Skip to content
This repository has been archived by the owner on May 6, 2020. It is now read-only.

OpenStack Zun via DevStack doesn't work with CC 3.0 (Could not setup network routes) #1060

Open
eadamsintel opened this issue Mar 9, 2018 · 2 comments
Open

OpenStack Zun via DevStack doesn't work with CC 3.0 (Could not setup network routes) #1060

eadamsintel opened this issue Mar 9, 2018 · 2 comments

Comments

@eadamsintel
Copy link

eadamsintel commented Mar 9, 2018
edited
Loading

Description of problem

When using a relatively recent version of DevStack and replacing the CC 2.x runtime with CC 3.x then when executing "zun run --runtime=cc-runtime cirros ping -c 4 8.8.8.8" it errors out. The logs state that network routes could not be setup

Expected result

The container will start and you can interact with it

Actual result

The container errors out and the logs show ""Could not setup the network: Could not setup network routes: Could not add/replace route dest()/src()/gw(2001:db8::2)/dev(eth0): no route to host"

A gist on how to setup devstack is at https://gist.github.com/eadamsintel/86bd12acd7052ea061766f9698f69819 Instead of compiling and building the kata runtimes described in this gist just follow the CC 3.0 install instructions for Ubuntu after devstack is setup and replace the cor runtime with cc-runtime at /etc/docker/daemon.json, reload the daemon, and restart docker to enable CC 3.0 in Zun.

Meta details

Running cc-collect-data.sh version 3.0.19 (commit 900d623) at 2018-03-09.13:47:08.397219692-0800.

Runtime is /usr/bin/cc-runtime.

cc-env

Output of "/usr/bin/cc-runtime cc-env":

[Meta]
  Version = "1.0.8"

[Runtime]
  Debug = false
  [Runtime.Version]
    Semver = "3.0.19"
    Commit = "900d623"
    OCI = "1.0.1"
  [Runtime.Config]
    Path = "/usr/share/defaults/clear-containers/configuration.toml"

[Hypervisor]
  MachineType = "pc"
  Version = "QEMU emulator version 2.7.1(2.7.1+git.d4a337fe91-11.cc), Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers"
  Path = "/usr/bin/qemu-lite-system-x86_64"
  Debug = false

[Image]
  Path = "/usr/share/clear-containers/cc-20640-agent-4186b0.img"

[Kernel]
  Path = "/usr/share/clear-containers/vmlinuz-4.9.60-84.container"
  Parameters = ""

[Proxy]
  Type = "ccProxy"
  Version = "Version: 3.0.19+git.318ac7e"
  Path = "/usr/libexec/clear-containers/cc-proxy"
  Debug = true

[Shim]
  Type = "ccShim"
  Version = "shim version: 3.0.19 (commit: 557fe9b)"
  Path = "/usr/libexec/clear-containers/cc-shim"
  Debug = true

[Agent]
  Type = "hyperstart"
  Version = "<<unknown>>"

[Host]
  Kernel = "4.13.0-36-generic"
  Architecture = "amd64"
  VMContainerCapable = true
  [Host.Distro]
    Name = "Ubuntu"
    Version = "16.04"
  [Host.CPU]
    Vendor = "GenuineIntel"
    Model = "Intel(R) Core(TM) i7-6770HQ CPU @ 2.60GHz"

Runtime config files

Runtime default config files

/usr/share/defaults/clear-containers/configuration.toml
/usr/share/defaults/clear-containers/configuration.toml

Runtime config file contents

Config file /etc/clear-containers/configuration.toml not found
Output of "cat "/usr/share/defaults/clear-containers/configuration.toml"":

# XXX: WARNING: this file is auto-generated.
# XXX:
# XXX: Source file: "config/configuration.toml.in"
# XXX: Project:
# XXX:   Name: Intel® Clear Containers
# XXX:   Type: cc

[hypervisor.qemu]
path = "/usr/bin/qemu-lite-system-x86_64"
kernel = "/usr/share/clear-containers/vmlinuz.container"
image = "/usr/share/clear-containers/clear-containers.img"
machine_type = "pc"

