Where is docker.cfg file in rocko? #yocto #meta-virtualization


thitgahamtonghop@...
 
Edited

Hi,
So I am having problem running docker image. When I run command: docker run hello-world, this is the output:
docker: Error response from daemon: failed to create endpoint elastic_hypatia on network bridge: failed to add the host (vethf9c4250) <=> sandbox (vethc439d7e) pair interfaces: operation not supported.
ERRO[0000] error waiting for container: context canceled
So I suspect that the veth module is missing and as checking, I ran the check-config.sh script, and here is what I get
 
info: reading kernel config from /proc/config.gz ...
 
Generally Necessary:
- check-config.sh: line 159: [: missing `]'
check-config.sh: line 160: /sys/fs/cgroup/memory: Is a directory
cgroup hierarchy: single mountpoint! [/sys/fs/cgroup/memory]
    (see https://github.com/tianon/cgroupfs-mount)
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: missing
- CONFIG_BRIDGE: enabled (as module)
- CONFIG_BRIDGE_NETFILTER: enabled (as module)
- CONFIG_NF_NAT_IPV4: enabled (as module)
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: missing
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: missing
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: missing
- CONFIG_IP_NF_NAT: missing
- CONFIG_NF_NAT: enabled (as module)
- CONFIG_NF_NAT_NEEDED: enabled
- CONFIG_POSIX_MQUEUE: enabled
- CONFIG_DEVPTS_MULTIPLE_INSTANCES: missing
 
Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_CGROUP_PIDS: missing
- CONFIG_MEMCG_SWAP: enabled
- CONFIG_MEMCG_SWAP_ENABLED: enabled
    (cgroup swap accounting is currently enabled)
- CONFIG_LEGACY_VSYSCALL_EMULATE: enabled
- CONFIG_MEMCG_KMEM: enabled
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: missing
- CONFIG_IOSCHED_CFQ: enabled
- CONFIG_CFQ_GROUP_IOSCHED: missing
- CONFIG_CGROUP_PERF: missing
- CONFIG_CGROUP_HUGETLB: missing
- CONFIG_NET_CLS_CGROUP: enabled
- CONFIG_CGROUP_NET_PRIO: missing
- CONFIG_CFS_BANDWIDTH: missing
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_RT_GROUP_SCHED: enabled
- CONFIG_IP_VS: missing
- CONFIG_IP_VS_NFCT: missing
- CONFIG_IP_VS_RR: missing
- CONFIG_EXT3_FS: enabled
- CONFIG_EXT3_FS_XATTR: missing
- CONFIG_EXT3_FS_POSIX_ACL: enabled
- CONFIG_EXT3_FS_SECURITY: enabled
    (enable these ext3 configs if you are using ext3 as backing filesystem)
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
  - "overlay":
    - CONFIG_VXLAN: missing
      Optional (for encrypted networks):
      - CONFIG_CRYPTO: enabled
      - CONFIG_CRYPTO_AEAD: enabled
      - CONFIG_CRYPTO_GCM: enabled (as module)
      - CONFIG_CRYPTO_SEQIV: enabled (as module)
      - CONFIG_CRYPTO_GHASH: enabled (as module)
      - CONFIG_XFRM: enabled
      - CONFIG_XFRM_USER: enabled (as module)
      - CONFIG_XFRM_ALGO: enabled
      - CONFIG_INET_ESP: enabled (as module)
      - CONFIG_INET_XFRM_MODE_TRANSPORT: enabled
  - "ipvlan":
    - CONFIG_IPVLAN: missing
  - "macvlan":
    - CONFIG_MACVLAN: missing
    - CONFIG_DUMMY: enabled (as module)
  - "ftp,tftp client in container":
    - CONFIG_NF_NAT_FTP: enabled (as module)
    - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
    - CONFIG_NF_NAT_TFTP: enabled (as module)
    - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
- Storage Drivers:
  - "aufs":
    - CONFIG_AUFS_FS: enabled
  - "btrfs":
    - CONFIG_BTRFS_FS: enabled
    - CONFIG_BTRFS_FS_POSIX_ACL: enabled
  - "devicemapper":
    - CONFIG_BLK_DEV_DM: enabled
    - CONFIG_DM_THIN_PROVISIONING: missing
  - "overlay":
    - CONFIG_OVERLAY_FS: missing
  - "zfs":
    - /dev/zfs: missing
    - zfs command: missing
    - zpool command: missing
 
Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000
Even running modprobe veth showing that veth is not there:
modprobe: FATAL: Module veth not found in directory /lib/modules/4.4.113-yocto-standard
And here is the output of lxc-checkconfig
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: missing
 
--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
 
--- Misc ---
Veth pair device: missing
Macvlan: missing
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
FUSE (for use with lxcfs): enabled
 
--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities: enabled
 
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
After going around the internet, I found out that somebody had the same issue with me: https://marc.info/?l=openembedded-devel&m=154773496216135&w=2, and they also think that veth missing is the problem. And as suggestion, I added in my local.conf:
CORE_IMAGE_EXTRA_INSTALL += "kernel-modules docker"
But they also mentioned the actual solution is :
I found the issue.  The veth kernel parameter was not enabled.  Once I added
CONFIG_VETH=y to my docker.cfg file, I was able to successfully run a
docker container in my openembedded OS
So where could I do the same? I've used the rocko version and it doesn't have the linux/docker.cfg file? Or could I can create one by myself?

P/S:
I found in meta-virtualization/recipes-kernel/linux/linux-yocto/ the file docker.cfg, but there is no option as CONFIG_VETH, but in the file lxc.cfg, it exists and already 'y'. I don't really know what needed to actually used this. Why the veth module is not appeared?


Bruce Ashfield
 



On Wed, Jan 5, 2022 at 4:46 AM <thitgahamtonghop@...> wrote:
>
> [Edited Message Follows]
>
> Hi,
> So I am having problem running docker image. When I run command: docker run hello-world, this is the output:
>
> docker: Error response from daemon: failed to create endpoint elastic_hypatia on network bridge: failed to add the host (vethf9c4250) <=> sandbox (vethc439d7e) pair interfaces: operation not supported.
> ERRO[0000] error waiting for container: context canceled
>
> So I suspect that the veth module is missing and as checking, I ran the check-config.sh script, and here is what I get
>
>  
> info: reading kernel config from /proc/config.gz ...
>  
> Generally Necessary:
> - check-config.sh: line 159: [: missing `]'
> check-config.sh: line 160: /sys/fs/cgroup/memory: Is a directory
> cgroup hierarchy: single mountpoint! [/sys/fs/cgroup/memory]
>     (see https://github.com/tianon/cgroupfs-mount)
> - CONFIG_NAMESPACES: enabled
> - CONFIG_NET_NS: enabled
> - CONFIG_PID_NS: enabled
> - CONFIG_IPC_NS: enabled
> - CONFIG_UTS_NS: enabled
> - CONFIG_CGROUPS: enabled
> - CONFIG_CGROUP_CPUACCT: enabled
> - CONFIG_CGROUP_DEVICE: enabled
> - CONFIG_CGROUP_FREEZER: enabled
> - CONFIG_CGROUP_SCHED: enabled
> - CONFIG_CPUSETS: enabled
> - CONFIG_MEMCG: enabled
> - CONFIG_KEYS: enabled
> - CONFIG_VETH: missing
> - CONFIG_BRIDGE: enabled (as module)
> - CONFIG_BRIDGE_NETFILTER: enabled (as module)
> - CONFIG_NF_NAT_IPV4: enabled (as module)
> - CONFIG_IP_NF_FILTER: enabled (as module)
> - CONFIG_IP_NF_TARGET_MASQUERADE: missing
> - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: missing
> - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
> - CONFIG_NETFILTER_XT_MATCH_IPVS: missing
> - CONFIG_IP_NF_NAT: missing
> - CONFIG_NF_NAT: enabled (as module)
> - CONFIG_NF_NAT_NEEDED: enabled
> - CONFIG_POSIX_MQUEUE: enabled
> - CONFIG_DEVPTS_MULTIPLE_INSTANCES: missing
>  
> Optional Features:
> - CONFIG_USER_NS: enabled
> - CONFIG_SECCOMP: enabled
> - CONFIG_CGROUP_PIDS: missing
> - CONFIG_MEMCG_SWAP: enabled
> - CONFIG_MEMCG_SWAP_ENABLED: enabled
>     (cgroup swap accounting is currently enabled)
> - CONFIG_LEGACY_VSYSCALL_EMULATE: enabled
> - CONFIG_MEMCG_KMEM: enabled
> - CONFIG_BLK_CGROUP: enabled
> - CONFIG_BLK_DEV_THROTTLING: missing
> - CONFIG_IOSCHED_CFQ: enabled
> - CONFIG_CFQ_GROUP_IOSCHED: missing
> - CONFIG_CGROUP_PERF: missing
> - CONFIG_CGROUP_HUGETLB: missing
> - CONFIG_NET_CLS_CGROUP: enabled
> - CONFIG_CGROUP_NET_PRIO: missing
> - CONFIG_CFS_BANDWIDTH: missing
> - CONFIG_FAIR_GROUP_SCHED: enabled
> - CONFIG_RT_GROUP_SCHED: enabled
> - CONFIG_IP_VS: missing
> - CONFIG_IP_VS_NFCT: missing
> - CONFIG_IP_VS_RR: missing
> - CONFIG_EXT3_FS: enabled
> - CONFIG_EXT3_FS_XATTR: missing
> - CONFIG_EXT3_FS_POSIX_ACL: enabled
> - CONFIG_EXT3_FS_SECURITY: enabled
>     (enable these ext3 configs if you are using ext3 as backing filesystem)
> - CONFIG_EXT4_FS: enabled
> - CONFIG_EXT4_FS_POSIX_ACL: enabled
> - CONFIG_EXT4_FS_SECURITY: enabled
> - Network Drivers:
>   - "overlay":
>     - CONFIG_VXLAN: missing
>       Optional (for encrypted networks):
>       - CONFIG_CRYPTO: enabled
>       - CONFIG_CRYPTO_AEAD: enabled
>       - CONFIG_CRYPTO_GCM: enabled (as module)
>       - CONFIG_CRYPTO_SEQIV: enabled (as module)
>       - CONFIG_CRYPTO_GHASH: enabled (as module)
>       - CONFIG_XFRM: enabled
>       - CONFIG_XFRM_USER: enabled (as module)
>       - CONFIG_XFRM_ALGO: enabled
>       - CONFIG_INET_ESP: enabled (as module)
>       - CONFIG_INET_XFRM_MODE_TRANSPORT: enabled
>   - "ipvlan":
>     - CONFIG_IPVLAN: missing
>   - "macvlan":
>     - CONFIG_MACVLAN: missing
>     - CONFIG_DUMMY: enabled (as module)
>   - "ftp,tftp client in container":
>     - CONFIG_NF_NAT_FTP: enabled (as module)
>     - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
>     - CONFIG_NF_NAT_TFTP: enabled (as module)
>     - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
> - Storage Drivers:
>   - "aufs":
>     - CONFIG_AUFS_FS: enabled
>   - "btrfs":
>     - CONFIG_BTRFS_FS: enabled
>     - CONFIG_BTRFS_FS_POSIX_ACL: enabled
>   - "devicemapper":
>     - CONFIG_BLK_DEV_DM: enabled
>     - CONFIG_DM_THIN_PROVISIONING: missing
>   - "overlay":
>     - CONFIG_OVERLAY_FS: missing
>   - "zfs":
>     - /dev/zfs: missing
>     - zfs command: missing
>     - zpool command: missing
>  
> Limits:
> - /proc/sys/kernel/keys/root_maxkeys: 1000000
>
> Even running modprobe veth showing that veth is not there:
>
> modprobe: FATAL: Module veth not found in directory /lib/modules/4.4.113-yocto-standard
>
> And here is the output of lxc-checkconfig
>
> --- Namespaces ---
> Namespaces: enabled
> Utsname namespace: enabled
> Ipc namespace: enabled
> Pid namespace: enabled
