Невозможно создать песочницу: невозможно прочитать файл синхронизации клиента: ожидание запуска песочницы: EOF: неизвест

Невозможно создать песочницу: невозможно прочитать файл синхронизации клиента: ожидание запуска песочницы: EOF: неизвест ⇐ Linux

1 сообщение • Страница 1 из 1

Anonymous

Невозможно создать песочницу: невозможно прочитать файл синхронизации клиента: ожидание запуска песочницы: EOF: неизвест

Цитата

Сообщение Anonymous » 06 окт 2024, 18:57

Без Gvisor
Я пытаюсь использовать графический процессор Nvidia с gvisor в контейнере с crictl. Графический процессор Nvidia отлично работает с runc. Используя приведенную ниже конфигурацию для запуска runc. файл /etc/nvidia-container-runtime/config.toml
#accept-nvidia-visible-devices-as-volume-mounts = false
#accept-nvidia-visible-devices-envvar-when-unprivileged = true
disable-require = false
supported-driver-capabilities = "compat32,compute,display,graphics,ngx,utility,video"
#swarm-resource = "DOCKER_RESOURCE_GPU"

[nvidia-container-cli]
#debug = "/var/log/nvidia-container-toolkit.log"
environment = []
#ldcache = "/etc/ld.so.cache"
ldconfig = "@/sbin/ldconfig"
load-kmods = true
#no-cgroups = false
#path = "/usr/bin/nvidia-container-cli"
#root = "/run/nvidia/driver"
#user = "root:video"

[nvidia-container-runtime]
debug = "/var/log/nvidia-container-runtime.log"
log-level = "info"
mode = "legacy"
runtimes = ["runc"]

[nvidia-container-runtime.modes]

[nvidia-container-runtime.modes.cdi]
annotation-prefixes = ["cdi.k8s.io/"]
default-kind = "nvidia.com/gpu"
spec-dirs = ["/etc/cdi", "/var/run/cdi"]

[nvidia-container-runtime.modes.csv]
mount-spec-path = "/etc/nvidia-container-runtime/host-files-for-container.d"

[nvidia-container-runtime-hook]
path = "nvidia-container-runtime-hook"
skip-mode-detection = false

[nvidia-ctk]
path = "nvidia-ctk"

использовал nvidia-ctk для настройки контейнера. /etc/containerd/config.toml имеет новую среду выполнения. Использовал приведенные ниже команды для запуска контейнера графического процессора.
SANDBOX_ID=$(sudo crictl runp --runtime nvidia pod.json)
CONTAINER_ID=$(sudo crictl create ${SANDBOX_ID} container.json pod.json)
sudo crictl start ${CONTAINER_ID}

Таким образом, без Gvisor графический процессор внутри контейнера работает нормально.
С Gvisor
Как указано в документацию в gvisor https://gvisor.dev/docs/user_guide/gpu/, чтобы создать скрипт, как показано ниже, сделать его исполняемым и сохранить в PATH в /usr/local/bin/runscgpu.
#!/bin/bash
exec /usr/local/bin/runsc --nvproxy "$@"

Затем добавили эту новую среду выполнения в /etc/nvidia-container-runtime/config.toml, как показано ниже,
....

[nvidia-container-runtime]
debug = "/var/log/nvidia-container-runtime.log"
log-level = "info"
mode = "legacy"
runtimes = ["runscgpu", "runc"]

....

Когда я пытаюсь создать модуль с помощью SANDBOX_ID=$(sudo crictl runp --runtime nvidia pod.json), получаю ошибку ниже,
DEBU[0000] RunPodSandboxRequest: &RunPodSandboxRequest{Config:&PodSandboxConfig{Metadata:&PodSandboxMetadata{Name:nvidia-sandbox,Uid:4dis4d93djaidwnduwk28bcsb,Namespace:default,Attempt:1,},Hostname:,LogDirectory:/tmp,DnsConfig:nil,PortMappings:[&PortMapping{Protocol:TCP,ContainerPort:80,HostPort:8081,HostIp:,}],Labels:map[string]string{},Annotations:map[string]string{},Linux:&LinuxPodSandboxConfig{CgroupParent:,SecurityContext:nil,Sysctls:map[string]string{},},},RuntimeHandler:nvidia,}
DEBU[0001] RunPodSandboxResponse: nil
FATA[0001] run pod sandbox failed: rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: OCI runtime create failed: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF: unknown

