Where is docker.cfg file in rocko? #meta-virtualization #yocto

Where is docker.cfg file in rocko? #meta-virtualization #yocto

[thitgahamtonghop]

[-- Attachment #1: Type: text/plain, Size: 5140 bytes --]

Hi,
So I am having problem running docker image. When I run command: *docker run hello-world* , this is the output:
> 
> 
> docker: Error response from daemon: failed to create endpoint
> elastic_hypatia on network bridge: failed to add the host (vethf9c4250)
> <=> sandbox (vethc439d7e) pair interfaces: operation not supported.
> ERRO[0000] error waiting for container: context canceled
> 

So I suspect that the veth module is missing and as checking, I ran the check-config.sh script, and here is what I get

> 
> root@procemex:~# bash check-config.sh
> info: reading kernel config from /proc/config.gz ...
> 
> Generally Necessary:
> - check-config.sh: line 159: [: missing `]'
> check-config.sh: line 160: /sys/fs/cgroup/memory: Is a directory
> cgroup hierarchy: single mountpoint! [/sys/fs/cgroup/memory]
> (see https://github.com/tianon/cgroupfs-mount)
> - CONFIG_NAMESPACES: enabled
> - CONFIG_NET_NS: enabled
> - CONFIG_PID_NS: enabled
> - CONFIG_IPC_NS: enabled
> - CONFIG_UTS_NS: enabled
> - CONFIG_CGROUPS: enabled
> - CONFIG_CGROUP_CPUACCT: enabled
> - CONFIG_CGROUP_DEVICE: enabled
> - CONFIG_CGROUP_FREEZER: enabled
> - CONFIG_CGROUP_SCHED: enabled
> - CONFIG_CPUSETS: enabled
> - CONFIG_MEMCG: enabled
> - CONFIG_KEYS: enabled
> - CONFIG_VETH: missing
> - CONFIG_BRIDGE: enabled (as module)
> - CONFIG_BRIDGE_NETFILTER: enabled (as module)
> - CONFIG_NF_NAT_IPV4: enabled (as module)
> - CONFIG_IP_NF_FILTER: enabled (as module)
> - CONFIG_IP_NF_TARGET_MASQUERADE: missing
> - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: missing
> - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
> - CONFIG_NETFILTER_XT_MATCH_IPVS: missing
> - CONFIG_IP_NF_NAT: missing
> - CONFIG_NF_NAT: enabled (as module)
> - CONFIG_NF_NAT_NEEDED: enabled
> - CONFIG_POSIX_MQUEUE: enabled
> - CONFIG_DEVPTS_MULTIPLE_INSTANCES: missing
> 
> Optional Features:
> - CONFIG_USER_NS: enabled
> - CONFIG_SECCOMP: enabled
> - CONFIG_CGROUP_PIDS: missing
> - CONFIG_MEMCG_SWAP: enabled
> - CONFIG_MEMCG_SWAP_ENABLED: enabled
> (cgroup swap accounting is currently enabled)
> - CONFIG_LEGACY_VSYSCALL_EMULATE: enabled
> - CONFIG_MEMCG_KMEM: enabled
> - CONFIG_BLK_CGROUP: enabled
> - CONFIG_BLK_DEV_THROTTLING: missing
> - CONFIG_IOSCHED_CFQ: enabled
> - CONFIG_CFQ_GROUP_IOSCHED: missing
> - CONFIG_CGROUP_PERF: missing
> - CONFIG_CGROUP_HUGETLB: missing
> - CONFIG_NET_CLS_CGROUP: enabled
> - CONFIG_CGROUP_NET_PRIO: missing
> - CONFIG_CFS_BANDWIDTH: missing
> - CONFIG_FAIR_GROUP_SCHED: enabled
> - CONFIG_RT_GROUP_SCHED: enabled
> - CONFIG_IP_VS: missing
> - CONFIG_IP_VS_NFCT: missing
> - CONFIG_IP_VS_RR: missing
> - CONFIG_EXT3_FS: enabled
> - CONFIG_EXT3_FS_XATTR: missing
> - CONFIG_EXT3_FS_POSIX_ACL: enabled
> - CONFIG_EXT3_FS_SECURITY: enabled
> (enable these ext3 configs if you are using ext3 as backing filesystem)
> - CONFIG_EXT4_FS: enabled
> - CONFIG_EXT4_FS_POSIX_ACL: enabled
> - CONFIG_EXT4_FS_SECURITY: enabled
> - Network Drivers:
> - "overlay":
> - CONFIG_VXLAN: missing
> Optional (for encrypted networks):
> - CONFIG_CRYPTO: enabled
> - CONFIG_CRYPTO_AEAD: enabled
> - CONFIG_CRYPTO_GCM: enabled (as module)
> - CONFIG_CRYPTO_SEQIV: enabled (as module)
> - CONFIG_CRYPTO_GHASH: enabled (as module)
> - CONFIG_XFRM: enabled
> - CONFIG_XFRM_USER: enabled (as module)
> - CONFIG_XFRM_ALGO: enabled
> - CONFIG_INET_ESP: enabled (as module)
> - CONFIG_INET_XFRM_MODE_TRANSPORT: enabled
> - "ipvlan":
> - CONFIG_IPVLAN: missing
> - "macvlan":
> - CONFIG_MACVLAN: missing
> - CONFIG_DUMMY: enabled (as module)
> - "ftp,tftp client in container":
> - CONFIG_NF_NAT_FTP: enabled (as module)
> - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
> - CONFIG_NF_NAT_TFTP: enabled (as module)
> - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
> - Storage Drivers:
> - "aufs":
> - CONFIG_AUFS_FS: enabled
> - "btrfs":
> - CONFIG_BTRFS_FS: enabled
> - CONFIG_BTRFS_FS_POSIX_ACL: enabled
> - "devicemapper":
> - CONFIG_BLK_DEV_DM: enabled
> - CONFIG_DM_THIN_PROVISIONING: missing
> - "overlay":
> - CONFIG_OVERLAY_FS: missing
> - "zfs":
> - /dev/zfs: missing
> - zfs command: missing
> - zpool command: missing
> 
> Limits:
> - /proc/sys/kernel/keys/root_maxkeys: 1000000
> 

Even running *modprobe veth* showing that veth is not there:

> 
> modprobe: FATAL: Module veth not found in directory
> /lib/modules/4.4.113-yocto-standard
> 

After going around the internet, I found out that somebody had the same issue with me: https://marc.info/?l=openembedded-devel&m=154773496216135&w=2 , and they also think that veth missing is the problem. And as suggestion, I added in my local.conf:
CORE_IMAGE_EXTRA_INSTALL += "kernel-modules docker"
But they also mentioned the actual solution is :
I found the issue.  The veth kernel parameter was not enabled.  Once I added
CONFIG_VETH=y to my docker.cfg file, I was able to successfully run a
docker container in my openembedded OS So where could I do the same? I've used the rocko version and it doesn't have the linux/docker.cfg file? Or could I can create one by myself?

[-- Attachment #2: Type: text/html, Size: 7276 bytes --]

Re: [meta-virtualization] Where is docker.cfg file in rocko? #meta-virtualization #yocto

[Bruce Ashfield]

[-- Attachment #1: Type: text/plain, Size: 8553 bytes --]

On Wed, Jan 5, 2022 at 4:46 AM <thitgahamtonghop@gmail.com> wrote:
>
> [Edited Message Follows]
>
> Hi,
> So I am having problem running docker image. When I run command: docker
run hello-world, this is the output:
>
> docker: Error response from daemon: failed to create endpoint
elastic_hypatia on network bridge: failed to add the host (vethf9c4250) <=>
sandbox (vethc439d7e) pair interfaces: operation not supported.
> ERRO[0000] error waiting for container: context canceled
>
> So I suspect that the veth module is missing and as checking, I ran the
check-config.sh script, and here is what I get
>
>
> info: reading kernel config from /proc/config.gz ...
>
> Generally Necessary:
> - check-config.sh: line 159: [: missing `]'
> check-config.sh: line 160: /sys/fs/cgroup/memory: Is a directory
> cgroup hierarchy: single mountpoint! [/sys/fs/cgroup/memory]
>     (see https://github.com/tianon/cgroupfs-mount)
> - CONFIG_NAMESPACES: enabled
> - CONFIG_NET_NS: enabled
> - CONFIG_PID_NS: enabled
> - CONFIG_IPC_NS: enabled
> - CONFIG_UTS_NS: enabled
> - CONFIG_CGROUPS: enabled
> - CONFIG_CGROUP_CPUACCT: enabled
> - CONFIG_CGROUP_DEVICE: enabled
> - CONFIG_CGROUP_FREEZER: enabled
> - CONFIG_CGROUP_SCHED: enabled
> - CONFIG_CPUSETS: enabled
> - CONFIG_MEMCG: enabled
> - CONFIG_KEYS: enabled
> - CONFIG_VETH: missing
> - CONFIG_BRIDGE: enabled (as module)
> - CONFIG_BRIDGE_NETFILTER: enabled (as module)
> - CONFIG_NF_NAT_IPV4: enabled (as module)
> - CONFIG_IP_NF_FILTER: enabled (as module)
> - CONFIG_IP_NF_TARGET_MASQUERADE: missing
> - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: missing
> - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
> - CONFIG_NETFILTER_XT_MATCH_IPVS: missing
> - CONFIG_IP_NF_NAT: missing
> - CONFIG_NF_NAT: enabled (as module)
> - CONFIG_NF_NAT_NEEDED: enabled
> - CONFIG_POSIX_MQUEUE: enabled
> - CONFIG_DEVPTS_MULTIPLE_INSTANCES: missing
>
> Optional Features:
> - CONFIG_USER_NS: enabled
> - CONFIG_SECCOMP: enabled
> - CONFIG_CGROUP_PIDS: missing
> - CONFIG_MEMCG_SWAP: enabled
> - CONFIG_MEMCG_SWAP_ENABLED: enabled
>     (cgroup swap accounting is currently enabled)
> - CONFIG_LEGACY_VSYSCALL_EMULATE: enabled
> - CONFIG_MEMCG_KMEM: enabled
> - CONFIG_BLK_CGROUP: enabled
> - CONFIG_BLK_DEV_THROTTLING: missing
> - CONFIG_IOSCHED_CFQ: enabled
> - CONFIG_CFQ_GROUP_IOSCHED: missing
> - CONFIG_CGROUP_PERF: missing
> - CONFIG_CGROUP_HUGETLB: missing
> - CONFIG_NET_CLS_CGROUP: enabled
> - CONFIG_CGROUP_NET_PRIO: missing
> - CONFIG_CFS_BANDWIDTH: missing
> - CONFIG_FAIR_GROUP_SCHED: enabled
> - CONFIG_RT_GROUP_SCHED: enabled
> - CONFIG_IP_VS: missing
> - CONFIG_IP_VS_NFCT: missing
> - CONFIG_IP_VS_RR: missing
> - CONFIG_EXT3_FS: enabled
> - CONFIG_EXT3_FS_XATTR: missing
> - CONFIG_EXT3_FS_POSIX_ACL: enabled
> - CONFIG_EXT3_FS_SECURITY: enabled
>     (enable these ext3 configs if you are using ext3 as backing
