[wip] Update containerd runtime to v1.2.0 by thaJeztah · Pull Request #37932 · moby/moby

thaJeztah · 2018-09-28T09:28:25Z

Updated to v1.2.0. (c4446665cb9c30056f4998ed953e6d4ff22c7c39)

changes since the last bump: containerd/containerd@4055185...v1.2.0

bugfix: return the context error during event subscribe containerd/containerd#2742 bugfix: return the context error during event subscribe
runtime-v2: add validation for runtime name containerd/containerd#2729 runtime-v2: add validation for runtime name
Update cri to f913714917d2456d7e65a0be84962b1ce8acb487. containerd/containerd#2741 Update cri to f913714917d2456d7e65a0be84962b1ce8acb487
- fixes Use Authorizer for image registry auth containerd/cri#942 Use Authorizer for image registry auth
- fixes IPAM IP leakage containerd/cri#948 IPAM IP leakage
- Support runtime type specific configuration.

updated to current master, which should be pretty close to v1.2.0 GA (not tagged yet), and includes the fix for the failures here;

diff since v1.2.0-rc.2: containerd/containerd@v1.2.0-rc.2...4055185

Update runc to 58592df56734acf62e574865fe40b9e53e containerd/containerd#2724 Update runc to 58592df56734acf62e574865fe40b9e53e
enhance: split config from server package containerd/containerd#2725 enhance: split config from server package
allow idempotence when adding a task to cgroup metrics collection containerd/containerd#2727 allow idempotence when adding a task to cgroup metrics collection

release notes: https://github.com/containerd/containerd/releases/tag/v1.2.0-rc.2

full diff since rc.1: containerd/containerd@v1.2.0-rc.1...v1.2.0-rc.2

Possibly relevant changes;

ctr: add some metric item containerd/containerd#2721 add memory limit, pid info into metric subcommand
Fix writer deadlock in local store containerd/containerd#2714 Fix writer deadlock in local store
Fix stress test for image config opt requirements containerd/containerd#2720 Fix stress test for image config opt requirements
bugfix: cache empty layer for docker schema1 image containerd/containerd#2691 bugfix: cache empty layer for docker schema1 image
Set uncompressed label on diff when already exists containerd/containerd#2717 Set uncompressed label on diff when already exists
Update cri to 8506fe836677cc3bb23a16b68145128243d843b5. containerd/containerd#2702 Update cri to 8506fe836677cc3bb23a16b68145128243d843b5
decode spec in ctr c info containerd/containerd#2688 decode spec in ctr c info

full diff since rc.0: containerd/containerd@v1.2.0-rc.0...v1.2.0-rc.1

New V2 Runtime with a stable gRPC interface for managing containers through
external shims.
Updated CRI Plugin, validated against Kubernetes v1.11 and v1.12, but it is
also compatible with Kubernetes v1.10.
Support for Kubernetes Runtime Class, introduced in Kubernetes 1.12
A new proxy plugin configuration has been added to allow external
snapshotters be connected to containerd using gRPC.-
A new Install method on the containerd client allows users to publish host
level binaries using standard container build tooling and container
distribution tooling to download containerd related binaries on their systems.
Add support for cleaning up leases and content ingests to garbage collections.
Improved multi-arch image support using more precise matching and ranking
Some Minor API additions

thaJeztah · 2018-09-28T09:29:15Z

ping @dmcgowan @vdemeester @crosbymichael @kolyshkin PTAL

vdemeester

LGTM 🐸

thaJeztah · 2018-10-03T11:14:33Z

Ok; looks like this is actually failing:

Janky timed out;

11:31:34 Build timed out (after 200 minutes). Marking the build as failed.
11:31:34 Build timed out (after 200 minutes). Marking the build as aborted.
11:31:34 Set build name.
11:31:34 New build name is '#37932'
11:31:34 Build was aborted

Experimental https://jenkins.dockerproject.org/job/Docker-PRs-experimental/42382/console

08:30:41 --- FAIL: TestContainerStartOnDaemonRestart (2.34s)
08:30:41     daemon.go:292: [d597195c12a96] waiting for daemon to start
08:30:41     daemon.go:324: [d597195c12a96] daemon started
08:30:41     daemon.go:292: [d597195c12a96] waiting for daemon to start
08:30:41     daemon.go:324: [d597195c12a96] daemon started
08:30:41     daemon_linux_test.go:65: assertion failed: error is not nil: Error response from daemon: monitor task: cgroup is already being collected: unknown: failed to start test container
08:30:41     daemon.go:282: [d597195c12a96] exiting daemon

PowerPC; same failure: https://jenkins.dockerproject.org/job/Docker-PRs-powerpc/11578/console

13:36:44 --- FAIL: TestContainerStartOnDaemonRestart (4.19s)
13:36:44     daemon.go:291: [dec29adbcc719] waiting for daemon to start
13:36:44     daemon.go:323: [dec29adbcc719] daemon started
13:36:44     daemon.go:291: [dec29adbcc719] waiting for daemon to start
13:36:44     daemon.go:323: [dec29adbcc719] daemon started
13:36:44     daemon_linux_test.go:65: assertion failed: error is not nil: Error response from daemon: monitor task: cgroup is already being collected: unknown: failed to start test container
13:36:44     daemon.go:281: [dec29adbcc719] exiting daemon

Z; same failure; https://jenkins.dockerproject.org/job/Docker-PRs-s390x/11444/console

09:45:49 --- FAIL: TestContainerStartOnDaemonRestart (2.94s)
09:45:49     daemon.go:291: [d4f1dc69ce69b] waiting for daemon to start
09:45:49     daemon.go:323: [d4f1dc69ce69b] daemon started
09:45:49     daemon.go:291: [d4f1dc69ce69b] waiting for daemon to start
09:45:49     daemon.go:323: [d4f1dc69ce69b] daemon started
09:45:49     daemon_linux_test.go:65: assertion failed: error is not nil: Error response from daemon: monitor task: cgroup is already being collected: unknown: failed to start test container
09:45:49     daemon.go:281: [d4f1dc69ce69b] exiting daemon

thaJeztah · 2018-10-03T11:15:59Z

I see the same failure was happening on my old PR; #37710 (comment)

thaJeztah · 2018-10-03T11:17:27Z

Error originates from this part in containerd; https://github.com/containerd/containerd/blob/94cfce62ba9eabb58417cb5a663dc7a9feb68c07/metrics/cgroups/metrics.go#L135-L148

thaJeztah · 2018-10-03T15:23:47Z

ping @tiborvass perhaps you have any idea? (you ran into the same test a while back)

AkihiroSuda · 2018-10-04T03:28:43Z

rc1 is available now

codecov · 2018-10-04T12:02:19Z

Codecov Report

❗ No coverage uploaded for pull request base (master@a5e2dd2). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master   #37932   +/-   ##
=========================================
  Coverage          ?   36.11%           
=========================================
  Files             ?      610           
  Lines             ?    45216           
  Branches          ?        0           
=========================================
  Hits              ?    16328           
  Misses            ?    26649           
  Partials          ?     2239

thaJeztah · 2018-10-05T10:41:02Z

Rebased on #37710, to see if that fixes the problem

thaJeztah · 2018-10-05T11:46:45Z

Ok that didn't help; still failing on the same.

Here's from an earlier run (without the containerd client bump);

