bpm-release icon indicating copy to clipboard operation
bpm-release copied to clipboard
verified publisher icon cloudfoundry

bpm does not work with cgroupv2

Open ramonskie opened this issue 1 year ago • 3 comments

for the noble stemcel where we cgroupv2 is now the default bpm is not starting

linked issue: https://github.com/cloudfoundry/bosh-linux-stemcell-builder/issues/355 slack discussion: https://cloudfoundry.slack.com/archives/C06HTDT78N9/p1717058467990399

ramonskie avatar Jun 19 '24 09:06 ramonskie

Is this still an issue, or is this solved with https://github.com/cloudfoundry/bpm-release/pull/172?

geofffranks avatar Aug 28 '24 14:08 geofffranks

We've got some redness in the Noble pipeline currently, but we're going to try and fix that tomorrow and that should tell us if BPM is good on Noble

jpalermo avatar Aug 29 '24 15:08 jpalermo

Did y'all figure out the redness in the Noble pipeline? I'm running into problems where there is no DNS lookup capability inside BPM containers, whether or not bosh-dns is present on the VM. Getting connection refused on all :53 attempts:

vcap@3f588a05-5eff-4077-940c-44a7d8dbb1ac:/var/vcap/jobs/loggregator_agent$ host google.com
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
;; no servers could be reached
vcap@3f588a05-5eff-4077-940c-44a7d8dbb1ac:/var/vcap/jobs/loggregator_agent$ ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Aug 14 20:27 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
vcap@3f588a05-5eff-4077-940c-44a7d8dbb1ac:/var/vcap/jobs/loggregator_agent$ ls /run
ls: cannot access '/run': No such file or directory

Additionally it looks like ping doesn't work inside BPM containers either:

vcap@3f588a05-5eff-4077-940c-44a7d8dbb1ac:/var/vcap/jobs/loggregator_agent$ ping google.com
ping: socktype: SOCK_RAW
ping: socket: Operation not permitted
ping: => missing cap_net_raw+p capability or setuid?

For reference, on a jammy BPM container:

vcap@d3ee922f-0701-44b4-91e5-85a65aece394:/var/vcap/jobs/loggregator_agent$ ping google.com
PING google.com (173.194.206.138) 56(84) bytes of data.
64 bytes from nz-in-f138.1e100.net (173.194.206.138): icmp_seq=1 ttl=115 time=2.18 ms
64 bytes from nz-in-f138.1e100.net (173.194.206.138): icmp_seq=2 ttl=115 time=1.08 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.081/1.629/2.178/0.548 ms
vcap@d3ee922f-0701-44b4-91e5-85a65aece394:/var/vcap/jobs/loggregator_agent$ ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 27 Sep  4 16:34 /etc/resolv.conf -> /run/resolvconf/resolv.conf
vcap@d3ee922f-0701-44b4-91e5-85a65aece394:/var/vcap/jobs/loggregator_agent$ ls /run
resolvconf

geofffranks avatar Sep 05 '24 20:09 geofffranks

Looks like it had to do with how bpm was mounting the resolv.conf file into the container. We fix it today and will get a 1.4.0 cut with the changes.

jpalermo avatar Oct 02 '24 00:10 jpalermo

Released

jpalermo avatar Oct 02 '24 01:10 jpalermo