filesystem)
> - CONFIG_EXT4_FS: enabled
> - CONFIG_EXT4_FS_POSIX_ACL: enabled
> - CONFIG_EXT4_FS_SECURITY: enabled
> - Network Drivers:
>   - "overlay":
>     - CONFIG_VXLAN: missing
>       Optional (for encrypted networks):
>       - CONFIG_CRYPTO: enabled
>       - CONFIG_CRYPTO_AEAD: enabled
>       - CONFIG_CRYPTO_GCM: enabled (as module)
>       - CONFIG_CRYPTO_SEQIV: enabled (as module)
>       - CONFIG_CRYPTO_GHASH: enabled (as module)
>       - CONFIG_XFRM: enabled
>       - CONFIG_XFRM_USER: enabled (as module)
>       - CONFIG_XFRM_ALGO: enabled
>       - CONFIG_INET_ESP: enabled (as module)
>       - CONFIG_INET_XFRM_MODE_TRANSPORT: enabled
>   - "ipvlan":
>     - CONFIG_IPVLAN: missing
>   - "macvlan":
>     - CONFIG_MACVLAN: missing
>     - CONFIG_DUMMY: enabled (as module)
>   - "ftp,tftp client in container":
>     - CONFIG_NF_NAT_FTP: enabled (as module)
>     - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
>     - CONFIG_NF_NAT_TFTP: enabled (as module)
>     - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
> - Storage Drivers:
>   - "aufs":
>     - CONFIG_AUFS_FS: enabled
>   - "btrfs":
>     - CONFIG_BTRFS_FS: enabled
>     - CONFIG_BTRFS_FS_POSIX_ACL: enabled
>   - "devicemapper":
>     - CONFIG_BLK_DEV_DM: enabled
>     - CONFIG_DM_THIN_PROVISIONING: missing
>   - "overlay":
>     - CONFIG_OVERLAY_FS: missing
>   - "zfs":
>     - /dev/zfs: missing
>     - zfs command: missing
>     - zpool command: missing
>
> Limits:
> - /proc/sys/kernel/keys/root_maxkeys: 1000000
>
> Even running modprobe veth showing that veth is not there:
>
> modprobe: FATAL: Module veth not found in directory
/lib/modules/4.4.113-yocto-standard
>
> And here is the output of lxc-checkconfig
>
> --- Namespaces ---
> Namespaces: enabled
> Utsname namespace: enabled
> Ipc namespace: enabled
> Pid namespace: enabled
> User namespace: enabled
> Network namespace: enabled
> Multiple /dev/pts instances: missing
>
> --- Control groups ---
> Cgroup: enabled
> Cgroup clone_children flag: enabled
> Cgroup device: enabled
> Cgroup sched: enabled
> Cgroup cpu account: enabled
> Cgroup memory controller: enabled
> Cgroup cpuset: enabled
>
> --- Misc ---
> Veth pair device: missing
> Macvlan: missing
> Vlan: enabled
> Bridges: enabled
> Advanced netfilter: enabled
> CONFIG_NF_NAT_IPV4: enabled
> CONFIG_NF_NAT_IPV6: missing
> CONFIG_IP_NF_TARGET_MASQUERADE: missing
> CONFIG_IP6_NF_TARGET_MASQUERADE: missing
> CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
> FUSE (for use with lxcfs): enabled
>
> --- Checkpoint/Restore ---
> checkpoint restore: missing
> CONFIG_FHANDLE: enabled
> CONFIG_EVENTFD: enabled
> CONFIG_EPOLL: enabled
> CONFIG_UNIX_DIAG: missing
> CONFIG_INET_DIAG: enabled
> CONFIG_PACKET_DIAG: missing
> CONFIG_NETLINK_DIAG: missing
> File capabilities: enabled
>
> Note : Before booting a new kernel, you can check its configuration
> usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
>
> After going around the internet, I found out that somebody had the same
issue with me: https://marc.info/?l=openembedded-devel&m=154773496216135&w=2,
and they also think that veth missing is the problem. And as suggestion, I
added in my local.conf:
> CORE_IMAGE_EXTRA_INSTALL += "kernel-modules docker"
> But they also mentioned the actual solution is :
>
> I found the issue.  The veth kernel parameter was not enabled.  Once I
added
> CONFIG_VETH=y to my docker.cfg file, I was able to successfully run a
> docker container in my openembedded OS
>
> So where could I do the same? I've used the rocko version and it doesn't
have the linux/docker.cfg file? Or could I can create one by myself?
>
> P/S:
> I found in meta-virtualization/recipes-kernel/linux/linux-yocto/ the file
docker.cfg, but there is no option as CONFIG_VETH, but in the file lxc.cfg,
it exists and already 'y'. I don't really know what needed to actually used
this. Why the veth module is not appeared?
>