time="2018-10-04T15:47:40.101249463Z" level=info msg="API listen on /tmp/docker-integration/d5e35f489c854.sock"
time="2018-10-04T15:47:40.104573736Z" level=debug msg="Calling GET /_ping"
time="2018-10-04T15:47:40.106633678Z" level=debug msg="Calling GET /info"
time="2018-10-04T15:47:40.134842186Z" level=debug msg="Calling POST /v1.39/containers/a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9/start"
time="2018-10-04T15:47:40.136141754Z" level=debug msg="container mounted via layerStore: &{/go/src/github.com/docker/docker/bundles/test-integration/d5e35f489c854/root/overlay2/0d5167e2a76dd9b0260451a03173c3bd5f0ae0eb8819ac532842621bda76ab08/merged 0x563118c264c0 0x563118c264c0}"
time="2018-10-04T15:47:40.136561020Z" level=debug msg="Assigning addresses for endpoint naughty_chatelet's interface on network bridge"
time="2018-10-04T15:47:40.136592480Z" level=debug msg="RequestAddress(LocalDefault/172.18.0.0/16, <nil>, map[])"
time="2018-10-04T15:47:40.136624967Z" level=debug msg="Request address PoolID:172.18.0.0/16 App: ipam/default/data, ID: LocalDefault/172.18.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65533, Sequence: (0xc0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:0 Serial:false PrefAddress:<nil> "
time="2018-10-04T15:47:40.139394140Z" level=debug msg="Assigning addresses for endpoint naughty_chatelet's interface on network bridge"
time="2018-10-04T15:47:40.142740759Z" level=debug msg="Programming external connectivity on endpoint naughty_chatelet (0ed72fa5797217710c9f61181d783182620e48bdde18e5642d525144c9e9b008)"
time="2018-10-04T15:47:40.143331099Z" level=debug msg="EnableService a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9 START"
time="2018-10-04T15:47:40.143356155Z" level=debug msg="EnableService a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9 DONE"
time="2018-10-04T15:47:40.145770162Z" level=debug msg="bundle dir created" bundle=/tmp/dxr/d5e35f489c854/containerd/a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9 module=libcontainerd namespace=moby root=/go/src/github.com/docker/docker/bundles/test-integration/d5e35f489c854/root/overlay2/0d5167e2a76dd9b0260451a03173c3bd5f0ae0eb8819ac532842621bda76ab08/merged
time="2018-10-04T15:47:40.399479908Z" level=debug msg="sandbox set key processing took 110.297666ms for container a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9"
time="2018-10-04T15:47:40.506001325Z" level=debug msg=event module=libcontainerd namespace=moby topic=/tasks/create
time="2018-10-04T15:47:40.506504381Z" level=error msg="stream copy error: read /proc/self/fd/19: file already closed"
time="2018-10-04T15:47:40.506573964Z" level=error msg="stream copy error: read /proc/self/fd/20: file already closed"
time="2018-10-04T15:47:40.518577066Z" level=error msg="failed to delete failed start container" container=a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9 error="cannot delete running task a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9: failed precondition"
time="2018-10-04T15:47:40.523188576Z" level=debug msg="Revoking external connectivity on endpoint naughty_chatelet (0ed72fa5797217710c9f61181d783182620e48bdde18e5642d525144c9e9b008)"
time="2018-10-04T15:47:40.523741694Z" level=debug msg="DeleteConntrackEntries purged ipv4:0, ipv6:0"
time="2018-10-04T15:47:40.615004148Z" level=debug msg="Releasing addresses for endpoint naughty_chatelet's interface on network bridge"
time="2018-10-04T15:47:40.615059361Z" level=debug msg="ReleaseAddress(LocalDefault/172.18.0.0/16, 172.18.0.2)"
time="2018-10-04T15:47:40.615096593Z" level=debug msg="Released address PoolID:LocalDefault/172.18.0.0/16, Address:172.18.0.2 Sequence:App: ipam/default/data, ID: LocalDefault/172.18.0.0/16, DBIndex: 0x0, Bits: 65536, Unselected: 65532, Sequence: (0xe0000000, 1)->(0x0, 2046)->(0x1, 1)->end Curr:3"
time="2018-10-04T15:47:40.678451004Z" level=error msg="a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9 cleanup: failed to delete container from containerd: cannot delete running task a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9: failed precondition"
time="2018-10-04T15:47:40.678545724Z" level=error msg="Handler for POST /v1.39/containers/a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9/start returned error: monitor task: cgroup is already being collected: unknown"
time="2018-10-04T15:47:40.680743288Z" level=debug msg="Calling DELETE /v1.39/containers/a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9?force=1"
time="2018-10-04T15:47:40.689905866Z" level=info msg="Processing signal 'interrupt'"
time="2018-10-04T15:47:40.690034120Z" level=debug msg="daemon configured with a 15 seconds minimum shutdown timeout"
time="2018-10-04T15:47:40.690170179Z" level=debug msg="start clean shutdown of all containers with a 15 seconds timeout..."
time="2018-10-04T15:47:40.691324619Z" level=debug msg="Unix socket /tmp/dxr/d5e35f489c854/libnetwork/2d75bb866ce6b3a84b0c820e460c478f65245b97baadaf1e08c7383aa5fcbe97.sock doesn't exist. cannot accept client connections"
time="2018-10-04T15:47:40.691422182Z" level=debug msg="Cleaning up old mountid : start."
time="2018-10-04T15:47:40.692104928Z" level=debug msg="Cleaning up old mountid : done."
time="2018-10-04T15:47:40.692626051Z" level=debug msg="Clean shutdown succeeded"

