMemory”:0,“KernelMemoryTCP”:0,“Links”:null,“LogConfig”:{“Config”:{},“Type”:“”},“MaskedPaths”:null,“Memory”:0,“MemoryReservation”:0,“MemorySwap”:0,“MemorySwappiness”:-1,“NanoCpus”:0,“NetworkMode”:“default”,“OomKillDisable”:false,“OomScoreAdj”:0,“PidMode”:“”,“PidsLimit”:0,“PortBindings”:{},“Privileged”:false,“PublishAllPorts”:false,“ReadonlyPaths”:null,“ReadonlyRootfs”:false,“RestartPolicy”:{“MaximumRetryCount”:0,“Name”:“no”},“SecurityOpt”:null,“ShmSize”:0,“UTSMode”:“”,“Ulimits”:null,“UsernsMode”:“”,“VolumeDriver”:“”,“VolumesFrom”:null},“Hostname”:“”,“Image”:“hello-world”,“Labels”:{},“NetworkingConfig”:{“EndpointsConfig”:{}},“OnBuild”:null,“OpenStdin”:false,“Platform”:null,“StdinOnce”:false,“Tty”:false,“User”:“”,“Volumes”:{},“WorkingDir”:“”}
DEBU[25846.680992] docker0: port 1(veth659d267) entered blocking state
[25846.681041] docker0: port 1(veth659d267) entered disabled state
[2023-02-23T00:53:57.121358454Z] [25846.681312] device veth659d267 entered promiscuous mode
container mounted via layerStore:[25846.681392] audit: type=1700 audit(1677113637.219:205): dev=veth659d267 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
&{/var/lib/docker/overlay2/d664e[25846.683022] audit: type=1300 audit(1677113637.219:205): arch=c00000b7 syscall=206 success=yes exit=40 a0=d a1=4000c507b0 a2=28 a3=0 items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” exe=“/usr/bin/dockerd” key=(null)
7963d79b51cb1322f9995853ff56f54a3[25846.683091] audit: type=1327 audit(1677113637.219:205): proctitle=2F7573722F62696E2F646F636B657264002D44
aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190
DEBU[2023-02-23T00:53:57.184741848Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/attach?stderr=1&stdout=1&stream=1
DEBU[2023-02-23T00:53:57.185112606Z] attach: stderr: begin
DEBU[2023-02-23T00:53:57.185130357Z] attach: stdout: begin
DEBU[2023-02-23T00:53:57.186340258Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/wait?condition=next-exit
DEBU[2023-02-23T00:53:57.188347802Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start
DEBU[2023-02-23T00:53:57.190864983Z] container mounted via layerStore: &{/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190
DEBU[2023-02-23T00:53:57.191993758Z] Assigning addresses for endpoint crazy_bell’s interface on network bridge
DEBU[2023-02-23T00:53:57.192083760Z] RequestAddress(LocalDefault/172.17.0.0/16, , map)
DEBU[2023-02-23T00:53:57.192149761Z] Request address PoolID:172.17.0.0/16 App: ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65533, Sequence: (0xc0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3 Serial:false PrefAddress:
ERRO[2023-02-23T00:53:57.192262764Z] failed to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.252893597Z] Assigning addresses for endpoint crazy_bell’s interface on network bridge
ERRO[2023-02-23T00:53:57.274329693Z] failed to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.294111754Z] Programming external connectivity on endpoint crazy_bell (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c)
ERRO[2023-02-23T00:53:57.299150489Z] failed [25846.962844] docker0: port 1(veth659d267) entered disabled state
to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.304933242Z] EnableService 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 START
DEBU[2023-02-23T00:53:57.305002118Z] Enabl[25846.996647] device veth659d267 left promiscuous mode
eService 4f926f032e0566c4dbdfbb02[25846.996686] docker0: port 1(veth659d267) entered disabled state
[25846.996703] audit: type=1700 audit(1677113637.488:206): dev=veth659d267 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
7787b42e6e19ef6e633864f09a4c9edbdb62d190 DONE
DEBU[2023-02-23T00:53:57.313909564Z] bundle dir created bundle=/var/run/docker/containerd/4f926f032e0566c4dbdfbb027787b42e6e19ef[25847.040986] audit: type=1300 audit(1677113637.488:206): arch=c00000b7 syscall=206 success=yes exit=32 a0=d a1=4000ccd240 a2=20 a3=0 items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” exe=“/usr/bin/dockerd” key=(null)
[25847.041004] audit: type=1327 audit(1677113637.488:206): proctitle=2F7573722F62696E2F646F636B657264002D44
6e633864f09a4c9edbdb62d190 module=libcontainerd namespace=moby root=/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged
ERRO[2023-02-23T00:53:57.445101824Z] stream copy error: reading from a closed fifo
ERRO[2023-02-23T00:53:57.445126200Z] stream copy error: reading from a closed fifo
DEBU[2023-02-23T00:53:57.445172451Z] attach: stderr: end
DEBU[2023-02-23T00:53:57.445174576Z] attach: stdout: end
DEBU[2023-02-23T00:53:57.445349705Z] attach done
DEBU[2023-02-23T00:53:57.469084602Z] Revoking external connectivity on endpoint crazy_bell (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c)
ERRO[2023-02-23T00:53:57.469206980Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
ERRO[2023-02-23T00:53:57.475388115Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
ERRO[2023-02-23T00:53:57.489002290Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.587904715Z] Releasing addresses for endpoint crazy_bell’s interface on network bridge
DEBU[2023-02-23T00:53:57.610361084Z] ReleaseAddress(LocalDefault/172.17.0.0/16, 172.17.0.2)
DEBU[2023-02-23T00:53:57.619890544Z] Released address PoolID:LocalDefault/172.17.0.0/16, Address:172.17.0.2 Sequence:App: ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65532, Sequence: (0xe0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3
ERRO[2023-02-23T00:53:57.659608292Z] 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 cleanup: failed to delete container from containerd: no such container
ERRO[2023-02-23T00:53:57.659718420Z] Handler for POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can’t get final child’s PID from pipe: EOF: unknown
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can’t get final child’s PID from pipe: EOF: unknown.
ERRO[0000] error waiting for container: context canceled




Regards

Simon

Hello Bruce,

Thank you for the inputs.


Yes, I use linux-yocto. The target linux version is below.



Linux imx8mpevk 5.15.32-rt39-lts-next+g2a8a193a07b4 #1 SMP PREEMPT_RT Tue Jun 7 02:34:46 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux

The layers used are in the link below.

https://source.codeaurora.org/external/imx/imx-manifest/tree/imx-5.15.32-2.0.0.xml?h=imx-linux-kirkstone



I tried to add IMAGE_INSTALL:append = " kernel-modules" in local.conf but it did not make any difference.



The docker version I am running on the target is 20.10.12-ce



Below is the error I am getting on the target.



root@imx8mpevk:~# docker run hello-world

[ 1359.005452] docker0: port 1(veth4dc9000) entered blocking state

[ 1359.005512] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.005921] device veth4dc9000 entered promiscuous mode

[ 1359.005994] audit: type=1700 audit(1677283528.914:37): dev=veth4dc9000 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295

[ 1359.013139] audit: type=1300 audit(1677283528.914:37): arch=c00000b7 syscall=206 success=yes exit=40 a0=e a1=4000ec0d50 a2=28 a3=0 items=0 ppid=1 pid=446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" key=(null)

[ 1359.013228] audit: type=1327 audit(1677283528.914:37): proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F

[ 1359.263483] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.298263] device veth4dc9000 left promiscuous mode

[ 1359.298305] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.298646] audit: type=1700 audit(1677283529.164:38): dev=veth4dc9000 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can't get final child's PID from pipe: EOF: unknown.

ERRO[0000] error waiting for container: context canceled







Also sending the local.conf and bblayers.conf file



local.conf:



MACHINE ??= 'imx8mpevk'

DISTRO ?= 'fsl-imx-wayland'

PACKAGE_CLASSES ?= 'package_rpm'

EXTRA_IMAGE_FEATURES ?= "debug-tweaks"

USER_CLASSES ?= "buildstats"

PATCHRESOLVE = "noop"

BB_DISKMON_DIRS ??= "\

STOPTASKS,${TMPDIR},1G,100K \

STOPTASKS,${DL_DIR},1G,100K \

STOPTASKS,${SSTATE_DIR},1G,100K \

STOPTASKS,/tmp,100M,100K \

HALT,${TMPDIR},100M,1K \

HALT,${DL_DIR},100M,1K \

HALT,${SSTATE_DIR},100M,1K \

HALT,/tmp,10M,1K"

PACKAGECONFIG:append:pn-qemu-system-native = " sdl"

CONF_VERSION = "2"



DL_DIR ?= "${BSPDIR}/downloads/"

ACCEPT_FSL_EULA = "1"



# Switch to Debian packaging and include package-management in the image

PACKAGE_CLASSES = "package_deb"

EXTRA_IMAGE_FEATURES += "package-management"

DISTRO_FEATURES:append = " virtualization"

IMAGE_INSTALL:append = " docker-ce"

IMAGE_INSTALL:append = " kernel-modules"



EXTRA_IMAGE_FEATURES = "debug-tweaks tools-profile"







bblayers.conf



LCONF_VERSION = "7"



BBPATH = "${TOPDIR}"

BSPDIR := ${@os.path.abspath(os.path.dirname(d.getVar('FILE', True)) + '/../..')}



BBFILES ?= ""

BBLAYERS = " \

${BSPDIR}/sources/poky/meta \

${BSPDIR}/sources/poky/meta-poky \

\

${BSPDIR}/sources/meta-openembedded/meta-oe \

${BSPDIR}/sources/meta-openembedded/meta-multimedia \

${BSPDIR}/sources/meta-openembedded/meta-python \

\

${BSPDIR}/sources/meta-freescale \

${BSPDIR}/sources/meta-freescale-3rdparty \

${BSPDIR}/sources/meta-freescale-distro \

"



# i.MX Yocto Project Release layers

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-bsp"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-sdk"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-ml"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-v2x"

#BBLAYERS += "${BSPDIR}/sources/meta-nxp-demo-experience"



#BBLAYERS += "${BSPDIR}/sources/meta-browser/meta-chromium"

#BBLAYERS += "${BSPDIR}/sources/meta-clang"

#BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-gnome"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems"

BBLAYERS += "${BSPDIR}/sources/meta-virtualization"

BBLAYERS += "${BSPDIR}/sources/meta-teledyne-wapng"

BBLAYERS += "${BSPDIR}/sources/meta-aws"



Regards

Simon


On Thu, Feb 23, 2023 at 12:03 PM Bruce Ashfield <bruce.ashfield@...> wrote:

On Wed, Feb 22, 2023 at 9:47 PM SIMON BABY <simonkbaby@...> wrote:

Hello Team,

Can I know what are the changes required in yocto to run docker and its dependencies on my target embedded system. I have added the below changes. Do I need more plugins and packages ?

bblayers.conf:



BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems"

BBLAYERS += "${BSPDIR}/sources/meta-virtualization"



local.conf:



DISTRO_FEATURES:append = " virtualization"

IMAGE_INSTALL:append = " docker-ce"

You likely are missing kernel configuration values required to run the
containers.

What kernel are you using (linux-yocto?), and are you on the master
branch of the layers ?

As you can see, it is working in my latest tests:

root@qemux86-64:~# docker --version
Docker version 23.0.1, build a5ee5b1dfc
root@qemux86-64:~# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
63b65145d645: Pull complete
Digest: sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
root@qemux86-64:~# docker run -it alpine /bin/sh
/ #

Try adding "kernel-modules" to your IMAGE_INSTALL, and see if that
makes a difference.

Bruce

WIth the above changes and tested on the target I am getting the below error when try to run "docker run hello-world"


root@imx8mpevk:~# docker run hello-world
DEBU[2023-02-23T00:53:57.064704083Z] Calling HEAD /_ping
DEBU[2023-02-23T00:53:57.068355788Z] Calling POST /v1.41/containers/create
DEBU[2023-02-23T00:53:57.069098805Z] form data: {“AttachStderr”:true,“AttachStdin”:false,“AttachStdout”:true,“Cmd”:null,“Domainname”:“”,“Entrypoint”:null,“Env”:null,“HostConfig”:{“AutoRemove”:false,“Binds”:null,“BlkioDeviceReadBps”:null,“BlkioDeviceReadIOps”:null,“BlkioDeviceWriteBps”:null,“BlkioDeviceWriteIOps”:null,“BlkioWeight”:0,“BlkioWeightDevice”:,“CapAdd”:null,“CapDrop”:null,“Cgroup”:“”,“CgroupParent”:“”,“CgroupnsMode”:“”,“ConsoleSize”:[0,0],“ContainerIDFile”:“”,“CpuCount”:0,“CpuPercent”:0,“CpuPeriod”:0,“CpuQuota”:0,“CpuRealtimePeriod”:0,“CpuRealtimeRuntime”:0,“CpuShares”:0,“CpusetCpus”:“”,“CpusetMems”:“”,“DeviceCgroupRules”:null,“DeviceRequests”:null,“Devices”:,“Dns”:,“DnsOptions”:,“DnsSearch”:,“ExtraHosts”:null,“GroupAdd”:null,“IOMaximumBandwidth”:0,“IOMaximumIOps”:0,“IpcMode”:“”,“Isolation”:“”,“KernelMemory”:0,“KernelMemoryTCP”:0,“Links”:null,“LogConfig”:{“Config”:{},“Type”:“”},“MaskedPaths”:null,“Memory”:0,“MemoryReservation”:0,“MemorySwap”:0,“MemorySwappiness”:-1,“NanoCpus”:0,“NetworkMode”:“default”,“OomKillDisable”:false,“OomScoreAdj”:0,“PidMode”:“”,“PidsLimit”:0,“PortBindings”:{},“Privileged”:false,“PublishAllPorts”:false,“ReadonlyPaths”:null,“ReadonlyRootfs”:false,“RestartPolicy”:{“MaximumRetryCount”:0,“Name”:“no”},“SecurityOpt”:null,“ShmSize”:0,“UTSMode”:“”,“Ulimits”:null,“UsernsMode”:“”,“VolumeDriver”:“”,“VolumesFrom”:null},“Hostname”:“”,“Image”:“hello-world”,“Labels”:{},“NetworkingConfig”:{“EndpointsConfig”:{}},“OnBuild”:null,“OpenStdin”:false,“Platform”:null,“StdinOnce”:false,“Tty”:false,“User”:“”,“Volumes”:{},“WorkingDir”:“”}
DEBU[25846.680992] docker0: port 1(veth659d267) entered blocking state
[25846.681041] docker0: port 1(veth659d267) entered disabled state
[2023-02-23T00:53:57.121358454Z] [25846.681312] device veth659d267 entered promiscuous mode
container mounted via layerStore:[25846.681392] audit: type=1700 audit(1677113637.219:205): dev=veth659d267 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
&{/var/lib/docker/overlay2/d664e[25846.683022] audit: type=1300 audit(1677113637.219:205): arch=c00000b7 syscall=206 success=yes exit=40 a0=d a1=4000c507b0 a2=28 a3=0 items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” exe=“/usr/bin/dockerd” key=(null)
7963d79b51cb1322f9995853ff56f54a3[25846.683091] audit: type=1327 audit(1677113637.219:205): proctitle=2F7573722F62696E2F646F636B657264002D44
aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190
DEBU[2023-02-23T00:53:57.184741848Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/attach?stderr=1&stdout=1&stream=1
DEBU[2023-02-23T00:53:57.185112606Z] attach: stderr: begin
DEBU[2023-02-23T00:53:57.185130357Z] attach: stdout: begin
DEBU[2023-02-23T00:53:57.186340258Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/wait?condition=next-exit
DEBU[2023-02-23T00:53:57.188347802Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start
DEBU[2023-02-23T00:53:57.190864983Z] container mounted via layerStore: &{/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190
DEBU[2023-02-23T00:53:57.191993758Z] Assigning addresses for endpoint crazy_bell’s interface on network bridge
DEBU[2023-02-23T00:53:57.192083760Z] RequestAddress(LocalDefault/172.17.0.0/16, , map)
DEBU[2023-02-23T00:53:57.192149761Z] Request address PoolID:172.17.0.0/16 App: ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65533, Sequence: (0xc0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3 Serial:false PrefAddress:
ERRO[2023-02-23T00:53:57.192262764Z] failed to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.252893597Z] Assigning addresses for endpoint crazy_bell’s interface on network bridge
ERRO[2023-02-23T00:53:57.274329693Z] failed to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.294111754Z] Programming external connectivity on endpoint crazy_bell (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c)
ERRO[2023-02-23T00:53:57.299150489Z] failed [25846.962844] docker0: port 1(veth659d267) entered disabled state
to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.304933242Z] EnableService 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 START
DEBU[2023-02-23T00:53:57.305002118Z] Enabl[25846.996647] device veth659d267 left promiscuous mode
eService 4f926f032e0566c4dbdfbb02[25846.996686] docker0: port 1(veth659d267) entered disabled state
[25846.996703] audit: type=1700 audit(1677113637.488:206): dev=veth659d267 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
7787b42e6e19ef6e633864f09a4c9edbdb62d190 DONE
DEBU[2023-02-23T00:53:57.313909564Z] bundle dir created bundle=/var/run/docker/containerd/4f926f032e0566c4dbdfbb027787b42e6e19ef[25847.040986] audit: type=1300 audit(1677113637.488:206): arch=c00000b7 syscall=206 success=yes exit=32 a0=d a1=4000ccd240 a2=20 a3=0 items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” exe=“/usr/bin/dockerd” key=(null)
[25847.041004] audit: type=1327 audit(1677113637.488:206): proctitle=2F7573722F62696E2F646F636B657264002D44
6e633864f09a4c9edbdb62d190 module=libcontainerd namespace=moby root=/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged
ERRO[2023-02-23T00:53:57.445101824Z] stream copy error: reading from a closed fifo
ERRO[2023-02-23T00:53:57.445126200Z] stream copy error: reading from a closed fifo
DEBU[2023-02-23T00:53:57.445172451Z] attach: stderr: end
DEBU[2023-02-23T00:53:57.445174576Z] attach: stdout: end
DEBU[2023-02-23T00:53:57.445349705Z] attach done
DEBU[2023-02-23T00:53:57.469084602Z] Revoking external connectivity on endpoint crazy_bell (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c)
ERRO[2023-02-23T00:53:57.469206980Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
ERRO[2023-02-23T00:53:57.475388115Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
ERRO[2023-02-23T00:53:57.489002290Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.587904715Z] Releasing addresses for endpoint crazy_bell’s interface on network bridge
DEBU[2023-02-23T00:53:57.610361084Z] ReleaseAddress(LocalDefault/172.17.0.0/16, 172.17.0.2)
DEBU[2023-02-23T00:53:57.619890544Z] Released address PoolID:LocalDefault/172.17.0.0/16, Address:172.17.0.2 Sequence:App: ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65532, Sequence: (0xe0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3
ERRO[2023-02-23T00:53:57.659608292Z] 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 cleanup: failed to delete container from containerd: no such container
ERRO[2023-02-23T00:53:57.659718420Z] Handler for POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can’t get final child’s PID from pipe: EOF: unknown
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can’t get final child’s PID from pipe: EOF: unknown.
ERRO[0000] error waiting for container: context canceled




Regards

Simon

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

Hi Bruce,
I also observed that the docker daemon is not starting by default and if I launch it manually , it takes a long time to start. Am I missing any kernel modules?

Here is the o/p from "systemctl status docker.service".

root@imx8mpevk:~# systemctl status docker.service
* docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2023-02-25 22:19:54 UTC; 4min 10s ago
TriggeredBy: * docker.socket
Docs: https://docs.docker.com
Main PID: 423 (dockerd)
Tasks: 11 (limit: 5578)
Memory: 115.0M
CGroup: /system.slice/docker.service
`-423 /usr/bin/dockerd -H fd://

Feb 25 22:19:53 imx8mpevk dockerd[423]: time="2023-02-25T22:19:53.837738928Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: WARNING: Module br_netfilter not found in director...ror: exit status 1"

Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.071250923Z" level=warning msg="Could not load necessary modules for IPSEC rules: protocol not supported"
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.078250217Z" level=warning msg="Could not load necessary modules for Conntrack: Running modprobe nf_conntrack_netlink failed with message: `modprobe: WARNING: Module nf_...

Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.081471487Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.199132980Z" level=info msg="Loading containers: done."
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.296845346Z" level=info msg="Docker daemon" commit=906f57ff5b-unsupported graphdriver(s)=overlay2 version=20.10.12-ce
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.297236599Z" level=info msg="Daemon has completed initialization"
Feb 25 22:19:54 imx8mpevk systemd[1]: Started Docker Application Container Engine.
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.372354197Z" level=info msg="API listen on /run/docker.sock"
Feb 25 22:23:14 imx8mpevk dockerd[423]: time="2023-02-25T22:23:14.188738979Z" level=info msg="ignoring event" container=a973c205bf7c0e57450de3241767f39e4983b6b174e231e014159ed8ae220791 module=libcontainerd namespace...*events.TaskDelete"
Hint: Some lines were ellipsized, use -l to show in full.
root@imx8mpevk:~# Feb 25 22:19:53 imx8mpevk dockerd[423]: time="2023-02-25T22:19:53.837738928Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: WARNING: Module br_netfilter not found in director...ror: exit status 1"


Regards
Simon

On Fri, Feb 24, 2023 at 6:47 PM SIMON BABY via lists.yoctoproject.org <simonkbaby=gmail.com@...> wrote:

Hello Bruce,

Thank you for the inputs.


Yes, I use linux-yocto. The target linux version is below.



Linux imx8mpevk 5.15.32-rt39-lts-next+g2a8a193a07b4 #1 SMP PREEMPT_RT Tue Jun 7 02:34:46 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux



The layers used are in the link below.

https://source.codeaurora.org/external/imx/imx-manifest/tree/imx-5.15.32-2.0.0.xml?h=imx-linux-kirkstone



I tried to add IMAGE_INSTALL:append = " kernel-modules" in local.conf but it did not make any difference.



The docker version I am running on the target is 20.10.12-ce



Below is the error I am getting on the target.



root@imx8mpevk:~# docker run hello-world

[ 1359.005452] docker0: port 1(veth4dc9000) entered blocking state

[ 1359.005512] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.005921] device veth4dc9000 entered promiscuous mode

[ 1359.005994] audit: type=1700 audit(1677283528.914:37): dev=veth4dc9000 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295

[ 1359.013139] audit: type=1300 audit(1677283528.914:37): arch=c00000b7 syscall=206 success=yes exit=40 a0=e a1=4000ec0d50 a2=28 a3=0 items=0 ppid=1 pid=446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" key=(null)

[ 1359.013228] audit: type=1327 audit(1677283528.914:37): proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F

[ 1359.263483] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.298263] device veth4dc9000 left promiscuous mode

[ 1359.298305] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.298646] audit: type=1700 audit(1677283529.164:38): dev=veth4dc9000 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can't get final child's PID from pipe: EOF: unknown.

ERRO[0000] error waiting for container: context canceled







Also sending the local.conf and bblayers.conf file



local.conf:



MACHINE ??= 'imx8mpevk'

DISTRO ?= 'fsl-imx-wayland'

PACKAGE_CLASSES ?= 'package_rpm'

EXTRA_IMAGE_FEATURES ?= "debug-tweaks"

USER_CLASSES ?= "buildstats"

PATCHRESOLVE = "noop"

BB_DISKMON_DIRS ??= "\

STOPTASKS,${TMPDIR},1G,100K \

STOPTASKS,${DL_DIR},1G,100K \

STOPTASKS,${SSTATE_DIR},1G,100K \

STOPTASKS,/tmp,100M,100K \

HALT,${TMPDIR},100M,1K \

HALT,${DL_DIR},100M,1K \

HALT,${SSTATE_DIR},100M,1K \

HALT,/tmp,10M,1K"

PACKAGECONFIG:append:pn-qemu-system-native = " sdl"

CONF_VERSION = "2"



DL_DIR ?= "${BSPDIR}/downloads/"

ACCEPT_FSL_EULA = "1"



# Switch to Debian packaging and include package-management in the image

PACKAGE_CLASSES = "package_deb"

EXTRA_IMAGE_FEATURES += "package-management"

DISTRO_FEATURES:append = " virtualization"

IMAGE_INSTALL:append = " docker-ce"

IMAGE_INSTALL:append = " kernel-modules"



EXTRA_IMAGE_FEATURES = "debug-tweaks tools-profile"







bblayers.conf



LCONF_VERSION = "7"



BBPATH = "${TOPDIR}"

BSPDIR := ${@os.path.abspath(os.path.dirname(d.getVar('FILE', True)) + '/../..')}



BBFILES ?= ""

BBLAYERS = " \

${BSPDIR}/sources/poky/meta \

${BSPDIR}/sources/poky/meta-poky \

\

${BSPDIR}/sources/meta-openembedded/meta-oe \

${BSPDIR}/sources/meta-openembedded/meta-multimedia \

${BSPDIR}/sources/meta-openembedded/meta-python \

\

${BSPDIR}/sources/meta-freescale \

${BSPDIR}/sources/meta-freescale-3rdparty \

${BSPDIR}/sources/meta-freescale-distro \

"



# i.MX Yocto Project Release layers

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-bsp"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-sdk"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-ml"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-v2x"

#BBLAYERS += "${BSPDIR}/sources/meta-nxp-demo-experience"



#BBLAYERS += "${BSPDIR}/sources/meta-browser/meta-chromium"

#BBLAYERS += "${BSPDIR}/sources/meta-clang"

#BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-gnome"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems"

BBLAYERS += "${BSPDIR}/sources/meta-virtualization"

BBLAYERS += "${BSPDIR}/sources/meta-teledyne-wapng"

BBLAYERS += "${BSPDIR}/sources/meta-aws"



Regards

Simon


On Thu, Feb 23, 2023 at 12:03 PM Bruce Ashfield <bruce.ashfield@...> wrote:

On Wed, Feb 22, 2023 at 9:47 PM SIMON BABY <simonkbaby@...> wrote:

Hello Team,

Can I know what are the changes required in yocto to run docker and its dependencies on my target embedded system. I have added the below changes. Do I need more plugins and packages ?

bblayers.conf:



BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems"

BBLAYERS += "${BSPDIR}/sources/meta-virtualization"



local.conf:



DISTRO_FEATURES:append = " virtualization"

IMAGE_INSTALL:append = " docker-ce"

You likely are missing kernel configuration values required to run the
containers.

What kernel are you using (linux-yocto?), and are you on the master
branch of the layers ?

As you can see, it is working in my latest tests:

root@qemux86-64:~# docker --version
Docker version 23.0.1, build a5ee5b1dfc
root@qemux86-64:~# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
63b65145d645: Pull complete
Digest: sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
root@qemux86-64:~# docker run -it alpine /bin/sh
/ #

Try adding "kernel-modules" to your IMAGE_INSTALL, and see if that
makes a difference.

Bruce

WIth the above changes and tested on the target I am getting the below error when try to run "docker run hello-world"


root@imx8mpevk:~# docker run hello-world
DEBU[2023-02-23T00:53:57.064704083Z] Calling HEAD /_ping
DEBU[2023-02-23T00:53:57.068355788Z] Calling POST /v1.41/containers/create
DEBU[2023-02-23T00:53:57.069098805Z] form data: {“AttachStderr”:true,“AttachStdin”:false,“AttachStdout”:true,“Cmd”:null,“Domainname”:“”,“Entrypoint”:null,“Env”:null,“HostConfig”:{“AutoRemove”:false,“Binds”:null,“BlkioDeviceReadBps”:null,“BlkioDeviceReadIOps”:null,“BlkioDeviceWriteBps”:null,“BlkioDeviceWriteIOps”:null,“BlkioWeight”:0,“BlkioWeightDevice”:,“CapAdd”:null,“CapDrop”:null,“Cgroup”:“”,“CgroupParent”:“”,“CgroupnsMode”:“”,“ConsoleSize”:[0,0],“ContainerIDFile”:“”,“CpuCount”:0,“CpuPercent”:0,“CpuPeriod”:0,“CpuQuota”:0,“CpuRealtimePeriod”:0,“CpuRealtimeRuntime”:0,“CpuShares”:0,“CpusetCpus”:“”,“CpusetMems”:“”,“DeviceCgroupRules”:null,“DeviceRequests”:null,“Devices”:,“Dns”:,“DnsOptions”:,“DnsSearch”:,“ExtraHosts”:null,“GroupAdd”:null,“IOMaximumBandwidth”:0,“IOMaximumIOps”:0,“IpcMode”:“”,“Isolation”:“”,“KernelMemory”:0,“KernelMemoryTCP”:0,“Links”:null,“LogConfig”:{“Config”:{},“Type”:“”},“MaskedPaths”:null,“Memory”:0,“MemoryReservation”:0,“MemorySwap”:0,“MemorySwappiness”:-1,“NanoCpus”:0,“NetworkMode”:“default”,“OomKillDisable”:false,“OomScoreAdj”:0,“PidMode”:“”,“PidsLimit”:0,“PortBindings”:{},“Privileged”:false,“PublishAllPorts”:false,“ReadonlyPaths”:null,“ReadonlyRootfs”:false,“RestartPolicy”:{“MaximumRetryCount”:0,“Name”:“no”},“SecurityOpt”:null,“ShmSize”:0,“UTSMode”:“”,“Ulimits”:null,“UsernsMode”:“”,“VolumeDriver”:“”,“VolumesFrom”:null},“Hostname”:“”,“Image”:“hello-world”,“Labels”:{},“NetworkingConfig”:{“EndpointsConfig”:{}},“OnBuild”:null,“OpenStdin”:false,“Platform”:null,“StdinOnce”:false,“Tty”:false,“User”:“”,“Volumes”:{},“WorkingDir”:“”}
DEBU[25846.680992] docker0: port 1(veth659d267) entered blocking state
[25846.681041] docker0: port 1(veth659d267) entered disabled state
[2023-02-23T00:53:57.121358454Z] [25846.681312] device veth659d267 entered promiscuous mode
container mounted via layerStore:[25846.681392] audit: type=1700 audit(1677113637.219:205): dev=veth659d267 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
&{/var/lib/docker/overlay2/d664e[25846.683022] audit: type=1300 audit(1677113637.219:205): arch=c00000b7 syscall=206 success=yes exit=40 a0=d a1=4000c507b0 a2=28 a3=0 items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” exe=“/usr/bin/dockerd” key=(null)
7963d79b51cb1322f9995853ff56f54a3[25846.683091] audit: type=1327 audit(1677113637.219:205): proctitle=2F7573722F62696E2F646F636B657264002D44
aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190
DEBU[2023-02-23T00:53:57.184741848Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/attach?stderr=1&stdout=1&stream=1
DEBU[2023-02-23T00:53:57.185112606Z] attach: stderr: begin
DEBU[2023-02-23T00:53:57.185130357Z] attach: stdout: begin
DEBU[2023-02-23T00:53:57.186340258Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/wait?condition=next-exit
DEBU[2023-02-23T00:53:57.188347802Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start
DEBU[2023-02-23T00:53:57.190864983Z] container mounted via layerStore: &{/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190
DEBU[2023-02-23T00:53:57.191993758Z] Assigning addresses for endpoint crazy_bell’s interface on network bridge
DEBU[2023-02-23T00:53:57.192083760Z] RequestAddress(LocalDefault/172.17.0.0/16, , map)
DEBU[2023-02-23T00:53:57.192149761Z] Request address PoolID:172.17.0.0/16 App: ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65533, Sequence: (0xc0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3 Serial:false PrefAddress:
ERRO[2023-02-23T00:53:57.192262764Z] failed to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.252893597Z] Assigning addresses for endpoint crazy_bell’s interface on network bridge
ERRO[2023-02-23T00:53:57.274329693Z] failed to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.294111754Z] Programming external connectivity on endpoint crazy_bell (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c)
ERRO[2023-02-23T00:53:57.299150489Z] failed [25846.962844] docker0: port 1(veth659d267) entered disabled state
to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.304933242Z] EnableService 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 START
DEBU[2023-02-23T00:53:57.305002118Z] Enabl[25846.996647] device veth659d267 left promiscuous mode
eService 4f926f032e0566c4dbdfbb02[25846.996686] docker0: port 1(veth659d267) entered disabled state
[25846.996703] audit: type=1700 audit(1677113637.488:206): dev=veth659d267 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
7787b42e6e19ef6e633864f09a4c9edbdb62d190 DONE
DEBU[2023-02-23T00:53:57.313909564Z] bundle dir created bundle=/var/run/docker/containerd/4f926f032e0566c4dbdfbb027787b42e6e19ef[25847.040986] audit: type=1300 audit(1677113637.488:206): arch=c00000b7 syscall=206 success=yes exit=32 a0=d a1=4000ccd240 a2=20 a3=0 items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” exe=“/usr/bin/dockerd” key=(null)
[25847.041004] audit: type=1327 audit(1677113637.488:206): proctitle=2F7573722F62696E2F646F636B657264002D44
6e633864f09a4c9edbdb62d190 module=libcontainerd namespace=moby root=/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged
ERRO[2023-02-23T00:53:57.445101824Z] stream copy error: reading from a closed fifo
ERRO[2023-02-23T00:53:57.445126200Z] stream copy error: reading from a closed fifo
DEBU[2023-02-23T00:53:57.445172451Z] attach: stderr: end
DEBU[2023-02-23T00:53:57.445174576Z] attach: stdout: end
DEBU[2023-02-23T00:53:57.445349705Z] attach done
DEBU[2023-02-23T00:53:57.469084602Z] Revoking external connectivity on endpoint crazy_bell (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c)
ERRO[2023-02-23T00:53:57.469206980Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
ERRO[2023-02-23T00:53:57.475388115Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
ERRO[2023-02-23T00:53:57.489002290Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.587904715Z] Releasing addresses for endpoint crazy_bell’s interface on network bridge
DEBU[2023-02-23T00:53:57.610361084Z] ReleaseAddress(LocalDefault/172.17.0.0/16, 172.17.0.2)
DEBU[2023-02-23T00:53:57.619890544Z] Released address PoolID:LocalDefault/172.17.0.0/16, Address:172.17.0.2 Sequence:App: ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65532, Sequence: (0xe0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3
ERRO[2023-02-23T00:53:57.659608292Z] 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 cleanup: failed to delete container from containerd: no such container
ERRO[2023-02-23T00:53:57.659718420Z] Handler for POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can’t get final child’s PID from pipe: EOF: unknown
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can’t get final child’s PID from pipe: EOF: unknown.
ERRO[0000] error waiting for container: context canceled




Regards

Simon

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

Hi Bruce,
I have enabled some of the kernel flags. I am able to run the docker run command. But I see some logs when I run the command even though it is executed. I also observed that docker daemon is not starting by default after every reboot. Do we have any specific fix for this?

root@imx8mpevk:~# docker run hello-world
[ 271.841466] docker0: port 1(vethd66b82d) entered blocking state
[ 271.847462] docker0: port 1(vethd66b82d) entered disabled state
[ 271.853592] device vethd66b82d entered promiscuous mode
[ 271.858934] audit: type=1700 audit(1677436586.264:37): dev=vethd66b82d prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
[ 271.871031] audit: type=1300 audit(1677436586.264:37): arch=c00000b7 syscall=206 success=yes exit=40 a0=f a1=4000f54c90 a2=28 a3=0 items=0 ppid=1 pid=969 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" subj=kernel key=(null)
[ 271.898659] audit: type=1327 audit(1677436586.264:37): proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F
[ 272.315534] eth0: renamed from veth95a7c15
[ 272.326397] IPv6: ADDRCONF(NETDEV_CHANGE): vethd66b82d: link becomes ready
[ 272.333388] docker0: port 1(vethd66b82d) entered blocking state
[ 272.339340] docker0: port 1(vethd66b82d) entered forwarding state

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(arm64v8)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/get-started/

[ 272.466210] docker0: port 1(vethd66b82d) entered disabled state
[ 272.472523] veth95a7c15: renamed from eth0
[ 272.505514] docker0: port 1(vethd66b82d) entered disabled state
[ 272.513799] device vethd66b82d left promiscuous mode
[ 272.518809] docker0: port 1(vethd66b82d) entered disabled state
[ 272.518828] audit: type=1700 audit(1677436586.928:38): dev=vethd66b82d prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
[ 272.550854] audit: type=1300 audit(1677436586.928:38): arch=c00000b7 syscall=206 success=yes exit=32 a0=f a1=400014dfe0 a2=20 a3=0 items=0 ppid=1 pid=969 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" subj=kernel key=(null)
[ 272.578481] audit: type=1327 audit(1677436586.928:38): proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F


I have compared all the kernel configuration between my local ubuntu linux and the imx8 I am running. Below are all the kernel configuration set on my target for the docker to run (as per nxp manual)

root@imx8mpevk:~# sh kernel.sh
info: reading kernel config from /proc/config.gz ...

Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled (as module)
- CONFIG_BRIDGE: enabled
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
- CONFIG_NETFILTER_XT_MARK: enabled (as module)
- CONFIG_IP_NF_NAT: enabled
- CONFIG_NF_NAT: enabled
- CONFIG_POSIX_MQUEUE: enabled
- CONFIG_CGROUP_BPF: missing

Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_SECCOMP_FILTER: enabled
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_MEMCG_SWAP: enabled
(cgroup swap accounting is currently enabled)
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: enabled
- CONFIG_CGROUP_PERF: enabled
- CONFIG_CGROUP_HUGETLB: enabled
- CONFIG_NET_CLS_CGROUP: enabled (as module)
- CONFIG_CGROUP_NET_PRIO: enabled
- CONFIG_CFS_BANDWIDTH: enabled
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_RT_GROUP_SCHED: missing
- CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
- CONFIG_IP_VS: enabled (as module)
- CONFIG_IP_VS_NFCT: enabled
- CONFIG_IP_VS_PROTO_TCP: enabled
- CONFIG_IP_VS_PROTO_UDP: enabled
- CONFIG_IP_VS_RR: enabled (as module)
- CONFIG_SECURITY_SELINUX: enabled
- CONFIG_SECURITY_APPARMOR: enabled
- CONFIG_EXT3_FS: enabled
- CONFIG_EXT3_FS_XATTR: missing
- CONFIG_EXT3_FS_POSIX_ACL: missing
- CONFIG_EXT3_FS_SECURITY: missing
(enable these ext3 configs if you are using ext3 as backing filesystem)
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
- "overlay":
- CONFIG_VXLAN: enabled (as module)
- CONFIG_BRIDGE_VLAN_FILTERING: enabled
Optional (for encrypted networks):
- CONFIG_CRYPTO: enabled
- CONFIG_CRYPTO_AEAD: enabled
- CONFIG_CRYPTO_GCM: enabled
- CONFIG_CRYPTO_SEQIV: missing
- CONFIG_CRYPTO_GHASH: enabled
- CONFIG_XFRM: missing
- CONFIG_XFRM_USER: missing
- CONFIG_XFRM_ALGO: missing
- CONFIG_INET_ESP: missing
- "ipvlan":
- CONFIG_IPVLAN: enabled (as module)
- "macvlan":
- CONFIG_MACVLAN: enabled (as module)
- CONFIG_DUMMY: enabled (as module)
- "ftp,tftp client in container":
- CONFIG_NF_NAT_FTP: enabled (as module)
- CONFIG_NF_CONNTRACK_FTP: enabled (as module)
- CONFIG_NF_NAT_TFTP: enabled (as module)
- CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
- Storage Drivers:
- "aufs":
- CONFIG_AUFS_FS: missing
- "btrfs":
- CONFIG_BTRFS_FS: enabled (as module)
- CONFIG_BTRFS_FS_POSIX_ACL: enabled
- "devicemapper":
- CONFIG_BLK_DEV_DM: enabled (as module)
- CONFIG_DM_THIN_PROVISIONING: enabled (as module)
- "overlay":
- CONFIG_OVERLAY_FS: enabled (as module)
- "zfs":
- /dev/zfs: missing
- zfs command: missing
- zpool command: missing


Regards
Simon

On Sat, Feb 25, 2023 at 5:27 PM SIMON BABY via lists.yoctoproject.org <simonkbaby=gmail.com@...> wrote:

Thank you Bruce . I will do more research in that direction ( kernel configuration)

Regards
Simon

On Feb 25, 2023, at 5:20 PM, Bruce Ashfield <bruce.ashfield@...> wrote:

On Sat, Feb 25, 2023 at 5:35 PM SIMON BABY <simonkbaby@...> wrote:

Hi Bruce,
I also observed that the docker daemon is not starting by default and if I launch it manually , it takes a long time to start. Am I missing any kernel modules?

Here is the o/p from "systemctl status docker.service".

root@imx8mpevk:~# systemctl status docker.service
* docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2023-02-25 22:19:54 UTC; 4min 10s ago
TriggeredBy: * docker.socket
Docs: https://docs.docker.com
Main PID: 423 (dockerd)
Tasks: 11 (limit: 5578)
Memory: 115.0M
CGroup: /system.slice/docker.service
`-423 /usr/bin/dockerd -H fd://

Feb 25 22:19:53 imx8mpevk dockerd[423]: time="2023-02-25T22:19:53.837738928Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: WARNING: Module br_netfilter not found in director...ror: exit status 1"

The above error could be a missing module, or a missing iptables module.

Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.071250923Z" level=warning msg="Could not load necessary modules for IPSEC rules: protocol not supported"
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.078250217Z" level=warning msg="Could not load necessary modules for Conntrack: Running modprobe nf_conntrack_netlink failed with message: `modprobe: WARNING: Module nf_...