Correct. Similar fragments did exist in the rocko timeframe, but if you are
looking for docker support .. a newer (and supported) release is highly
recommended.

Using the fragments depends on your kernel provider.

If it is linux yocto, then there is a .inc file in the layer that is
enabled whenever virtualization is in the DISTRO_FEATURES. That .inc file
adds the fragments to the linux-yocto SRC_URI, and the options will be
enabled (
https://git.yoctoproject.org/meta-virtualization/tree/recipes-kernel/linux/linux-yocto_virtualization.inc?h=rocko
)

If your kernel provider is linux-yocto based (i.e. it supports fragments),
then you could individually add the fragments via KERNEL_FEATURES (check
the yocto docs for details).

And finally, if you do have CONFIG_VETH enabled as a module (versus built
in), you'd also need to make sure the specific kernel module package is
installed to your image, or all modules are installed (via the
kernel-modules package that you have mentioned above).

Bruce



> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#6990):
https://lists.yoctoproject.org/g/meta-virtualization/message/6990
> Mute This Topic: https://lists.yoctoproject.org/mt/88187835/1050810
> Mute #yocto:
https://lists.yoctoproject.org/g/meta-virtualization/mutehashtag/yocto
> Mute #meta-virtualization:
https://lists.yoctoproject.org/g/meta-virtualization/mutehashtag/meta-virtualization
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [
bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>


-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II

[-- Attachment #2: Type: text/html, Size: 11580 bytes --]