Looks like this may be part of the problem ("cannot delete running task "). This is after the daemon and containerd are started again;

time="2018-10-04T15:47:40.518577066Z" level=error msg="failed to delete failed start container" container=a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9 error="cannot delete running task a264029c90f49ad4ce973f4780234f7ad780bde41d39b9255dc48af6060408f9: failed precondition"

daemon logs of that test docker.log
test logs test.log

thaJeztah · 2018-10-05T12:56:35Z

@crosbymichael if you have any ideas on that failure ^^ - I won't have time this evening, but if you have any ideas 🤗

thaJeztah · 2018-10-25T15:15:53Z

Looks like CI is hanging after completion;

12:20:38 Build timed out (after 180 minutes). Marking the build as failed.
12:20:38 Build timed out (after 180 minutes). Marking the build as aborted.

14:20:15 Build timed out (after 300 minutes). Marking the build as failed.
14:20:15 Build timed out (after 300 minutes). Marking the build as aborted.

Which looks the same as #38062 (comment)

CI seems to be hanging because of leaked containerd-shim processes created while docker-py ran.

Logs and processes in: https://gist.github.com/tonistiigi/a5739d2c0f82442c0317bea044cc56e2

From the logs. The test ran a DELETE request for that failed with
time="2018-10-23T19:03:57.531600098Z" level=error > msg="fc42a122b164349bced9e08588f6782f65de38e823b5649467533cd07d359464 cleanup: failed to delete container from containerd: cannot delete running task fc42a122b164349bced9e08588f6782f65de38e823b5649467533cd07d359464: failed precondition"
and leaked the shim process.

thaJeztah · 2018-10-25T15:49:26Z

~~Linking, just in case there's a relation #37072~~ actually, that's about images, not containers.

release notes: https://github.com/containerd/containerd/releases/tag/v1.2.0 - New V2 Runtime with a stable gRPC interface for managing containers through external shims. - Updated CRI Plugin, validated against Kubernetes v1.11 and v1.12, but it is also compatible with Kubernetes v1.10. - Support for Kubernetes Runtime Class, introduced in Kubernetes 1.12 - A new proxy plugin configuration has been added to allow external snapshotters be connected to containerd using gRPC.- - A new Install method on the containerd client allows users to publish host level binaries using standard container build tooling and container distribution tooling to download containerd related binaries on their systems. - Add support for cleaning up leases and content ingests to garbage collections. - Improved multi-arch image support using more precise matching and ranking - Added a runtime `options` field for shim v2 runtime. Use the `options` field to config runtime specific options, e.g. `NoPivotRoot` and `SystemdCgroup` for runtime type `io.containerd.runc.v1`. - Some Minor API additions - Add `ListStream` method to containers API. This allows listing a larger number of containers without hitting message size limts. - Add `Sync` flag to `Delete` in leases API. Setting this option will ensure a garbage collection completes before the removal call is returned. This can be used to guarantee unreferenced objects are removed from disk after a lease. Signed-off-by: Sebastiaan van Stijn <[email protected]>

thaJeztah · 2018-11-12T16:47:32Z

Rebased, after #38128 was merged (which updates runc)

thaJeztah · 2018-11-20T17:02:13Z

Closing, because #38168 was merged, which has these changes

thaJeztah added area/runtime Runtime impact/changelog labels Sep 28, 2018

thaJeztah requested a review from tianon as a code owner September 28, 2018 09:28

GordonTheTurtle added the status/0-triage label Sep 28, 2018

thaJeztah mentioned this pull request Sep 28, 2018

Update containerd client and dependencies to v1.2.0-rc.1 #37710

Merged

thaJeztah removed the status/0-triage label Sep 28, 2018

vdemeester approved these changes Sep 28, 2018

View reviewed changes

yongtang added the rebuild/experimental label Sep 28, 2018

GordonTheTurtle removed the rebuild/experimental label Sep 28, 2018

yongtang added the rebuild/powerpc label Sep 28, 2018

GordonTheTurtle removed the rebuild/powerpc label Sep 28, 2018

AkihiroSuda added rebuild/janky labels Sep 29, 2018

GordonTheTurtle removed rebuild/experimental labels Sep 29, 2018

thaJeztah force-pushed the bump_containerd_runtime_v1.2.0 branch from 381d64d to 72d92d4 Compare October 4, 2018 12:02

thaJeztah changed the title ~~Update containerd runtime to v1.2.0-rc.0~~ Update containerd runtime to v1.2.0-rc.1 Oct 4, 2018

crosbymichael mentioned this pull request Oct 4, 2018

Update containerd to 1.2 #37969

Closed

thaJeztah force-pushed the bump_containerd_runtime_v1.2.0 branch from 72d92d4 to a5e8170 Compare October 5, 2018 10:40

thaJeztah force-pushed the bump_containerd_runtime_v1.2.0 branch from a5e8170 to cfc6e08 Compare October 5, 2018 12:00

thaJeztah force-pushed the bump_containerd_runtime_v1.2.0 branch from 783d342 to 7e4bba1 Compare October 25, 2018 09:19

thaJeztah changed the title ~~[wip] Update containerd runtime to v1.2.0-rc.2~~ [wip] Update containerd runtime to v1.2.0 Oct 25, 2018

thaJeztah removed rebuild/* labels Oct 25, 2018

thaJeztah force-pushed the bump_containerd_runtime_v1.2.0 branch from 7e4bba1 to 5b6d4d7 Compare November 5, 2018 17:43

thaJeztah added the status/2-code-review label Nov 5, 2018

thaJeztah mentioned this pull request Nov 5, 2018

update containerd client and dependencies to v1.2.0 #38145

Merged

thaJeztah force-pushed the bump_containerd_runtime_v1.2.0 branch from 5b6d4d7 to 480f9c2 Compare November 6, 2018 15:33

thaJeztah added the rebuild/z label Nov 6, 2018

GordonTheTurtle removed the rebuild/z label Nov 6, 2018

thaJeztah added the rebuild/z label Nov 6, 2018

GordonTheTurtle removed the rebuild/z label Nov 6, 2018

thaJeztah added the rebuild/powerpc label Nov 6, 2018

GordonTheTurtle removed the rebuild/powerpc label Nov 6, 2018

thaJeztah mentioned this pull request Nov 8, 2018

[18.09 backport] update containerd client and dependencies to v1.2.0 docker-archive/engine#106

Merged

erulabs mentioned this pull request Nov 8, 2018

Restoring containers from a custom checkpoint-dir is broken #37344

Open

thaJeztah force-pushed the bump_containerd_runtime_v1.2.0 branch from 480f9c2 to c8c5c15 Compare November 12, 2018 16:45

fntlnz added the rebuild/janky label Nov 13, 2018

GordonTheTurtle removed the rebuild/janky label Nov 13, 2018

fntlnz added rebuild/janky labels Nov 13, 2018

GordonTheTurtle removed rebuild/janky labels Nov 13, 2018

thaJeztah closed this Nov 20, 2018

thaJeztah deleted the bump_containerd_runtime_v1.2.0 branch November 20, 2018 17:02

Conversation

thaJeztah commented Sep 28, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

thaJeztah commented Sep 28, 2018

Uh oh!

vdemeester left a comment

Choose a reason for hiding this comment

Uh oh!

thaJeztah commented Oct 3, 2018

Uh oh!

thaJeztah commented Oct 3, 2018

Uh oh!

thaJeztah commented Oct 3, 2018

Uh oh!

thaJeztah commented Oct 3, 2018

Uh oh!

AkihiroSuda commented Oct 4, 2018

Uh oh!

codecov Bot commented Oct 4, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

thaJeztah commented Oct 5, 2018

Uh oh!

thaJeztah commented Oct 5, 2018

Uh oh!

thaJeztah commented Oct 5, 2018

Uh oh!

thaJeztah commented Oct 25, 2018

Uh oh!

thaJeztah commented Oct 25, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

thaJeztah commented Nov 12, 2018

Uh oh!

thaJeztah commented Nov 20, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

9 participants

thaJeztah commented Sep 28, 2018 •

edited

Loading

codecov Bot commented Oct 4, 2018 •

edited

Loading

thaJeztah commented Oct 25, 2018 •

edited

Loading