meta-virtualization.lists.yoctoproject.org archive mirror
 help / color / mirror / Atom feed
From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: Ralph Siemsen <ralph.siemsen@linaro.org>
Cc: meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization] docker/containerd/runc version compatability
Date: Mon, 11 Jul 2022 22:13:59 -0400	[thread overview]
Message-ID: <CADkTA4M8yppFXr-EnvqSEJZ0Fw3wJvXg4z5vQSAoy7UA0=z82A@mail.gmail.com> (raw)
In-Reply-To: <CANp-EDa+9Wa6GntcF6+XU3khNfRoCfhE0cCAXihNHr1Btb2H5A@mail.gmail.com>

On Mon, Jul 11, 2022 at 2:13 PM Ralph Siemsen <ralph.siemsen@linaro.org> wrote:
>
> Perhaps someone here can help point me to relevant documentation. I'm
> wondering if there are some guidelines about which version(s) of
> docker/containerd/runc are compatible. I've searched through the
> docker manuals and release notes, without finding very many details.
>
> Backing up a step further, the dunfell branch of meta-virtualization
> has docker-moby 19.03.15, containerd-v1.2.14, and runc-1.0.0-rc8. This
> combination seems to work fine, however there are several CVEs
> flagged.
>
> In a somewhat naive attempt to fix some of the CVEs, I updated
> containerd from 1.2.x to v1.4.12. This version was picked primarily
> because it was available in gatesgarth at the time, I could just copy
> the recipe over. This compiles and runs hello-world and ubuntu test
> images successfully.

FWIW, that's more than just bug fixes, so we wouldn't want that
much of a version bump on any of the -stable branches. They'd
stay within the .x series of a release.

>
> However over time, an oddity has emerged: even with no images
> downloaded and therefore no containers running (just the daemon
> sitting idle), the system log shows a goroutine crashing periodically
> with "fatal error: bad symbol table". It can take up to 10 hours, but
> usually happens within an hour, on an otherwise idle system.
>
> This did not happen with the original set of versions on the dunfell
> branch. So I'm wondering what versions can be combined? What other
> tests (besides downloading and starting a container) could be run to
> check that the chosen versions are working together correctly?

What you are describing is exactly why you'll see me in the list archives
telling folks that there's no need to send updates to the individual
packages in master. I do unified testing on all the various components
in about the m3 timeframe of a release. The -stable branches are
updated for CVEs/bugs only and get updates at a much slower cadence.

The dependencies/versions are documented within the projects
themselves, but they aren't tightly coupled (for the most part) so
there is some flex.  But honestly, it is often that the latest of all the
projects work together at any given point, so when I do the updates
that is fundamentally the known set of working versions. Otherwise,
you are into looking at the project and their documented dependencies
on the various components. (or looking at what other distros are doing,
etc).

The larger stacks (i.e. k3s) are what I use to drive more complex
and end to end testing with the components. But fetching a container
and running it is a good test and covers a lot of ground.

Bruce


>
> Any hints or advice would be appreciated!
> Ralph
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7435): https://lists.yoctoproject.org/g/meta-virtualization/message/7435
> Mute This Topic: https://lists.yoctoproject.org/mt/92316357/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>


-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


      reply	other threads:[~2022-07-12  2:14 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-11 18:12 docker/containerd/runc version compatability Ralph Siemsen
2022-07-12  2:13 ` Bruce Ashfield [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CADkTA4M8yppFXr-EnvqSEJZ0Fw3wJvXg4z5vQSAoy7UA0=z82A@mail.gmail.com' \
    --to=bruce.ashfield@gmail.com \
    --cc=meta-virtualization@lists.yoctoproject.org \
    --cc=ralph.siemsen@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).