Issues with cgroups (cpuset) and kernel module inside CT

soupdiver

Member
Feb 24, 2021
19
0
6
54
I try to run a Hashicorp Nomad agent inside a CT that should spawn Tasks using its `exec` driver. See: https://www.nomadproject.io/docs/drivers/exec
Essentially it will isolate the process using chroot/cgroups.
This however fails in my container.
I get 2 errors

1) The cpuset management controller seems not to be available. I'm not very familiar with lxc low-level internals.

Code:
ll /sys/fs/cgroup/nomad.slice/cpuset.cpus.effective
ls: cannot access '/sys/fs/cgroup/nomad.slice/cpuset.cpus.effective': No such file or directory

Seems to be a sympthom of this.

More tech details in this github issue: https://github.com/hashicorp/nomad/issues/14797

2) I'm missing the bridge kernel module

Code:
| 3 errors occurred:
  |     * module bridge not in /proc/modules
  |     * failed to open /lib/modules/5.15.60-1-pve/modules.builtin: open /lib/modules/5.15.60-1-pve/modules.builtin: no such file or directory
  |     * failed to open /lib/modules/5.15.60-1-pve/modules.dep: open /lib/modules/5.15.60-1-pve/modules.dep: no such file or directory
  |

Is there a way to get `/lib/modules` available in the container?

Happy to provide more details to figure this out.
I have tried in a priviliged and unpriviliged container but the result seems to be the same.

Update: I tried the same setup inside a VM and not a container. I get the same result. Initially I thought this is because of the nesting with cgroups but now I'm not sure.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!