【containerd错误解决系列】failed to create shim task, OCI runtime create failed, unable to retrieve OCI...

【containerd错误解决系列】failed to create shim task, OCI runtime create failed, unable to retrieve OCI...

码农世界 2024-05-18 前端 60 次浏览 0个评论

文章目录

    • 环境
    • 问题及现象
    • 解决方案
      • 查看现有libseccomp版本
      • 卸载低版本libseccomp
      • 安装高版本libseccomp
      • 解决后现象
      • 原理
      • 参考

        环境

        # cat /etc/redhat-release
CentOS Linux release 8.0.1905 (Core) 
# uname -r
4.18.0-348.rt7.130.el8.x86_64

        问题及现象

        1. pod的状态全部都是ContainerCreating的状态
        1. containerd进程有大量报错,主要有:

        failed to create containerd task: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/k8s.io/c4847070fad34a8da9b16b5c20cdc38e28a15cfcf9913d712e4fe60d8c9029f7/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown

        解决方案

        查看现有libseccomp版本

        # sudo rpm -qa | grep libseccomp
libseccomp-2.3.3-3.el8.x86_64

        卸载低版本libseccomp

        # sudo rpm -e libseccomp-2.3.3-3.el8.x86_64 --nodeps
# sudo rpm -qa | grep libseccomp
#

        安装高版本libseccomp

        # yum provides libseccomp
Last metadata expiration check: 0:48:39 ago on Tue 28 Mar 2023 01:49:06 PM CST.
libseccomp-2.5.2-1.el8.i686 : Enhanced seccomp library
Repo        : Base
Matched from:
Provide    : libseccomp = 2.5.2-1.el8
libseccomp-2.5.2-1.el8.x86_64 : Enhanced seccomp library
Repo        : Base
Matched from:
Provide    : libseccomp = 2.5.2-1.el8
# yum install libseccomp-2.5.2-1.el8.x86_64
Last metadata expiration check: 0:49:46 ago on Tue 28 Mar 2023 01:49:06 PM CST.
Dependencies resolved.
======================================================================================================================================================================
 Package                                   Arch                                  Version                                    Repository                           Size
======================================================================================================================================================================
Installing:
 libseccomp                                x86_64                                2.5.2-1.el8                                Base                                 71 k
Transaction Summary
======================================================================================================================================================================
Install  1 Package
Total download size: 71 k
Installed size: 166 k
Is this ok [y/N]: y
Downloading Packages:
libseccomp-2.5.2-1.el8.x86_64.rpm        38 MB/s |  71 kB     00:00    
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                   7.0 MB/s |  71 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        : 1/1 
  Installing       : libseccomp-2.5.2-1.el8.x86_64                  1/1 
  Running scriptlet: libseccomp-2.5.2-1.el8.x86_64                  1/1 
  Verifying        : libseccomp-2.5.2-1.el8.x86_64                  1/1 
Installed:
  libseccomp-2.5.2-1.el8.x86_64                                         
Complete!
# sudo rpm -qa | grep libseccomp
libseccomp-2.5.2-1.el8.x86_64

        解决后现象

        1. pod状态

        安装之后,不用重启containerd进程,就看到了目前pod的状态都正常了

        1. runc中依赖的libseccomp

          libseccomp已经是高版本的了

        # runc --version
runc version 1.1.4
commit: v1.1.4-0-g5fd4c4d1
spec: 1.0.2-dev
go: go1.18.10
libseccomp: 2.5.2

        原理

        libseccomp需要高于2.4版本

        containerd.io 要求安装版本为 2.4.0 的 libseccomp

        具体官方依据还未找到,后续找到补充

        参考

        k8s系列-06-containerd的基本操作 卸载安装libeseccomp

        containerd.io depends libseccomp2 ( = 2.4.0) but 2.3.1-2.1ubuntu4 is to be installed

转载请注明来自码农世界,本文标题:《【containerd错误解决系列】failed to create shim task, OCI runtime create failed, unable to retrieve OCI...》

百度分享代码,如果开启HTTPS请参考李洋个人博客
37815篇文章 站点 微博
每一天,每一秒,你所做的决定都会改变你的人生!

发表评论

快捷回复:

评论列表 (暂无评论,60人围观)参与讨论

还没有评论,来说两句吧...

Top