Журналы

Oct 06 15:40:57 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:40:57.473234077Z" level=error msg="RunPodSandbox for name:\"nvidia-sandbox\" uid:\"4dis4d93djaidwnduwk28bcsb\" namespace:\"default\" attempt:1 failed, error" error="failed to create containerd task: failed to create shim task: OCI runtime create failed: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF: unknown"
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.147098477Z" level=info msg="RunPodSandbox for name:\"nvidia-sandbox\" uid:\"4dis4d93djaidwnduwk28bcsb\" namespace:\"default\" attempt:1"
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.212728975Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.212788159Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.212805465Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.212916629Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.681764912Z" level=info msg="shim disconnected" id=2b400251e14e343494e8f6bf73c3de54c56cf777dfa5893098ddcd4168ec3856 namespace=k8s.io
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.681827010Z" level=warning msg="cleaning up after shim disconnected" id=2b400251e14e343494e8f6bf73c3de54c56cf777dfa5893098ddcd4168ec3856 namespace=k8s.io
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.681837475Z" level=info msg="cleaning up dead shim" namespace=k8s.io
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.773340581Z" level=warning msg="cleanup warnings time=\"2024-10-06T15:52:05Z\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/k8s.io/2b400251e14e343494e8f6bf73c3de54c56cf777dfa5893098ddcd4168ec3856/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n" namespace=k8s.io
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.773732749Z" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed" namespace=k8s.io
Oct 06 15:52:06 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:06.153555019Z" level=error msg="RunPodSandbox for name:\"nvidia-sandbox\" uid:\"4dis4d93djaidwnduwk28bcsb\" namespace:\"default\" attempt:1 failed, error" error="failed to create containerd task: failed to create shim task: OCI runtime create failed: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF: unknown"

Подробнее здесь: https://stackoverflow.com/questions/790 ... ox-to-star

1728230274

Anonymous

Без Gvisor
Я пытаюсь использовать графический процессор Nvidia с gvisor в контейнере с crictl. Графический процессор Nvidia отлично работает с runc. Используя приведенную ниже конфигурацию для запуска runc. файл /etc/nvidia-container-runtime/config.toml
#accept-nvidia-visible-devices-as-volume-mounts = false
#accept-nvidia-visible-devices-envvar-when-unprivileged = true
disable-require = false
supported-driver-capabilities = "compat32,compute,display,graphics,ngx,utility,video"
#swarm-resource = "DOCKER_RESOURCE_GPU"

[nvidia-container-cli]
#debug = "/var/log/nvidia-container-toolkit.log"
environment = []
#ldcache = "/etc/ld.so.cache"
ldconfig = "@/sbin/ldconfig"
load-kmods = true
#no-cgroups = false
#path = "/usr/bin/nvidia-container-cli"
#root = "/run/nvidia/driver"
#user = "root:video"

[nvidia-container-runtime]
debug = "/var/log/nvidia-container-runtime.log"
log-level = "info"
mode = "legacy"
runtimes = ["runc"]

[nvidia-container-runtime.modes]

[nvidia-container-runtime.modes.cdi]
annotation-prefixes = ["cdi.k8s.io/"]
default-kind = "nvidia.com/gpu"
spec-dirs = ["/etc/cdi", "/var/run/cdi"]

[nvidia-container-runtime.modes.csv]
mount-spec-path = "/etc/nvidia-container-runtime/host-files-for-container.d"

[nvidia-container-runtime-hook]
path = "nvidia-container-runtime-hook"
skip-mode-detection = false

[nvidia-ctk]
path = "nvidia-ctk"

использовал nvidia-ctk для настройки контейнера. /etc/containerd/config.toml имеет новую среду выполнения.  Использовал приведенные ниже команды для запуска контейнера графического процессора.
SANDBOX_ID=$(sudo crictl runp --runtime nvidia pod.json)
CONTAINER_ID=$(sudo crictl create ${SANDBOX_ID} container.json pod.json)
sudo crictl start ${CONTAINER_ID}

Таким образом, без Gvisor графический процессор внутри контейнера работает нормально.
С Gvisor
Как указано в документацию в gvisor https://gvisor.dev/docs/user_guide/gpu/, чтобы создать скрипт, как показано ниже, сделать его исполняемым и сохранить в PATH в /usr/local/bin/runscgpu.
#!/bin/bash
exec /usr/local/bin/runsc --nvproxy "$@"

Затем добавили эту новую среду выполнения в /etc/nvidia-container-runtime/config.toml, как показано ниже,
....