# Optional space-separated list of options to pass to the guest kernel.
# For example, use `kernel_params = "vsyscall=emulate"` if you are having
# trouble running pre-2.15 glibc.
#
# WARNING: - any parameter specified here will take priority over the default
# parameter value of the same name used to start the virtual machine.
# Do not set values here unless you understand the impact of doing so as you
# may stop the virtual machine from booting.
# To see the list of default parameters, enable hypervisor debug, create a
# container and look for 'default-kernel-parameters' log entries.
kernel_params = ""

# Path to the firmware.
# If you want that qemu uses the default firmware leave this option empty
firmware = ""

# Machine accelerators
# comma-separated list of machine accelerators to pass to the hypervisor.
# For example, `machine_accelerators = "nosmm,nosmbus,nosata,nopit,static-prt,nofw"`
machine_accelerators=""

# Default number of vCPUs per POD/VM:
# unspecified or 0 --> will be set to 1
# < 0              --> will be set to the actual number of physical cores
# > 0 <= 255       --> will be set to the specified number
# > 255            --> will be set to 255
default_vcpus = -1


# Bridges can be used to hot plug devices.
# Limitations:
# * Currently only pci bridges are supported
# * Until 30 devices per bridge can be hot plugged.
# * Until 5 PCI bridges can be cold plugged per VM.
#   This limitation could be a bug in qemu or in the kernel
# Default number of bridges per POD/VM:
# unspecified or 0   --> will be set to 1
# > 1 <= 5           --> will be set to the specified number
# > 5                --> will be set to 5
default_bridges = 1

# Default memory size in MiB for POD/VM.
# If unspecified then it will be set 2048 MiB.
#default_memory = 2048
disable_block_device_use = false

# Enable pre allocation of VM RAM, default false
# Enabling this will result in lower container density
# as all of the memory will be allocated and locked
# This is useful when you want to reserve all the memory
# upfront or in the cases where you want memory latencies
# to be very predictable
# Default false
#enable_mem_prealloc = true

# Enable huge pages for VM RAM, default false
# Enabling this will result in the VM memory
# being allocated using huge pages.
# This is useful when you want to use vhost-user network
# stacks within the container. This will automatically
# result in memory pre allocation
#enable_hugepages = true

# Enable swap of vm memory. Default false.
# The behaviour is undefined if mem_prealloc is also set to true
#enable_swap = true

# This option changes the default hypervisor and kernel parameters
# to enable debug output where available. This extra output is added
# to the proxy logs, but only when proxy debug is also enabled.
#
# Default false
enable_debug = true

# Disable the customizations done in the runtime when it detects
# that it is running on top a VMM. This will result in the runtime
# behaving as it would when running on bare metal.
#
#disable_nesting_checks = true

[proxy.cc]
path = "/usr/libexec/clear-containers/cc-proxy"

# If enabled, proxy messages will be sent to the system log
# (default: disabled)
enable_debug = true

[shim.cc]
path = "/usr/libexec/clear-containers/cc-shim"

# If enabled, shim messages will be sent to the system log
# (default: disabled)
enable_debug = true

[agent.cc]
# There is no field for this section. The goal is only to be able to
# specify which type of agent the user wants to use.

[runtime]
# If enabled, the runtime will log additional debug messages to the
# system log
# (default: disabled)
enable_debug = true
#
# Internetworking model
# Determines how the VM should be connected to the
# the container network interface
# Options:
#
#   - bridged
#     Uses a linux bridge to interconnect the container interface to
#     the VM. Works for most cases except macvlan and ipvlan.
#
#   - macvtap
#     Used when the Container network interface can be bridged using
#     macvtap.
internetworking_model="macvtap"

Logfiles

Runtime logs

Recent runtime problems found in system journal:

time="2018-03-09T09:43:24.249875197-08:00" level=debug msg="Could not retrieve anything from storage" arch=amd64 source=virtcontainers subsystem=hyper
time="2018-03-09T09:43:24.386955724-08:00" level=debug arch=amd64 default-kernel-parameters="root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k console=hvc0 console=hvc1 iommu=off cryptomgr.notests net.ifnames=0 pci=lastbus=0 debug systemd.show_status=true systemd.log_level=debug" source=virtcontainers subsystem=qemu
time="2018-03-09T09:43:24.917836214-08:00" level=warning msg="unsupported route" arch=amd64 destination="2001:db8::/64" source=virtcontainers subsystem=hyper unsupported-route-type=ipv6
time="2018-03-09T09:43:24.917896837-08:00" level=warning msg="unsupported route" arch=amd64 destination="fe80::/64" source=virtcontainers subsystem=hyper unsupported-route-type=ipv6
time="2018-03-09T09:43:24.935385089-08:00" level=error msg="ERROR received from VM agent, control msg received : Could not setup the network: Could not setup network routes: Could not add/replace route dest()/src()/gw(2001:db8::2)/dev(eth0): no route to host" source=runtime

