[Bug]: podman play kube with disabled cgroup #17436
Description
Issue Description
Under Debian SID, the podman play kube with disabled cgroup (test/e2e/play_kube_test.go:4657) test fails under root, and remote scenarios (oddly, it passes under 'remote'). Note: The all CI Debian VM's are setup to use runc and CgroupsV1 (not the default).
Steps to reproduce the issue
Steps to reproduce the issue
- Generate the test kube YAML and
containers.conf(see additional info below) podman --storage-opt vfs.imagestore=/tmp/imagecachedir --root /tmp/podman_test595160758/root --runroot /tmp/podman_test595160758/runroot --runtime runc --conmon /usr/bin/conmon --network-config-dir /etc/containers/networks --network-backend netavark --cgroup-manager systemd --tmpdir /tmp/podman_test595160758 --events-backend file --storage-driver vfs play kube /tmp/podman_test595160758/kube.yaml
Describe the results you received
Error: requested OCI runtime runc is not compatible with NoCgroups: invalid argument
Describe the results you expected
Pod:
dc664c1a0d4243239b71fa14d38fdedbbebe3759fa928e9803b818eb2b2e7d3f
Container:
1ab66e323ad39ae1183a59b2ffc4a7bea718e6ed83fca542872d4b4751f9aee2
podman info output
host:
arch: amd64
buildahVersion: 1.29.0
cgroupControllers:
- cpuset
- cpu
- cpuacct
- blkio
- memory
- devices
- freezer
- net_cls
- perf_event
- net_prio
- hugetlb
- pids
- rdma
- misc
cgroupManager: systemd
cgroupVersion: v1
conmon:
package: conmon_2.1.3+ds1-1_amd64
path: /usr/bin/conmon
version: 'conmon version 2.1.3, commit: unknown'
cpuUtilization:
idlePercent: 13.17
systemPercent: 31.94
userPercent: 54.89
cpus: 2
distribution:
codename: bookworm
distribution: debian
version: "12.03"
eventLogger: journald
hostname: cirrus-task-4559945404776448
idMappings:
gidmap: null
uidmap: null
kernel: 6.1.0-3-cloud-amd64
linkmode: dynamic
logDriver: journald
memFree: 1875533824
memTotal: 4116254720
networkBackend: netavark
ociRuntime:
name: runc
package: runc_1.1.4+ds1-1+b1_amd64
path: /usr/bin/runc
version: |-
runc version 1.1.4+ds1
commit: 1.1.4+ds1-1+b1
spec: 1.0.2-dev
go: go1.19.4
libseccomp: 2.5.4
os: linux
remoteSocket:
exists: true
path: /run/podman/podman.sock
security:
apparmorEnabled: true
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns_1.2.0-1_amd64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.4
swapFree: 0
swapTotal: 0
uptime: 0h 27m 39.00s
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
volume:
- local
registries:
docker.io:
Blocked: false
Insecure: false
Location: mirror.gcr.io
MirrorByDigestOnly: false
Mirrors: null
Prefix: docker.io
PullFromMirror: ""
docker.io/library:
Blocked: false
Insecure: false
Location: quay.io/libpod
MirrorByDigestOnly: false
Mirrors: null
Prefix: docker.io/library
PullFromMirror: ""
localhost:5000:
Blocked: false
Insecure: true
Location: localhost:5000
MirrorByDigestOnly: false
Mirrors: null
Prefix: localhost:5000
PullFromMirror: ""
search:
- docker.io
- quay.io
- registry.fedoraproject.org
store:
configFile: /usr/share/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /var/lib/containers/storage
graphRootAllocated: 211116445696
graphRootUsed: 6976233472
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 0
runRoot: /run/containers/storage
transientStore: false
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 4.4.0-dev
Built: 1675368888
BuiltTime: Thu Feb 2 20:14:48 2023
GitCommit: eef1b825d5ac4eeb1d739b2e0973b19917c3ea1c
GoVersion: go1.19.5
Os: linux
OsArch: linux/amd64
Version: 4.4.0-dev
### Podman in a container
No
### Privileged Or Rootless
None
### Upstream Latest Release
Yes
### Additional environment details
The CI test sets up a `containers.conf` with:
```toml
[containers]
ipcns="host"
cgroups="disabled"
and simplePodYaml:
apiVersion: v1
kind: Pod
metadata:
name: libpod-test
spec:
containers:
- image: quay.io/libpod/alpine_nginx:latest
command:
- sleep
- "3600"The "remote" flavor of the test can be observed passing in the raw log by searching for the test name.
Additional information
Debian GNU/Linux bookworm/sid \n \l
Kernel: 6.1.0-3-cloud-amd64
Cgroups: tmpfs
dpkg-query: no packages found matching containers-common
dpkg-query: no packages found matching cri-o-runc
conmon-2.1.3+ds1-1-amd64
containernetworking-plugins-1.1.1+ds1-3+b1-amd64
criu-3.17.1-2-amd64
crun-1.5+dfsg-1+b1-amd64
golang-2:1.19~1-amd64
libseccomp2-2.5.4-1+b3-amd64
podman-4.3.1+ds1-5+b1-amd64
runc-1.1.4+ds1-1+b1-amd64
skopeo-1.9.3+ds1-1-amd64
slirp4netns-1.2.0-1-amd64