环境
# cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core)
# uname -r
4.18.0-348.rt7.130.el8.x86_64
问题及现象
- pod的状态全部都是ContainerCreating的状态
- containerd进程有大量报错,主要有:
failed to create containerd task: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/k8s.io/c4847070fad34a8da9b16b5c20cdc38e28a15cfcf9913d712e4fe60d8c9029f7/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown
解决方案
查看现有libseccomp版本
# sudo rpm -qa | grep libseccomp
libseccomp-2.3.3-3.el8.x86_64
卸载低版本libseccomp
# sudo rpm -e libseccomp-2.3.3-3.el8.x86_64 --nodeps
# sudo rpm -qa | grep libseccomp
#
安装高版本libseccomp
# yum provides libseccomp
Last metadata expiration check: 0:48:39 ago on Tue 28 Mar 2023 01:49:06 PM CST.
libseccomp-2.5.2-1.el8.i686 : Enhanced seccomp library
Repo : Base
Matched from:
Provide : libseccomp = 2.5.2-1.el8
libseccomp-2.5.2-1.el8.x86_64 : Enhanced seccomp library
Repo : Base
Matched from:
Provide : libseccomp = 2.5.2-1.el8
# yum install libseccomp-2.5.2-1.el8.x86_64
Last metadata expiration check: 0:49:46 ago on Tue 28 Mar 2023 01:49:06 PM CST.
Dependencies resolved.
======================================================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================================================
Installing:
libseccomp x86_64 2.5.2-1.el8 Base 71 k
Transaction Summary
======================================================================================================================================================================
Install 1 Package
Total download size: 71 k
Installed size: 166 k
Is this ok [y/N]: y
Downloading Packages:
libseccomp-2.5.2-1.el8.x86_64.rpm 38 MB/s | 71 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 7.0 MB/s | 71 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : libseccomp-2.5.2-1.el8.x86_64 1/1
Running scriptlet: libseccomp-2.5.2-1.el8.x86_64 1/1
Verifying : libseccomp-2.5.2-1.el8.x86_64 1/1
Installed:
libseccomp-2.5.2-1.el8.x86_64
Complete!
# sudo rpm -qa | grep libseccomp
libseccomp-2.5.2-1.el8.x86_64
解决后现象
- pod状态
安装之后,不用重启containerd进程,就看到了目前pod的状态都正常了
- runc中依赖的libseccomp
libseccomp已经是高版本的了
# runc --version
runc version 1.1.4
commit: v1.1.4-0-g5fd4c4d1
spec: 1.0.2-dev
go: go1.18.10
libseccomp: 2.5.2
原理
libseccomp需要高于2.4版本
containerd.io 要求安装版本为 2.4.0 的 libseccomp
具体官方依据还未找到,后续找到补充
参考
k8s系列-06-containerd的基本操作 卸载安装libeseccomp
containerd.io depends libseccomp2 ( = 2.4.0) but 2.3.1-2.1ubuntu4 is to be installed