rootless: slirp4netns doesn't start since v1.17.4+k3s1

Question

rootless: slirp4netns doesn't start since v1.17.4+k3s1

AkihiroSuda opened this issue 4 years ago · comments

Akihiro Suda commented 4 years ago

Version:

k3s-v1.17.4+k3s1 version v1.17.4+k3s1 (3eee8ac)

Reproducible on master ( 690a4ca ) as well.

K3s arguments:

--rootless

Describe the bug

slirp4netns doesn't start since v1.17.4+k3s1

Originally reported by @ShylajaDevadiga in #1487 (comment)

To Reproduce

$ k3s server --rootless

Expected behavior
The server should start up

Actual behavior

FATA[2020-04-29T15:00:45.809243936+09:00] failed to setup network &{binary:slirp4netns mtu:65520 ipnet:0xc00102b140 disableHostLoopback:true apiSocketPath: enableSandbox:false enableSeccomp:false}: waiting for ready fd (/home/suda/.rancher/k3s/data/6a3098e6644f5f0dbfe14e5efa99bb8fdf60d63cae89fdffd71b7de11a1f1430/bin/slirp4netns --mtu 65520 -r 3 --disable-host-loopback --cidr 10.41.0.0/16 53578 tap0): slirp4netns failed 
FATA[2020-04-29T15:00:45.815057884+09:00] child diedparsing message from fd 3: EOF

Additional context / logs

Ubuntu 20.04, slirp4netns v1.0.1.

v1.17.3+k3s1 and v1.17.2+k3s1 don't hit this issue, but fail with another error (F0429 14:59:58.559339 53465 kubelet.go:1380] Failed to start ContainerManager [open /proc/sys/vm/overcommit_memory: permission denied, open /proc/sys/kernel/panic: permission denied, open /proc/sys/kernel/panic_on_oops: permission denied])

v1.17.0+k3s1 and v1.16.7+k3s1 work as expected.

Akihiro Suda commented 4 years ago

Thanks!

Akihiro Suda · Answer 1 · Fri May 08 2020 14:43:50 GMT+0800 (China Standard Time)

Interesting, ./bin/k3s server --rootless almost works (it fails with CNI binary path issue, but that's unrelated topic here), while ./dist/artifacts/k3s server --rootless does not.

@ibuildthecloud PTAL?

Akihiro Suda · Answer 2 · Fri May 08 2020 15:38:51 GMT+0800 (China Standard Time)

I found that slirp4netns is failing with "the option -r FD requires -c" error.

The error should not happen for slirp4netns >= v0.4.0: rootless-containers/slirp4netns@9115b34#diff-2045016cb90d1e65d71c2407a2570927L474

However, ./dist/artifacts/k3s seems bundled with very old and unstable version of slirp4netns (v0.3.0-alpha.2+dev).

Updating the bundled slirp4netns binary should fix the issue.

@ibuildthecloud @erikwilson Let me know how I can help updating the binary.

Brad Davidson · Answer 3 · Sat May 09 2020 01:17:43 GMT+0800 (China Standard Time)

There are a couple PRs open against k3s-root to update slirp4netns; I'm not sure why they haven't been merged yet.

Erik Wilson · Answer 4 · Sat May 09 2020 05:36:54 GMT+0800 (China Standard Time)

There are some issues building slirp4netns with buildroot due to some new package dependencies, so the PRs are insufficient in their current form. I would definitely like to fix this but it is a matter of getting a new build pipeline figured out.

Akihiro Suda · Answer 5 · Sat May 09 2020 07:19:51 GMT+0800 (China Standard Time)

A quick workaround is to just drop slirp4netns from the embedded archive, and require it as an external binary.

David Nuzik · Answer 6 · Thu Jul 02 2020 00:04:12 GMT+0800 (China Standard Time)

Needed for #1487

Akihiro Suda · Answer 7 · Thu Jul 02 2020 00:14:07 GMT+0800 (China Standard Time)

k3s-io/k3s-root#24 should solve the issue

Brad Davidson · Answer 8 · Wed Jul 22 2020 06:17:11 GMT+0800 (China Standard Time)

@AkihiroSuda this should be fixed in master.