[nvidia-container-runtime]
debug = "/var/log/nvidia-container-runtime.log"
log-level = "info"
mode = "legacy"
runtimes = ["runscgpu", "runc"]

....

Когда я пытаюсь создать модуль с помощью SANDBOX_ID=$(sudo crictl runp --runtime nvidia pod.json), получаю ошибку ниже,
DEBU[0000] RunPodSandboxRequest: &RunPodSandboxRequest{Config:&PodSandboxConfig{Metadata:&PodSandboxMetadata{Name:nvidia-sandbox,Uid:4dis4d93djaidwnduwk28bcsb,Namespace:default,Attempt:1,},Hostname:,LogDirectory:/tmp,DnsConfig:nil,PortMappings:[&PortMapping{Protocol:TCP,ContainerPort:80,HostPort:8081,HostIp:,}],Labels:map[string]string{},Annotations:map[string]string{},Linux:&LinuxPodSandboxConfig{CgroupParent:,SecurityContext:nil,Sysctls:map[string]string{},},},RuntimeHandler:nvidia,}
DEBU[0001] RunPodSandboxResponse: nil
FATA[0001] run pod sandbox failed: rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: OCI runtime create failed: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF: unknown

[h4]Журналы[/h4]
Oct 06 15:40:57 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:40:57.473234077Z" level=error msg="RunPodSandbox for name:\"nvidia-sandbox\"  uid:\"4dis4d93djaidwnduwk28bcsb\"  namespace:\"default\"  attempt:1 failed, error" error="failed to create containerd task: failed to create shim task: OCI runtime create failed: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF: unknown"
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.147098477Z" level=info msg="RunPodSandbox for name:\"nvidia-sandbox\"  uid:\"4dis4d93djaidwnduwk28bcsb\"  namespace:\"default\"  attempt:1"
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.212728975Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.212788159Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.212805465Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.212916629Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.681764912Z" level=info msg="shim disconnected" id=2b400251e14e343494e8f6bf73c3de54c56cf777dfa5893098ddcd4168ec3856 namespace=k8s.io
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.681827010Z" level=warning msg="cleaning up after shim disconnected" id=2b400251e14e343494e8f6bf73c3de54c56cf777dfa5893098ddcd4168ec3856 namespace=k8s.io
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.681837475Z" level=info msg="cleaning up dead shim" namespace=k8s.io
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.773340581Z"  level=warning msg="cleanup warnings time=\"2024-10-06T15:52:05Z\" level=warning msg=\"failed to read init pid file\" error=\"open /run/containerd/io.containerd.runtime.v2.task/k8s.io/2b400251e14e343494e8f6bf73c3de54c56cf777dfa5893098ddcd4168ec3856/init.pid: no such file or directory\" runtime=io.containerd.runc.v2\n" namespace=k8s.io
Oct 06 15:52:05 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:05.773732749Z" level=error msg="copy shim log" error="read /proc/self/fd/13: file already closed" namespace=k8s.io
Oct 06 15:52:06 ip-172-21-148-200.eu-central-1.compute.internal containerd[1880]: time="2024-10-06T15:52:06.153555019Z" level=error msg="RunPodSandbox for name:\"nvidia-sandbox\"  uid:\"4dis4d93djaidwnduwk28bcsb\"  namespace:\"default\"  attempt:1 failed, error" error="failed to create containerd task: failed to create shim task: OCI runtime create failed: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF: unknown"
 

Подробнее здесь: [url]https://stackoverflow.com/questions/79059510/cannot-create-sandbox-cannot-read-client-sync-file-waiting-for-sandbox-to-star[/url]