As does the above one.

so you definitely have missing configuration.

Bruce

Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.081471487Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.199132980Z" level=info msg="Loading containers: done."
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.296845346Z" level=info msg="Docker daemon" commit=906f57ff5b-unsupported graphdriver(s)=overlay2 version=20.10.12-ce
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.297236599Z" level=info msg="Daemon has completed initialization"
Feb 25 22:19:54 imx8mpevk systemd[1]: Started Docker Application Container Engine.
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.372354197Z" level=info msg="API listen on /run/docker.sock"
Feb 25 22:23:14 imx8mpevk dockerd[423]: time="2023-02-25T22:23:14.188738979Z" level=info msg="ignoring event" container=a973c205bf7c0e57450de3241767f39e4983b6b174e231e014159ed8ae220791 module=libcontainerd namespace...*events.TaskDelete"
Hint: Some lines were ellipsized, use -l to show in full.
root@imx8mpevk:~# Feb 25 22:19:53 imx8mpevk dockerd[423]: time="2023-02-25T22:19:53.837738928Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: WARNING: Module br_netfilter not found in director...ror: exit status 1"


Regards
Simon

On Fri, Feb 24, 2023 at 6:47 PM SIMON BABY via lists.yoctoproject.org <simonkbaby=gmail.com@...> wrote:

Hello Bruce,

Thank you for the inputs.


Yes, I use linux-yocto. The target linux version is below.



Linux imx8mpevk 5.15.32-rt39-lts-next+g2a8a193a07b4 #1 SMP PREEMPT_RT Tue Jun 7 02:34:46 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux



The layers used are in the link below.

https://source.codeaurora.org/external/imx/imx-manifest/tree/imx-5.15.32-2.0.0.xml?h=imx-linux-kirkstone



I tried to add IMAGE_INSTALL:append = " kernel-modules" in local.conf but it did not make any difference.



The docker version I am running on the target is 20.10.12-ce



Below is the error I am getting on the target.



root@imx8mpevk:~# docker run hello-world

[ 1359.005452] docker0: port 1(veth4dc9000) entered blocking state

[ 1359.005512] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.005921] device veth4dc9000 entered promiscuous mode

[ 1359.005994] audit: type=1700 audit(1677283528.914:37): dev=veth4dc9000 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295

[ 1359.013139] audit: type=1300 audit(1677283528.914:37): arch=c00000b7 syscall=206 success=yes exit=40 a0=e a1=4000ec0d50 a2=28 a3=0 items=0 ppid=1 pid=446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" key=(null)

[ 1359.013228] audit: type=1327 audit(1677283528.914:37): proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F

[ 1359.263483] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.298263] device veth4dc9000 left promiscuous mode

[ 1359.298305] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.298646] audit: type=1700 audit(1677283529.164:38): dev=veth4dc9000 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can't get final child's PID from pipe: EOF: unknown.

ERRO[0000] error waiting for container: context canceled







Also sending the local.conf and bblayers.conf file



local.conf:



MACHINE ??= 'imx8mpevk'

DISTRO ?= 'fsl-imx-wayland'

PACKAGE_CLASSES ?= 'package_rpm'

EXTRA_IMAGE_FEATURES ?= "debug-tweaks"

USER_CLASSES ?= "buildstats"

PATCHRESOLVE = "noop"

BB_DISKMON_DIRS ??= "\

STOPTASKS,${TMPDIR},1G,100K \

STOPTASKS,${DL_DIR},1G,100K \

STOPTASKS,${SSTATE_DIR},1G,100K \

STOPTASKS,/tmp,100M,100K \

HALT,${TMPDIR},100M,1K \

HALT,${DL_DIR},100M,1K \

HALT,${SSTATE_DIR},100M,1K \

HALT,/tmp,10M,1K"

PACKAGECONFIG:append:pn-qemu-system-native = " sdl"

CONF_VERSION = "2"



DL_DIR ?= "${BSPDIR}/downloads/"

ACCEPT_FSL_EULA = "1"



# Switch to Debian packaging and include package-management in the image

PACKAGE_CLASSES = "package_deb"

EXTRA_IMAGE_FEATURES += "package-management"

DISTRO_FEATURES:append = " virtualization"

IMAGE_INSTALL:append = " docker-ce"

IMAGE_INSTALL:append = " kernel-modules"



EXTRA_IMAGE_FEATURES = "debug-tweaks tools-profile"







bblayers.conf



LCONF_VERSION = "7"



BBPATH = "${TOPDIR}"

BSPDIR := ${@os.path.abspath(os.path.dirname(d.getVar('FILE', True)) + '/../..')}



BBFILES ?= ""

BBLAYERS = " \

${BSPDIR}/sources/poky/meta \

${BSPDIR}/sources/poky/meta-poky \

\

${BSPDIR}/sources/meta-openembedded/meta-oe \

${BSPDIR}/sources/meta-openembedded/meta-multimedia \

${BSPDIR}/sources/meta-openembedded/meta-python \

\

${BSPDIR}/sources/meta-freescale \

${BSPDIR}/sources/meta-freescale-3rdparty \

${BSPDIR}/sources/meta-freescale-distro \

"



# i.MX Yocto Project Release layers

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-bsp"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-sdk"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-ml"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-v2x"

#BBLAYERS += "${BSPDIR}/sources/meta-nxp-demo-experience"



#BBLAYERS += "${BSPDIR}/sources/meta-browser/meta-chromium"

#BBLAYERS += "${BSPDIR}/sources/meta-clang"

#BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-gnome"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems"

BBLAYERS += "${BSPDIR}/sources/meta-virtualization"

BBLAYERS += "${BSPDIR}/sources/meta-teledyne-wapng"

BBLAYERS += "${BSPDIR}/sources/meta-aws"



Regards

Simon


On Thu, Feb 23, 2023 at 12:03 PM Bruce Ashfield <bruce.ashfield@...> wrote:

On Wed, Feb 22, 2023 at 9:47 PM SIMON BABY <simonkbaby@...> wrote:

Hello Team,

Can I know what are the changes required in yocto to run docker and its dependencies on my target embedded system. I have added the below changes. Do I need more plugins and packages ?

bblayers.conf:



BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems"

BBLAYERS += "${BSPDIR}/sources/meta-virtualization"



local.conf:



DISTRO_FEATURES:append = " virtualization"

IMAGE_INSTALL:append = " docker-ce"

You likely are missing kernel configuration values required to run the
containers.

What kernel are you using (linux-yocto?), and are you on the master
branch of the layers ?

As you can see, it is working in my latest tests:

root@qemux86-64:~# docker --version
Docker version 23.0.1, build a5ee5b1dfc
root@qemux86-64:~# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
63b65145d645: Pull complete
Digest: sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
root@qemux86-64:~# docker run -it alpine /bin/sh
/ #

Try adding "kernel-modules" to your IMAGE_INSTALL, and see if that
makes a difference.

Bruce

WIth the above changes and tested on the target I am getting the below error when try to run "docker run hello-world"


root@imx8mpevk:~# docker run hello-world
DEBU[2023-02-23T00:53:57.064704083Z] Calling HEAD /_ping
DEBU[2023-02-23T00:53:57.068355788Z] Calling POST /v1.41/containers/create
DEBU[2023-02-23T00:53:57.069098805Z] form data: {“AttachStderr”:true,“AttachStdin”:false,“AttachStdout”:true,“Cmd”:null,“Domainname”:“”,“Entrypoint”:null,“Env”:null,“HostConfig”:{“AutoRemove”:false,“Binds”:null,“BlkioDeviceReadBps”:null,“BlkioDeviceReadIOps”:null,“BlkioDeviceWriteBps”:null,“BlkioDeviceWriteIOps”:null,“BlkioWeight”:0,“BlkioWeightDevice”:,“CapAdd”:null,“CapDrop”:null,“Cgroup”:“”,“CgroupParent”:“”,“CgroupnsMode”:“”,“ConsoleSize”:[0,0],“ContainerIDFile”:“”,“CpuCount”:0,“CpuPercent”:0,“CpuPeriod”:0,“CpuQuota”:0,“CpuRealtimePeriod”:0,“CpuRealtimeRuntime”:0,“CpuShares”:0,“CpusetCpus”:“”,“CpusetMems”:“”,“DeviceCgroupRules”:null,“DeviceRequests”:null,“Devices”:,“Dns”:,“DnsOptions”:,“DnsSearch”:,“ExtraHosts”:null,“GroupAdd”:null,“IOMaximumBandwidth”:0,“IOMaximumIOps”:0,“IpcMode”:“”,“Isolation”:“”,“KernelMemory”:0,“KernelMemoryTCP”:0,“Links”:null,“LogConfig”:{“Config”:{},“Type”:“”},“MaskedPaths”:null,“Memory”:0,“MemoryReservation”:0,“MemorySwap”:0,“MemorySwappiness”:-1,“NanoCpus”:0,“NetworkMode”:“default”,“OomKillDisable”:false,“OomScoreAdj”:0,“PidMode”:“”,“PidsLimit”:0,“PortBindings”:{},“Privileged”:false,“PublishAllPorts”:false,“ReadonlyPaths”:null,“ReadonlyRootfs”:false,“RestartPolicy”:{“MaximumRetryCount”:0,“Name”:“no”},“SecurityOpt”:null,“ShmSize”:0,“UTSMode”:“”,“Ulimits”:null,“UsernsMode”:“”,“VolumeDriver”:“”,“VolumesFrom”:null},“Hostname”:“”,“Image”:“hello-world”,“Labels”:{},“NetworkingConfig”:{“EndpointsConfig”:{}},“OnBuild”:null,“OpenStdin”:false,“Platform”:null,“StdinOnce”:false,“Tty”:false,“User”:“”,“Volumes”:{},“WorkingDir”:“”}
DEBU[25846.680992] docker0: port 1(veth659d267) entered blocking state
[25846.681041] docker0: port 1(veth659d267) entered disabled state
[2023-02-23T00:53:57.121358454Z] [25846.681312] device veth659d267 entered promiscuous mode
container mounted via layerStore:[25846.681392] audit: type=1700 audit(1677113637.219:205): dev=veth659d267 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
&{/var/lib/docker/overlay2/d664e[25846.683022] audit: type=1300 audit(1677113637.219:205): arch=c00000b7 syscall=206 success=yes exit=40 a0=d a1=4000c507b0 a2=28 a3=0 items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” exe=“/usr/bin/dockerd” key=(null)
7963d79b51cb1322f9995853ff56f54a3[25846.683091] audit: type=1327 audit(1677113637.219:205): proctitle=2F7573722F62696E2F646F636B657264002D44
aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190
DEBU[2023-02-23T00:53:57.184741848Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/attach?stderr=1&stdout=1&stream=1
DEBU[2023-02-23T00:53:57.185112606Z] attach: stderr: begin
DEBU[2023-02-23T00:53:57.185130357Z] attach: stdout: begin
DEBU[2023-02-23T00:53:57.186340258Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/wait?condition=next-exit
DEBU[2023-02-23T00:53:57.188347802Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start
DEBU[2023-02-23T00:53:57.190864983Z] container mounted via layerStore: &{/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190
DEBU[2023-02-23T00:53:57.191993758Z] Assigning addresses for endpoint crazy_bell’s interface on network bridge
DEBU[2023-02-23T00:53:57.192083760Z] RequestAddress(LocalDefault/172.17.0.0/16, , map)
DEBU[2023-02-23T00:53:57.192149761Z] Request address PoolID:172.17.0.0/16 App: ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65533, Sequence: (0xc0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3 Serial:false PrefAddress:
ERRO[2023-02-23T00:53:57.192262764Z] failed to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.252893597Z] Assigning addresses for endpoint crazy_bell’s interface on network bridge
ERRO[2023-02-23T00:53:57.274329693Z] failed to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.294111754Z] Programming external connectivity on endpoint crazy_bell (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c)
ERRO[2023-02-23T00:53:57.299150489Z] failed [25846.962844] docker0: port 1(veth659d267) entered disabled state
to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.304933242Z] EnableService 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 START
DEBU[2023-02-23T00:53:57.305002118Z] Enabl[25846.996647] device veth659d267 left promiscuous mode
eService 4f926f032e0566c4dbdfbb02[25846.996686] docker0: port 1(veth659d267) entered disabled state
[25846.996703] audit: type=1700 audit(1677113637.488:206): dev=veth659d267 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
7787b42e6e19ef6e633864f09a4c9edbdb62d190 DONE
DEBU[2023-02-23T00:53:57.313909564Z] bundle dir created bundle=/var/run/docker/containerd/4f926f032e0566c4dbdfbb027787b42e6e19ef[25847.040986] audit: type=1300 audit(1677113637.488:206): arch=c00000b7 syscall=206 success=yes exit=32 a0=d a1=4000ccd240 a2=20 a3=0 items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” exe=“/usr/bin/dockerd” key=(null)
[25847.041004] audit: type=1327 audit(1677113637.488:206): proctitle=2F7573722F62696E2F646F636B657264002D44
6e633864f09a4c9edbdb62d190 module=libcontainerd namespace=moby root=/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged
ERRO[2023-02-23T00:53:57.445101824Z] stream copy error: reading from a closed fifo
ERRO[2023-02-23T00:53:57.445126200Z] stream copy error: reading from a closed fifo
DEBU[2023-02-23T00:53:57.445172451Z] attach: stderr: end
DEBU[2023-02-23T00:53:57.445174576Z] attach: stdout: end
DEBU[2023-02-23T00:53:57.445349705Z] attach done
DEBU[2023-02-23T00:53:57.469084602Z] Revoking external connectivity on endpoint crazy_bell (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c)
ERRO[2023-02-23T00:53:57.469206980Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
ERRO[2023-02-23T00:53:57.475388115Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
ERRO[2023-02-23T00:53:57.489002290Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.587904715Z] Releasing addresses for endpoint crazy_bell’s interface on network bridge
DEBU[2023-02-23T00:53:57.610361084Z] ReleaseAddress(LocalDefault/172.17.0.0/16, 172.17.0.2)
DEBU[2023-02-23T00:53:57.619890544Z] Released address PoolID:LocalDefault/172.17.0.0/16, Address:172.17.0.2 Sequence:App: ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65532, Sequence: (0xe0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3
ERRO[2023-02-23T00:53:57.659608292Z] 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 cleanup: failed to delete container from containerd: no such container
ERRO[2023-02-23T00:53:57.659718420Z] Handler for POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can’t get final child’s PID from pipe: EOF: unknown
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can’t get final child’s PID from pipe: EOF: unknown.
ERRO[0000] error waiting for container: context canceled




Regards

Simon

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

Hello Bruce,

Of course, you won't always see the daemon running on startup, as
there are socket and other systemd triggers that will launch the
daemon when required (and it will continue to run after that).
Simon> The daemon is not starting by default after every boot. I need to type any docker command and wait for 2-3 minutes to get docker run.

If you add docker-ce-contrib (or docker-moby-contrib, depending on
what flavour you are building), one of the docker supplied scripts
will be installed to the target. You can use that to check the running
kernel configuration and look for issues.
Simon> yes I run the script check-config.sh and below is the o/p

Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: missing
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled (as module)
- CONFIG_BRIDGE: enabled
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
- CONFIG_NETFILTER_XT_MARK: enabled (as module)
- CONFIG_IP_NF_NAT: enabled
- CONFIG_NF_NAT: enabled
- CONFIG_POSIX_MQUEUE: enabled
- CONFIG_CGROUP_BPF: enabled

Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_SECCOMP_FILTER: enabled
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_MEMCG_SWAP: missing
(cgroup swap accounting is currently enabled)
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: enabled
- CONFIG_CGROUP_PERF: enabled
- CONFIG_CGROUP_HUGETLB: enabled
- CONFIG_NET_CLS_CGROUP: enabled (as module)
- CONFIG_CGROUP_NET_PRIO: enabled
- CONFIG_CFS_BANDWIDTH: enabled
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_RT_GROUP_SCHED: enabled
- CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
- CONFIG_IP_VS: enabled (as module)
- CONFIG_IP_VS_NFCT: enabled
- CONFIG_IP_VS_PROTO_TCP: enabled
- CONFIG_IP_VS_PROTO_UDP: enabled
- CONFIG_IP_VS_RR: enabled (as module)
- CONFIG_SECURITY_SELINUX: enabled
- CONFIG_SECURITY_APPARMOR: enabled
- CONFIG_EXT3_FS: enabled
- CONFIG_EXT3_FS_XATTR: missing
- CONFIG_EXT3_FS_POSIX_ACL: enabled
- CONFIG_EXT3_FS_SECURITY: enabled
(enable these ext3 configs if you are using ext3 as backing filesystem)
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
- "overlay":
- CONFIG_VXLAN: enabled (as module)
- CONFIG_BRIDGE_VLAN_FILTERING: enabled
Optional (for encrypted networks):
- CONFIG_CRYPTO: enabled
- CONFIG_CRYPTO_AEAD: enabled
- CONFIG_CRYPTO_GCM: enabled
- CONFIG_CRYPTO_SEQIV: enabled
- CONFIG_CRYPTO_GHASH: enabled
- CONFIG_XFRM: enabled
- CONFIG_XFRM_USER: enabled
- CONFIG_XFRM_ALGO: enabled
- CONFIG_INET_ESP: enabled
- "ipvlan":
- CONFIG_IPVLAN: enabled (as module)
- "macvlan":
- CONFIG_MACVLAN: enabled (as module)
- CONFIG_DUMMY: enabled (as module)
- "ftp,tftp client in container":
- CONFIG_NF_NAT_FTP: enabled (as module)
- CONFIG_NF_CONNTRACK_FTP: enabled (as module)
- CONFIG_NF_NAT_TFTP: enabled (as module)
- CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
- Storage Drivers:
- "aufs":
- CONFIG_AUFS_FS: missing
- "btrfs":
- CONFIG_BTRFS_FS: enabled (as module)
- CONFIG_BTRFS_FS_POSIX_ACL: enabled
- "devicemapper":
- CONFIG_BLK_DEV_DM: enabled (as module)
- CONFIG_DM_THIN_PROVISIONING: enabled (as module)
- "overlay":
- CONFIG_OVERLAY_FS: enabled (as module)
- "zfs":
- /dev/zfs: missing
- zfs command: missing
- zpool command: missing

You'll find that script at: /usr/share/docker/check-config.sh

On Mon, Feb 27, 2023 at 6:26 AM Bruce Ashfield <bruce.ashfield@...> wrote:

On Sun, Feb 26, 2023 at 1:42 PM SIMON BABY <simonkbaby@...> wrote:

Hi Bruce,
I have enabled some of the kernel flags. I am able to run the docker run command. But I see some logs when I run the command even though it is executed. I also observed that docker daemon is not starting by default after every reboot. Do we have any specific fix for this?

There's no specific fix for that, because it isn't broken in anything
that I've seen. docker starts fine on boot in all of my test cases.

Of course, you won't always see the daemon running on startup, as
there are socket and other systemd triggers that will launch the
daemon when required (and it will continue to run after that).

root@imx8mpevk:~# docker run hello-world
[ 271.841466] docker0: port 1(vethd66b82d) entered blocking state
[ 271.847462] docker0: port 1(vethd66b82d) entered disabled state
[ 271.853592] device vethd66b82d entered promiscuous mode
[ 271.858934] audit: type=1700 audit(1677436586.264:37): dev=vethd66b82d prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
[ 271.871031] audit: type=1300 audit(1677436586.264:37): arch=c00000b7 syscall=206 success=yes exit=40 a0=f a1=4000f54c90 a2=28 a3=0 items=0 ppid=1 pid=969 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" subj=kernel key=(null)
[ 271.898659] audit: type=1327 audit(1677436586.264:37): proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F
[ 272.315534] eth0: renamed from veth95a7c15
[ 272.326397] IPv6: ADDRCONF(NETDEV_CHANGE): vethd66b82d: link becomes ready
[ 272.333388] docker0: port 1(vethd66b82d) entered blocking state
[ 272.339340] docker0: port 1(vethd66b82d) entered forwarding state

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(arm64v8)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/get-started/

[ 272.466210] docker0: port 1(vethd66b82d) entered disabled state
[ 272.472523] veth95a7c15: renamed from eth0
[ 272.505514] docker0: port 1(vethd66b82d) entered disabled state
[ 272.513799] device vethd66b82d left promiscuous mode
[ 272.518809] docker0: port 1(vethd66b82d) entered disabled state
[ 272.518828] audit: type=1700 audit(1677436586.928:38): dev=vethd66b82d prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
[ 272.550854] audit: type=1300 audit(1677436586.928:38): arch=c00000b7 syscall=206 success=yes exit=32 a0=f a1=400014dfe0 a2=20 a3=0 items=0 ppid=1 pid=969 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" subj=kernel key=(null)
[ 272.578481] audit: type=1327 audit(1677436586.928:38): proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F


I have compared all the kernel configuration between my local ubuntu linux and the imx8 I am running. Below are all the kernel configuration set on my target for the docker to run (as per nxp manual)

If you add docker-ce-contrib (or docker-moby-contrib, depending on
what flavour you are building), one of the docker supplied scripts
will be installed to the target. You can use that to check the running
kernel configuration and look for issues.

You'll find that script at: /usr/share/docker/check-config.sh

Bruce

root@imx8mpevk:~# sh kernel.sh
info: reading kernel config from /proc/config.gz ...

Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled (as module)
- CONFIG_BRIDGE: enabled
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
- CONFIG_NETFILTER_XT_MARK: enabled (as module)
- CONFIG_IP_NF_NAT: enabled
- CONFIG_NF_NAT: enabled
- CONFIG_POSIX_MQUEUE: enabled
- CONFIG_CGROUP_BPF: missing

Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_SECCOMP_FILTER: enabled
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_MEMCG_SWAP: enabled
(cgroup swap accounting is currently enabled)
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: enabled
- CONFIG_CGROUP_PERF: enabled
- CONFIG_CGROUP_HUGETLB: enabled
- CONFIG_NET_CLS_CGROUP: enabled (as module)
- CONFIG_CGROUP_NET_PRIO: enabled
- CONFIG_CFS_BANDWIDTH: enabled
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_RT_GROUP_SCHED: missing
- CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
- CONFIG_IP_VS: enabled (as module)
- CONFIG_IP_VS_NFCT: enabled
- CONFIG_IP_VS_PROTO_TCP: enabled
- CONFIG_IP_VS_PROTO_UDP: enabled
- CONFIG_IP_VS_RR: enabled (as module)
- CONFIG_SECURITY_SELINUX: enabled
- CONFIG_SECURITY_APPARMOR: enabled
- CONFIG_EXT3_FS: enabled
- CONFIG_EXT3_FS_XATTR: missing
- CONFIG_EXT3_FS_POSIX_ACL: missing
- CONFIG_EXT3_FS_SECURITY: missing
(enable these ext3 configs if you are using ext3 as backing filesystem)
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
- "overlay":
- CONFIG_VXLAN: enabled (as module)
- CONFIG_BRIDGE_VLAN_FILTERING: enabled
Optional (for encrypted networks):
- CONFIG_CRYPTO: enabled
- CONFIG_CRYPTO_AEAD: enabled
- CONFIG_CRYPTO_GCM: enabled
- CONFIG_CRYPTO_SEQIV: missing
- CONFIG_CRYPTO_GHASH: enabled
- CONFIG_XFRM: missing
- CONFIG_XFRM_USER: missing
- CONFIG_XFRM_ALGO: missing
- CONFIG_INET_ESP: missing
- "ipvlan":
- CONFIG_IPVLAN: enabled (as module)
- "macvlan":
- CONFIG_MACVLAN: enabled (as module)
- CONFIG_DUMMY: enabled (as module)
- "ftp,tftp client in container":
- CONFIG_NF_NAT_FTP: enabled (as module)
- CONFIG_NF_CONNTRACK_FTP: enabled (as module)
- CONFIG_NF_NAT_TFTP: enabled (as module)
- CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
- Storage Drivers:
- "aufs":
- CONFIG_AUFS_FS: missing
- "btrfs":
- CONFIG_BTRFS_FS: enabled (as module)
- CONFIG_BTRFS_FS_POSIX_ACL: enabled
- "devicemapper":
- CONFIG_BLK_DEV_DM: enabled (as module)
- CONFIG_DM_THIN_PROVISIONING: enabled (as module)
- "overlay":
- CONFIG_OVERLAY_FS: enabled (as module)
- "zfs":
- /dev/zfs: missing
- zfs command: missing
- zpool command: missing


Regards
Simon

On Sat, Feb 25, 2023 at 5:27 PM SIMON BABY via lists.yoctoproject.org <simonkbaby=gmail.com@...> wrote:

Thank you Bruce . I will do more research in that direction ( kernel configuration)

Regards
Simon

On Feb 25, 2023, at 5:20 PM, Bruce Ashfield <bruce.ashfield@...> wrote:

On Sat, Feb 25, 2023 at 5:35 PM SIMON BABY <simonkbaby@...> wrote:

Hi Bruce,
I also observed that the docker daemon is not starting by default and if I launch it manually , it takes a long time to start. Am I missing any kernel modules?

Here is the o/p from "systemctl status docker.service".

root@imx8mpevk:~# systemctl status docker.service
* docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2023-02-25 22:19:54 UTC; 4min 10s ago
TriggeredBy: * docker.socket
Docs: https://docs.docker.com
Main PID: 423 (dockerd)
Tasks: 11 (limit: 5578)
Memory: 115.0M
CGroup: /system.slice/docker.service
`-423 /usr/bin/dockerd -H fd://

Feb 25 22:19:53 imx8mpevk dockerd[423]: time="2023-02-25T22:19:53.837738928Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: WARNING: Module br_netfilter not found in director...ror: exit status 1"

The above error could be a missing module, or a missing iptables module.

Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.071250923Z" level=warning msg="Could not load necessary modules for IPSEC rules: protocol not supported"
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.078250217Z" level=warning msg="Could not load necessary modules for Conntrack: Running modprobe nf_conntrack_netlink failed with message: `modprobe: WARNING: Module nf_...

As does the above one.

so you definitely have missing configuration.

Bruce

Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.081471487Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.199132980Z" level=info msg="Loading containers: done."
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.296845346Z" level=info msg="Docker daemon" commit=906f57ff5b-unsupported graphdriver(s)=overlay2 version=20.10.12-ce
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.297236599Z" level=info msg="Daemon has completed initialization"
Feb 25 22:19:54 imx8mpevk systemd[1]: Started Docker Application Container Engine.
Feb 25 22:19:54 imx8mpevk dockerd[423]: time="2023-02-25T22:19:54.372354197Z" level=info msg="API listen on /run/docker.sock"
Feb 25 22:23:14 imx8mpevk dockerd[423]: time="2023-02-25T22:23:14.188738979Z" level=info msg="ignoring event" container=a973c205bf7c0e57450de3241767f39e4983b6b174e231e014159ed8ae220791 module=libcontainerd namespace...*events.TaskDelete"
Hint: Some lines were ellipsized, use -l to show in full.
root@imx8mpevk:~# Feb 25 22:19:53 imx8mpevk dockerd[423]: time="2023-02-25T22:19:53.837738928Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: WARNING: Module br_netfilter not found in director...ror: exit status 1"


Regards
Simon

On Fri, Feb 24, 2023 at 6:47 PM SIMON BABY via lists.yoctoproject.org <simonkbaby=gmail.com@...> wrote:

Hello Bruce,

Thank you for the inputs.


Yes, I use linux-yocto. The target linux version is below.



Linux imx8mpevk 5.15.32-rt39-lts-next+g2a8a193a07b4 #1 SMP PREEMPT_RT Tue Jun 7 02:34:46 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux



The layers used are in the link below.

https://source.codeaurora.org/external/imx/imx-manifest/tree/imx-5.15.32-2.0.0.xml?h=imx-linux-kirkstone



I tried to add IMAGE_INSTALL:append = " kernel-modules" in local.conf but it did not make any difference.



The docker version I am running on the target is 20.10.12-ce



Below is the error I am getting on the target.



root@imx8mpevk:~# docker run hello-world

[ 1359.005452] docker0: port 1(veth4dc9000) entered blocking state

[ 1359.005512] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.005921] device veth4dc9000 entered promiscuous mode

[ 1359.005994] audit: type=1700 audit(1677283528.914:37): dev=veth4dc9000 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295

[ 1359.013139] audit: type=1300 audit(1677283528.914:37): arch=c00000b7 syscall=206 success=yes exit=40 a0=e a1=4000ec0d50 a2=28 a3=0 items=0 ppid=1 pid=446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" key=(null)

[ 1359.013228] audit: type=1327 audit(1677283528.914:37): proctitle=2F7573722F62696E2F646F636B657264002D480066643A2F2F

[ 1359.263483] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.298263] device veth4dc9000 left promiscuous mode

[ 1359.298305] docker0: port 1(veth4dc9000) entered disabled state

[ 1359.298646] audit: type=1700 audit(1677283529.164:38): dev=veth4dc9000 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can't get final child's PID from pipe: EOF: unknown.

ERRO[0000] error waiting for container: context canceled







Also sending the local.conf and bblayers.conf file



local.conf:



MACHINE ??= 'imx8mpevk'

DISTRO ?= 'fsl-imx-wayland'

PACKAGE_CLASSES ?= 'package_rpm'

EXTRA_IMAGE_FEATURES ?= "debug-tweaks"

USER_CLASSES ?= "buildstats"

PATCHRESOLVE = "noop"

BB_DISKMON_DIRS ??= "\

STOPTASKS,${TMPDIR},1G,100K \

STOPTASKS,${DL_DIR},1G,100K \

STOPTASKS,${SSTATE_DIR},1G,100K \

STOPTASKS,/tmp,100M,100K \

HALT,${TMPDIR},100M,1K \

HALT,${DL_DIR},100M,1K \

HALT,${SSTATE_DIR},100M,1K \

HALT,/tmp,10M,1K"

PACKAGECONFIG:append:pn-qemu-system-native = " sdl"

CONF_VERSION = "2"



DL_DIR ?= "${BSPDIR}/downloads/"

ACCEPT_FSL_EULA = "1"



# Switch to Debian packaging and include package-management in the image

PACKAGE_CLASSES = "package_deb"

EXTRA_IMAGE_FEATURES += "package-management"

DISTRO_FEATURES:append = " virtualization"

IMAGE_INSTALL:append = " docker-ce"

IMAGE_INSTALL:append = " kernel-modules"



EXTRA_IMAGE_FEATURES = "debug-tweaks tools-profile"







bblayers.conf



LCONF_VERSION = "7"



BBPATH = "${TOPDIR}"

BSPDIR := ${@os.path.abspath(os.path.dirname(d.getVar('FILE', True)) + '/../..')}



BBFILES ?= ""

BBLAYERS = " \

${BSPDIR}/sources/poky/meta \

${BSPDIR}/sources/poky/meta-poky \

\

${BSPDIR}/sources/meta-openembedded/meta-oe \

${BSPDIR}/sources/meta-openembedded/meta-multimedia \

${BSPDIR}/sources/meta-openembedded/meta-python \

\

${BSPDIR}/sources/meta-freescale \

${BSPDIR}/sources/meta-freescale-3rdparty \

${BSPDIR}/sources/meta-freescale-distro \

"



# i.MX Yocto Project Release layers

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-bsp"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-sdk"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-ml"

BBLAYERS += "${BSPDIR}/sources/meta-imx/meta-v2x"

#BBLAYERS += "${BSPDIR}/sources/meta-nxp-demo-experience"



#BBLAYERS += "${BSPDIR}/sources/meta-browser/meta-chromium"

#BBLAYERS += "${BSPDIR}/sources/meta-clang"

#BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-gnome"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems"

BBLAYERS += "${BSPDIR}/sources/meta-virtualization"

BBLAYERS += "${BSPDIR}/sources/meta-teledyne-wapng"

BBLAYERS += "${BSPDIR}/sources/meta-aws"



Regards

Simon


On Thu, Feb 23, 2023 at 12:03 PM Bruce Ashfield <bruce.ashfield@...> wrote:

On Wed, Feb 22, 2023 at 9:47 PM SIMON BABY <simonkbaby@...> wrote:

Hello Team,

Can I know what are the changes required in yocto to run docker and its dependencies on my target embedded system. I have added the below changes. Do I need more plugins and packages ?

bblayers.conf:



BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-networking"

BBLAYERS += "${BSPDIR}/sources/meta-openembedded/meta-filesystems"

BBLAYERS += "${BSPDIR}/sources/meta-virtualization"



local.conf:



DISTRO_FEATURES:append = " virtualization"

IMAGE_INSTALL:append = " docker-ce"

You likely are missing kernel configuration values required to run the
containers.

What kernel are you using (linux-yocto?), and are you on the master
branch of the layers ?

As you can see, it is working in my latest tests:

root@qemux86-64:~# docker --version
Docker version 23.0.1, build a5ee5b1dfc
root@qemux86-64:~# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
63b65145d645: Pull complete
Digest: sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
root@qemux86-64:~# docker run -it alpine /bin/sh
/ #

Try adding "kernel-modules" to your IMAGE_INSTALL, and see if that
makes a difference.

Bruce

WIth the above changes and tested on the target I am getting the below error when try to run "docker run hello-world"


root@imx8mpevk:~# docker run hello-world
DEBU[2023-02-23T00:53:57.064704083Z] Calling HEAD /_ping
DEBU[2023-02-23T00:53:57.068355788Z] Calling POST /v1.41/containers/create
DEBU[2023-02-23T00:53:57.069098805Z] form data: {“AttachStderr”:true,“AttachStdin”:false,“AttachStdout”:true,“Cmd”:null,“Domainname”:“”,“Entrypoint”:null,“Env”:null,“HostConfig”:{“AutoRemove”:false,“Binds”:null,“BlkioDeviceReadBps”:null,“BlkioDeviceReadIOps”:null,“BlkioDeviceWriteBps”:null,“BlkioDeviceWriteIOps”:null,“BlkioWeight”:0,“BlkioWeightDevice”:,“CapAdd”:null,“CapDrop”:null,“Cgroup”:“”,“CgroupParent”:“”,“CgroupnsMode”:“”,“ConsoleSize”:[0,0],“ContainerIDFile”:“”,“CpuCount”:0,“CpuPercent”:0,“CpuPeriod”:0,“CpuQuota”:0,“CpuRealtimePeriod”:0,“CpuRealtimeRuntime”:0,“CpuShares”:0,“CpusetCpus”:“”,“CpusetMems”:“”,“DeviceCgroupRules”:null,“DeviceRequests”:null,“Devices”:,“Dns”:,“DnsOptions”:,“DnsSearch”:,“ExtraHosts”:null,“GroupAdd”:null,“IOMaximumBandwidth”:0,“IOMaximumIOps”:0,“IpcMode”:“”,“Isolation”:“”,“KernelMemory”:0,“KernelMemoryTCP”:0,“Links”:null,“LogConfig”:{“Config”:{},“Type”:“”},“MaskedPaths”:null,“Memory”:0,“MemoryReservation”:0,“MemorySwap”:0,“MemorySwappiness”:-1,“NanoCpus”:0,“NetworkMode”:“default”,“OomKillDisable”:false,“OomScoreAdj”:0,“PidMode”:“”,“PidsLimit”:0,“PortBindings”:{},“Privileged”:false,“PublishAllPorts”:false,“ReadonlyPaths”:null,“ReadonlyRootfs”:false,“RestartPolicy”:{“MaximumRetryCount”:0,“Name”:“no”},“SecurityOpt”:null,“ShmSize”:0,“UTSMode”:“”,“Ulimits”:null,“UsernsMode”:“”,“VolumeDriver”:“”,“VolumesFrom”:null},“Hostname”:“”,“Image”:“hello-world”,“Labels”:{},“NetworkingConfig”:{“EndpointsConfig”:{}},“OnBuild”:null,“OpenStdin”:false,“Platform”:null,“StdinOnce”:false,“Tty”:false,“User”:“”,“Volumes”:{},“WorkingDir”:“”}
DEBU[25846.680992] docker0: port 1(veth659d267) entered blocking state
[25846.681041] docker0: port 1(veth659d267) entered disabled state
[2023-02-23T00:53:57.121358454Z] [25846.681312] device veth659d267 entered promiscuous mode
container mounted via layerStore:[25846.681392] audit: type=1700 audit(1677113637.219:205): dev=veth659d267 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
&{/var/lib/docker/overlay2/d664e[25846.683022] audit: type=1300 audit(1677113637.219:205): arch=c00000b7 syscall=206 success=yes exit=40 a0=d a1=4000c507b0 a2=28 a3=0 items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” exe=“/usr/bin/dockerd” key=(null)
7963d79b51cb1322f9995853ff56f54a3[25846.683091] audit: type=1327 audit(1677113637.219:205): proctitle=2F7573722F62696E2F646F636B657264002D44
aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190
DEBU[2023-02-23T00:53:57.184741848Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/attach?stderr=1&stdout=1&stream=1
DEBU[2023-02-23T00:53:57.185112606Z] attach: stderr: begin
DEBU[2023-02-23T00:53:57.185130357Z] attach: stdout: begin
DEBU[2023-02-23T00:53:57.186340258Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/wait?condition=next-exit
DEBU[2023-02-23T00:53:57.188347802Z] Calling POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start
DEBU[2023-02-23T00:53:57.190864983Z] container mounted via layerStore: &{/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged 0xaaaabdb0b060 0xaaaabdb0b060} container=4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190
DEBU[2023-02-23T00:53:57.191993758Z] Assigning addresses for endpoint crazy_bell’s interface on network bridge
DEBU[2023-02-23T00:53:57.192083760Z] RequestAddress(LocalDefault/172.17.0.0/16, , map)
DEBU[2023-02-23T00:53:57.192149761Z] Request address PoolID:172.17.0.0/16 App: ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65533, Sequence: (0xc0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3 Serial:false PrefAddress:
ERRO[2023-02-23T00:53:57.192262764Z] failed to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.252893597Z] Assigning addresses for endpoint crazy_bell’s interface on network bridge
ERRO[2023-02-23T00:53:57.274329693Z] failed to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.294111754Z] Programming external connectivity on endpoint crazy_bell (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c)
ERRO[2023-02-23T00:53:57.299150489Z] failed [25846.962844] docker0: port 1(veth659d267) entered disabled state
to set to initial namespace, readlink /proc/1551/task/1555/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.304933242Z] EnableService 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 START
DEBU[2023-02-23T00:53:57.305002118Z] Enabl[25846.996647] device veth659d267 left promiscuous mode
eService 4f926f032e0566c4dbdfbb02[25846.996686] docker0: port 1(veth659d267) entered disabled state
[25846.996703] audit: type=1700 audit(1677113637.488:206): dev=veth659d267 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
7787b42e6e19ef6e633864f09a4c9edbdb62d190 DONE
DEBU[2023-02-23T00:53:57.313909564Z] bundle dir created bundle=/var/run/docker/containerd/4f926f032e0566c4dbdfbb027787b42e6e19ef[25847.040986] audit: type=1300 audit(1677113637.488:206): arch=c00000b7 syscall=206 success=yes exit=32 a0=d a1=4000ccd240 a2=20 a3=0 items=0 ppid=409 pid=1551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttymxc1 ses=4294967295 comm=“dockerd” exe=“/usr/bin/dockerd” key=(null)
[25847.041004] audit: type=1327 audit(1677113637.488:206): proctitle=2F7573722F62696E2F646F636B657264002D44
6e633864f09a4c9edbdb62d190 module=libcontainerd namespace=moby root=/var/lib/docker/overlay2/d664e7963d79b51cb1322f9995853ff56f54a3aa2994ae5b99b3bcb65c33ec2f/merged
ERRO[2023-02-23T00:53:57.445101824Z] stream copy error: reading from a closed fifo
ERRO[2023-02-23T00:53:57.445126200Z] stream copy error: reading from a closed fifo
DEBU[2023-02-23T00:53:57.445172451Z] attach: stderr: end
DEBU[2023-02-23T00:53:57.445174576Z] attach: stdout: end
DEBU[2023-02-23T00:53:57.445349705Z] attach done
DEBU[2023-02-23T00:53:57.469084602Z] Revoking external connectivity on endpoint crazy_bell (1a86f3778b61204dcc7106bed28728a001028ba51f5c5fe731042007ec0ebd3c)
ERRO[2023-02-23T00:53:57.469206980Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
ERRO[2023-02-23T00:53:57.475388115Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
ERRO[2023-02-23T00:53:57.489002290Z] failed to set to initial namespace, readlink /proc/1551/task/1558/ns/net: no such file or directory, initns fd -1: bad file descriptor
DEBU[2023-02-23T00:53:57.587904715Z] Releasing addresses for endpoint crazy_bell’s interface on network bridge
DEBU[2023-02-23T00:53:57.610361084Z] ReleaseAddress(LocalDefault/172.17.0.0/16, 172.17.0.2)
DEBU[2023-02-23T00:53:57.619890544Z] Released address PoolID:LocalDefault/172.17.0.0/16, Address:172.17.0.2 Sequence:App: ipam/default/data, ID: LocalDefault/172.17.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65532, Sequence: (0xe0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3
ERRO[2023-02-23T00:53:57.659608292Z] 4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190 cleanup: failed to delete container from containerd: no such container
ERRO[2023-02-23T00:53:57.659718420Z] Handler for POST /v1.41/containers/4f926f032e0566c4dbdfbb027787b42e6e19ef6e633864f09a4c9edbdb62d190/start returned error: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can’t get final child’s PID from pipe: EOF: unknown
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can’t get final child’s PID from pipe: EOF: unknown.
ERRO[0000] error waiting for container: context canceled




Regards

Simon

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II