Unable to run clear container in Azure

Question

Unable to run clear container in Azure

xinyanmsft opened this issue 7 years ago · 5 comments

Unable to run Clear Containers in Azure.

Go to Azure, create a 'Clear Linux OS - Containers' in US West 2, of size Standard_D2_v3. According to https://azure.microsoft.com/en-us/blog/introducing-the-new-dv3-and-ev3-vm-sizes/, this has nested virtualization enabled.
Wait till the VM is created. SSH, run the following:

sudo swupd update
sudo swupd bundle-add containers-virt
sudo systemctl restart docker

after running these command, docker info | grep Runtime shows:
Runtimes: cor runc
Default Runtime: cor
(I think this is good)

And 'sudo docker run hello-world' result in timeout.

Running "bash ./clear-linux-check-config.sh container" from https://download.clearlinux.org/current/clear-linux-check-config.sh outputs the following:

SUCCESS: Intel CPU
SUCCESS: 64-bit CPU (lm)
SUCCESS: Streaming SIMD Extensions v4.1 (sse4_1)
SUCCESS: Virtualisation support (vmx)
SUCCESS: Kernel module kvm
SUCCESS: Kernel module kvm_intel
SUCCESS: Nested KVM support
FAIL: Unrestricted guest KVM support

Answer 1 · 2017-09-04T10:01:30.000Z

Hi @xinyanmsft Thanks for the report.
We ran into this very recently when bringing up CC3.x under Azure, and tracked down a couple of config items (around QEMU options) we had to modify to enable this.
You can find some details over on the relevant PR:
containers/virtcontainers#343

You should be able to run Clear Containers 3.x under Azure now. If you are unable to then we would be very interested in any feedback (best posted over on the relevant CC3.x repo).
For CC3.x, please see: https://github.com/clearcontainers/runtime as a jumping off point.

Answer 2 · 2017-09-04T16:36:54.000Z

thanks @grahamwhaley. I was able to start ubuntu on CC3.x (still needs to create Azure VM in WestUS2 where nested hyper-V is required).
I am experimenting a CI build step and wants to use docker:DIND image. the command failed with:
sudo docker run --privileged docker:dind
....
Error starting daemon: error while opening volume store metadata database: invalid argument

Answer 3 · 2017-09-05T17:25:51.000Z

@xinyanmsft Hi, could you please create a new issue at github.com/clearcontainers/runtime ?

Answer 4 · 2017-09-05T17:26:03.000Z

@xinyanmsft the dind issue is unrelated to nesting. This is due to the lack of support for true privileged container support in clear containers. Can you try a non privileged container and check if that works for you.

Answer 5 · 2017-09-05T19:45:00.000Z

close this issue as suggested. I am openning a separate issue to track the --privileged container support. thanks!