> User namespace: enabled
> Network namespace: enabled
> Multiple /dev/pts instances: missing
>  
> --- Control groups ---
> Cgroup: enabled
> Cgroup clone_children flag: enabled
> Cgroup device: enabled
> Cgroup sched: enabled
> Cgroup cpu account: enabled
> Cgroup memory controller: enabled
> Cgroup cpuset: enabled
>  
> --- Misc ---
> Veth pair device: missing
> Macvlan: missing
> Vlan: enabled
> Bridges: enabled
> Advanced netfilter: enabled
> CONFIG_NF_NAT_IPV4: enabled
> CONFIG_NF_NAT_IPV6: missing
> CONFIG_IP_NF_TARGET_MASQUERADE: missing
> CONFIG_IP6_NF_TARGET_MASQUERADE: missing
> CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
> FUSE (for use with lxcfs): enabled
>  
> --- Checkpoint/Restore ---
> checkpoint restore: missing
> CONFIG_FHANDLE: enabled
> CONFIG_EVENTFD: enabled
> CONFIG_EPOLL: enabled
> CONFIG_UNIX_DIAG: missing
> CONFIG_INET_DIAG: enabled
> CONFIG_PACKET_DIAG: missing
> CONFIG_NETLINK_DIAG: missing
> File capabilities: enabled
>  
> Note : Before booting a new kernel, you can check its configuration
> usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
>
> After going around the internet, I found out that somebody had the same issue with me: https://marc.info/?l=openembedded-devel&m=154773496216135&w=2, and they also think that veth missing is the problem. And as suggestion, I added in my local.conf:
> CORE_IMAGE_EXTRA_INSTALL += "kernel-modules docker"
> But they also mentioned the actual solution is :
>
> I found the issue.  The veth kernel parameter was not enabled.  Once I added
> CONFIG_VETH=y to my docker.cfg file, I was able to successfully run a
> docker container in my openembedded OS
>
> So where could I do the same? I've used the rocko version and it doesn't have the linux/docker.cfg file? Or could I can create one by myself?
>
> P/S:
> I found in meta-virtualization/recipes-kernel/linux/linux-yocto/ the file docker.cfg, but there is no option as CONFIG_VETH, but in the file lxc.cfg, it exists and already 'y'. I don't really know what needed to actually used this. Why the veth module is not appeared?
>

Correct. Similar fragments did exist in the rocko timeframe, but if you are looking for docker support .. a newer (and supported) release is highly recommended.

Using the fragments depends on your kernel provider. 

If it is linux yocto, then there is a .inc file in the layer that is enabled whenever virtualization is in the DISTRO_FEATURES. That .inc file adds the fragments to the linux-yocto SRC_URI, and the options will be enabled (https://git.yoctoproject.org/meta-virtualization/tree/recipes-kernel/linux/linux-yocto_virtualization.inc?h=rocko)

If your kernel provider is linux-yocto based (i.e. it supports fragments), then you could individually add the fragments via KERNEL_FEATURES (check the yocto docs for details).

And finally, if you do have CONFIG_VETH enabled as a module (versus built in), you'd also need to make sure the specific kernel module package is installed to your image, or all modules are installed (via the kernel-modules package that you have mentioned above).

Bruce



>
>


--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II