Proxy logs

Recent proxy problems found in system journal:

time="2018-03-09T09:43:24.776932873-08:00" level=debug msg="[    0.217993] EXT4-fs (pmem0p1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk" name=cc-proxy pid=32637 source=qemu vm=7adf058b13f0c0697190122403146a5d0df7b349cb0211bf60c3e1eef1407f49
time="2018-03-09T09:43:24.777273199-08:00" level=debug msg="[    0.218305] EXT4-fs (pmem0p1): mounted filesystem with ordered data mode. Opts: dax,data=ordered,errors=remount-ro" name=cc-proxy pid=32637 source=qemu vm=7adf058b13f0c0697190122403146a5d0df7b349cb0211bf60c3e1eef1407f49
time="2018-03-09T09:43:24.81364802-08:00" level=debug msg="[    0.254645] systemd-journald[94]: Failed to open configuration file '/etc/systemd/journald.conf': No such file or directory" name=cc-proxy pid=32637 source=qemu vm=7adf058b13f0c0697190122403146a5d0df7b349cb0211bf60c3e1eef1407f49
time="2018-03-09T09:43:24.827180845-08:00" level=debug msg="[\\x1b[0;1;31mFAILED\\x1b[0m] Failed to mount Temporary Directory (/tmp)." name=cc-proxy pid=32637 source=qemu vm=7adf058b13f0c0697190122403146a5d0df7b349cb0211bf60c3e1eef1407f49
time="2018-03-09T09:43:24.828552145-08:00" level=debug msg="[\\x1b[0;1;33mDEPEND\\x1b[0m] Dependency failed for Network Time Synchronization." name=cc-proxy pid=32637 source=qemu vm=7adf058b13f0c0697190122403146a5d0df7b349cb0211bf60c3e1eef1407f49
time="2018-03-09T09:43:24.934975672-08:00" level=debug msg="{\\\"channel\\\":\\\"ctl\\\",\\\"command\\\":\\\"startpod\\\",\\\"error\\\":\\\"Could not setup the network: Could not setup network routes: Could not add/replace route dest()/src()/gw(2001:db8::2)/dev(eth0): no route to host\\\",\\\"level\\\":\\\"info\\\",\\\"msg\\\":\\\"command failed\\\",\\\"name\\\":\\\"cc-agent\\\",\\\"pid\\\":130,\\\"time\\\":\\\"2018-03-09T17:43:24.923203308Z\\\"}" name=cc-proxy pid=32637 source=qemu vm=7adf058b13f0c0697190122403146a5d0df7b349cb0211bf60c3e1eef1407f49
time="2018-03-09T09:43:25.023716551-08:00" level=debug msg="{\\\"level\\\":\\\"error\\\",\\\"msg\\\":\\\"online file of vCPU /sys/devices/system/cpu/cpu0 not exist\\\",\\\"name\\\":\\\"cc-agent\\\",\\\"pid\\\":130,\\\"subsystem\\\":\\\"udevlistener\\\",\\\"time\\\":\\\"2018-03-09T17:43:25.01180295Z\\\",\\\"udev-subsystem\\\":\\\"cpu\\\"}" name=cc-proxy pid=32637 source=qemu vm=7adf058b13f0c0697190122403146a5d0df7b349cb0211bf60c3e1eef1407f49

Shim logs

No recent shim problems found in system journal.

