Fail to start several privileged pods on centos7 / vfio / privileged_without_host_devices set to true #637
Comments
thbtcllt
added
bug
|
/cc @amshinde |
|
@thbtcllt I see that you are using containerd 1.2.13, while the change in containerd to support privileged_without_host_devices was introduced in 1.3.0 version: You will need the newer containerd version. I shall update our docs to reflect this as well. |
|
@amshinde unfortunately i have still the problem with the latest version of containerd (1.3.3). The description of my environment (from kata-collect-data.sh) is: info.txt I have tried containerd 1.3 version or to set the privileged_without_host_devices option to any kata section and not only the kata-runtime one but it does not change anything. I have noticed that format of containerd configuration file has changed in 1.3 As i used kata-deploy that updates the containerd configuration file by using the version 1 format I force it. How can I check that the privileged_without_host_devices option is correctly sent to kata-runtime ? I have tried to set some logs but I have not found clear evidence. |
|
@amshinde i have found my issue. I have to set the privileged_without_host_devices options to kata-qemu as it is the runtimeClassName used to deploy my pods. On my previous check to add this option to kata-qemu I have forgotten to restart containerd. |
|
@thbtcllt The option |
|
@amshinde the plugin always provide the requested devices but regarding the pod mode (privilege or not) and presence of option privileged_without_host_devices this list of requested devices can be modified. My platform has 4 vf and I use https://github.com/intel/sriov-network-device-plugin to manage them With this configuration when I start my pod the vf is not available. I have set the log level to debug in containerd and it seems that containerd change the list of requested devices. Do you have any ideas how I can keep my requested device by the plugin when the option privileged_without_host_devices is set ? |
|
@amshinde |
|
@thbtcllt I see the issue now. containerd is not passing any devices in case the option |
|
cc @awprice |
|
Patch seems reasonable to me. |
|
@awprice @amshinde I have tried to push my correction to containerd but i don't clearly understand the process to do it and then as soon as patch is accepted on https://github.com/containerd/cri when it is replicated to https://github.com/containerd/containerd ? any hints to do it correctly is welcome |
|
@thbtcllt Yes the |
|
@thbtcllt were you able to vendor in the |
chavafg
added
bug
|
@chavafg my fix has been vendor by commit https://github.com/containerd/containerd/pull/4219/files |
Description of problem
I install kubernetes on centos7 and I use containerd. I have vfio devices and i want to start several pods with privileged mode
I have set privileged_without_host_devices to true to avoid pods get all vfio devices at the startup
The complete description of my system is in the info.txt file (output of kata-collect-data.sh)
info.txt
Expected result
privileged pods starts without taking all available vfio
Actual result
privileged pods gets all available vfio and it is not possible to launch several privileged pods. Start of the second pod fails with error like
Warning Failed 8s (x4 over 58s) kubelet, centos7 Error: failed to create containerd task: QMP command failed: vfio 0000:81:10.0: failed to open /dev/vfio/61: Device or resource busy: unknown
pods are launched with containerd-shim-kata-v2 and not by kata-runtime. I have tried to set the privileged_without_host_devices for any kata runtimes in /etc/containerd/config.toml but with no success
The text was updated successfully, but these errors were encountered: