Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ubuntu 22.04 fails to boot with read-only filesystem (Docker Desktop for macOS) #2

Open
quinncomendant opened this issue Apr 27, 2022 · 5 comments

Comments

@quinncomendant
Copy link

Hi Jeff,

I'm getting started with ansible and molecule, and am happy to find your pre-built images (thanks!). I'm having some trouble with the new Ubuntu 22.04 image. I'm using Docker Desktop 4.7.1 with default settings (no experimental features) on macOS 12.3.1 on a 2021 MBP w/M1 Pro.

When running docker as per the steps in README.md (except with -it instead of --detach so I can see the output), it fails to boot:

❯ docker run -it --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro geerlingguy/docker-ubuntu2204-ansible
Failed to look up module alias 'autofs4': Function not implemented
systemd 249.11-0ubuntu3 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL +ACL +BLKID +CURL +ELFUTILS -FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP -LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
Detected virtualization docker.
Detected architecture arm64.

Welcome to Ubuntu 22.04 LTS!

Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!!!!!] Failed to allocate manager object.
Exiting PID 1...

If I change the volume to read-write mode (by changing --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro to --volume=/sys/fs/cgroup:/sys/fs/cgroup:rw) it boots successfully:

❯ docker run -it --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:rw geerlingguy/docker-ubuntu2204-ansible
Failed to look up module alias 'autofs4': Function not implemented
systemd 249.11-0ubuntu3 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL +ACL +BLKID +CURL +ELFUTILS -FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP -LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
Detected virtualization docker.
Detected architecture arm64.

Welcome to Ubuntu 22.04 LTS!

Couldn't move remaining userspace processes, ignoring: Input/output error
Queued start job for default target Graphical Interface.
Unnecessary job was removed for /dev/vda1.
[  OK  ] Created slice Slice /system/modprobe.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Started Dispatch Password Requests to Console Directory Watch.
etc…

Is there a reason this image should be run in read-only mode, or is it safe to use in read-write mode?


Just for comparison, I also tried to boot your Ubuntu 18.04 and 20.04 images. They boot successfully in read-only mode – except for the Failed to allocate manager object, freezing error, do you know what is causing that?

Here's geerlingguy/docker-ubuntu1804-ansible:

❯ docker run -it --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro geerlingguy/docker-ubuntu1804-ansible

Welcome to Ubuntu 18.04.6 LTS!

[!!!!!!] Failed to allocate manager object, freezing.

Here's geerlingguy/docker-ubuntu2004-ansible:

❯ docker run -it --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro geerlingguy/docker-ubuntu2004-ansible

Welcome to Ubuntu 20.04.4 LTS!

[!!!!!!] Failed to allocate manager object.
@quinncomendant
Copy link
Author

This seems like it's related, but I don't really understand it: https://serverfault.com/questions/1053187/systemd-fails-to-run-in-a-docker-container-when-using-cgroupv2-cgroupns-priva

@quinncomendant
Copy link
Author

The release notes for Docker Desktop 4.3.0 include this note about using cgroup v2 (emphasis mine):

Docker Desktop now uses cgroupv2. If you need to run systemd in a container then:

This github issue for docker desktop confirms this requirement by many users, and has lots of backlinks from other projects that use systemd that broke when Docker Desktop 4.3.0 was released. There's this comment that specifically mentions Ubuntu 22.04 requiring these options, and how the --cgroupns=host option may not be required, which my tests confirm.

So, with regards to your docker-ubuntu2204-ansible image, I think the fix is to update README.md to include these options that are required to run it on Docker Desktop.

@quinncomendant
Copy link
Author

This github issue for the Moby Project also confirms that it appears necessary to expose /sys/fs/cgroup as read-write as of systemd version 248.

Its author offers workarounds:

  • boot host with systemd.unified_cgroup_hierarchy=0
  • remove ro flag from docker run arg -v /sys/fs/cgroup:/sys/fs/cgroup:ro but this contaminates the host cgroup, causing e.g. docker top to get confused:

Another user suggests it can also be solved using namespace isolation (--userns-remap) or by just using podman instead of docker.

@tofi86
Copy link

tofi86 commented May 25, 2022

I had the same issue and I can confirm that it works with these changes...

@mikch06
Copy link

mikch06 commented May 9, 2023

Did by kernel parameter:
Not nice, but it works:

kargs --append='systemd.unified_cgroup_hierarchy=0'

https://docs.fedoraproject.org/en-US/fedora-coreos/kernel-args/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants