Proxmox 7 - lxc cgroup issue with docker

[kyriazis]

Upgraded to Proxmox 7, installed has no problems (well, pending issue https://forum.proxmox.com/threads/unknown-video-mode-on-fresh-proxmox-7-install.92623/#post-403828, but that's a different story).

We are running LXC containers with docker and gitlab-runner inside them. I modified the /etc/pve/lxc/*.conf files by renaming the cgroup entries to cgroup2, namely:

lxc.cgroup2.devices.allow: a

However, docker run complains:

root@vis-ct-hsw-00:~# docker run hello-world
docker: Error response from daemon: cgroups: cgroup mountpoint does not exist: unknown.
ERRO[0000] error waiting for container: context canceled
root@vis-ct-hsw-00:~#

https://www.infoq.com/news/2021/01/docker-engine-cgroups-logging/ Indicates that cgroup2 support in docker is only rolled into docker 20, while ubuntu20.04 is on docker19.03.13.

Proxmox documentation (https://pve.proxmox.com/pve-docs/chapter-pct.html#pct_cgroup_compat) says that one of the options is to switch back to legacy cgroup, but it doesn't describe how. Any documentation on how to do that?

Another question is: Do we expect for docker 20 to roll out to ubuntu before or after cgroupv1 compatibility disappears from Proxmox?

Thank you!

george

 

[kyriazis]

Ok, I saw some more docs saying that one should add systemd.unified_cgroup_hierarchy=0 to the kernel boot params to revert to original cgroup, but if I do this, I cannot even bring my containers up:

root@vis-hsw-00:/etc/pve/lxc# pct start 132
explicitly configured lxc.apparmor.profile overrides the following settings: features:mount
cgfsng_setup_limits_legacy: 2764 Bad address - Failed to set "devices.deny" to "a"
cgroup_tree_create: 808 Failed to setup legacy device limits
cgfsng_payload_create: 1171 Numerical result out of range - Failed to create container cgroup
lxc_spawn: 1644 Failed creating cgroups
__lxc_start: 2073 Failed to spawn container "132"
startup for container '132' failed
root@vis-hsw-00:/etc/pve/lxc#

Here is my conf file:

# more 132.conf
#mp0%3A /mnt/pve/scratch,mp=/scratch
arch: amd64
cores: 48
features: mount=nfs4,keyctl=1
hostname: vis-ct-hsw-00
memory: 57344
net0: name=eth0,bridge=vmbr0,hwaddr=XX:XX:XX:XX:XX:XX,ip=dhcp,type=veth
onboot: 0
ostype: ubuntu
rootfs: local-lvm:vm-132-disk-0,size=192G
snaptime: 1573010169
swap: 16384
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:

Thanks!

George

 

[kyriazis]

@t.lamprecht , perhaps you can help here? Thank you!

 

[Sysnasri]

I'm also affected with this issue.

 

[kyriazis]

Solution provided in https://forum.proxmox.com/threads/migration-from-6-4-to-7-0.92358/#post-404214.

It works for me.