Container manager details

Have docker

Docker

Output of "docker version":

Client:
 Version:       17.12.1-ce
 API version:   1.35
 Go version:    go1.9.4
 Git commit:    7390fc6
 Built: Tue Feb 27 22:17:40 2018
 OS/Arch:       linux/amd64

Server:
 Engine:
  Version:      17.12.1-ce
  API version:  1.35 (minimum version 1.12)
  Go version:   go1.9.4
  Git commit:   7390fc6
  Built:        Tue Feb 27 22:16:13 2018
  OS/Arch:      linux/amd64
  Experimental: false

Output of "docker info":

Containers: 2
 Running: 0
 Paused: 0
 Stopped: 2
Images: 5
Server Version: 17.12.1-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host kuryr macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: cc runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9b55aab90508bd389d7654c4baf173a981477d55
runc version: 9f9c96235cc97674e935002fc3d78361b696a69e
init version: 949e6fa
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.13.0-36-generic
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.31GiB
Name: container
ID: RTJH:G7LS:LJRR:JTZB:HGLK:DKQN:IAYG:DTUU:JBH3:PC6N:K6TY:V672
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 22
 Goroutines: 38
 System Time: 2018-03-09T13:47:08.59478457-08:00
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Cluster Store: etcd://192.168.25.198:2379
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

Output of "systemctl show docker":

Type=notify
Restart=on-failure
NotifyAccess=main
RestartUSec=100ms
TimeoutStartUSec=infinity
TimeoutStopUSec=1min 30s
RuntimeMaxUSec=infinity
WatchdogUSec=0
WatchdogTimestamp=Thu 2018-03-08 14:58:00 PST
WatchdogTimestampMonotonic=2762897258
FailureAction=none
PermissionsStartOnly=no
RootDirectoryStartOnly=no
RemainAfterExit=no
GuessMainPID=yes
MainPID=3839
ControlPID=0
FileDescriptorStoreMax=0
NFileDescriptorStore=0
StatusErrno=0
Result=success
ExecMainStartTimestamp=Thu 2018-03-08 14:58:00 PST
ExecMainStartTimestampMonotonic=2762661397
ExecMainExitTimestampMonotonic=0
ExecMainPID=3839
ExecMainCode=0
ExecMainStatus=0
ExecStart={ path=/usr/bin/dockerd ; argv[]=/usr/bin/dockerd --config-file=/etc/docker/daemon.json ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
ExecReload={ path=/bin/kill ; argv[]=/bin/kill -s HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
Slice=system.slice
ControlGroup=/system.slice/docker.service
MemoryCurrent=380628992
CPUUsageNSec=495221707055
TasksCurrent=141
Delegate=yes
CPUAccounting=no
CPUShares=18446744073709551615
StartupCPUShares=18446744073709551615
CPUQuotaPerSecUSec=infinity
BlockIOAccounting=no
BlockIOWeight=18446744073709551615
StartupBlockIOWeight=18446744073709551615
MemoryAccounting=no
MemoryLimit=18446744073709551615
DevicePolicy=auto
TasksAccounting=no
TasksMax=18446744073709551615
Environment=HTTP_PROXY= HTTPS_PROXY= NO_PROXY=
UMask=0022
LimitCPU=18446744073709551615
LimitCPUSoft=18446744073709551615
LimitFSIZE=18446744073709551615
LimitFSIZESoft=18446744073709551615
LimitDATA=18446744073709551615
LimitDATASoft=18446744073709551615
LimitSTACK=18446744073709551615
LimitSTACKSoft=8388608
LimitCORE=18446744073709551615
LimitCORESoft=18446744073709551615
LimitRSS=18446744073709551615
LimitRSSSoft=18446744073709551615
LimitNOFILE=1048576
LimitNOFILESoft=1048576
LimitAS=18446744073709551615
LimitASSoft=18446744073709551615
LimitNPROC=18446744073709551615
LimitNPROCSoft=18446744073709551615
LimitMEMLOCK=65536
LimitMEMLOCKSoft=65536
LimitLOCKS=18446744073709551615
LimitLOCKSSoft=18446744073709551615
LimitSIGPENDING=127495
LimitSIGPENDINGSoft=127495
LimitMSGQUEUE=819200
LimitMSGQUEUESoft=819200
LimitNICE=0
LimitNICESoft=0
LimitRTPRIO=0
LimitRTPRIOSoft=0
LimitRTTIME=18446744073709551615
LimitRTTIMESoft=18446744073709551615
OOMScoreAdjust=0
Nice=0
IOScheduling=0
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
TimerSlackNSec=50000
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardOutput=journal
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SyslogLevel=6
SyslogFacility=3
SecureBits=0
CapabilityBoundingSet=18446744073709551615
AmbientCapabilities=0
MountFlags=0
PrivateTmp=no
PrivateNetwork=no
PrivateDevices=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=no
UtmpMode=init
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=0
RuntimeDirectoryMode=0755
KillMode=process
KillSignal=15
SendSIGKILL=yes
SendSIGHUP=no
Id=docker.service
Names=docker.service
Requires=system.slice docker.socket sysinit.target
Wants=network-online.target
WantedBy=multi-user.target
ConsistsOf=docker.socket
Conflicts=shutdown.target
Before=shutdown.target multi-user.target
After=system.slice sysinit.target basic.target firewalld.service systemd-journald.socket network-online.target docker.socket
TriggeredBy=docker.socket
Documentation=https://docs.docker.com
Description=Docker Application Container Engine
LoadState=loaded
ActiveState=active
SubState=running
FragmentPath=/lib/systemd/system/docker.service
DropInPaths=/etc/systemd/system/docker.service.d/docker.conf
UnitFileState=enabled
UnitFilePreset=enabled
StateChangeTimestamp=Thu 2018-03-08 14:58:00 PST
StateChangeTimestampMonotonic=2762897259
InactiveExitTimestamp=Thu 2018-03-08 14:58:00 PST
InactiveExitTimestampMonotonic=2762661428
ActiveEnterTimestamp=Thu 2018-03-08 14:58:00 PST
ActiveEnterTimestampMonotonic=2762897259
ActiveExitTimestamp=Thu 2018-03-08 14:57:59 PST
ActiveExitTimestampMonotonic=2761626126
InactiveEnterTimestamp=Thu 2018-03-08 14:58:00 PST
InactiveEnterTimestampMonotonic=2762655132
CanStart=yes
CanStop=yes
CanReload=yes
CanIsolate=no
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
OnFailureJobMode=replace
IgnoreOnIsolate=no
NeedDaemonReload=no
JobTimeoutUSec=infinity
JobTimeoutAction=none
ConditionResult=yes
AssertResult=yes
ConditionTimestamp=Thu 2018-03-08 14:58:00 PST
ConditionTimestampMonotonic=2762660886
AssertTimestamp=Thu 2018-03-08 14:58:00 PST
AssertTimestampMonotonic=2762660886
Transient=no
StartLimitInterval=60000000
StartLimitBurst=3
StartLimitAction=none

No kubectl

Packages

Have dpkg
Output of "dpkg -l|egrep "(cc-oci-runtime|cc-proxy|cc-runtime|cc-shim|kata-proxy|kata-runtime|kata-shim|clear-containers-image|linux-container|qemu-lite|qemu-system-x86)"":

ii  cc-proxy                                   3.0.19+git.318ac7e-24                        amd64
ii  cc-runtime                                 3.0.19+git.900d623-24                        amd64
ii  cc-runtime-bin                             3.0.19+git.900d623-24                        amd64
ii  cc-runtime-config                          3.0.19+git.900d623-24                        amd64
ii  cc-shim                                    3.0.19+git.557fe9b-24                        amd64
ii  clear-containers-image                     20640-47                                     amd64        Clear containers image
ii  linux-container                            4.9.60-84                                    amd64        linux kernel optimised for container-like workloads.
ii  qemu-lite                                  2.7.1+git.d4a337fe91-11                      amd64        linux kernel optimised for container-like workloads.
ii  qemu-system-x86                            1:2.10+dfsg-0ubuntu3.4~cloud0                amd64        QEMU full system emulation binaries (x86)

No rpm

ccagent.log
cc-proxy.log
cc-runtime.log
cc-shim.log
@egernst
Copy link

egernst commented Mar 9, 2018

@eadamsintel - can you reproduce this with Kata Containers?

@eadamsintel
Copy link
Author

Yes. I filed a bug with logs at kata-containers/runtime#48 that is giving the same error messages about the network route not being able to be setup.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@egernst @eadamsintel