node, syscontainer: drop /var/lib/docker mount point #15115
Conversation
giuseppe
changed the title
|
The change itself looks good. |
giuseppe
changed the title
giuseppe
force-pushed
the
sc_drop_var_lib_docker
branch
from
ff55619 to
2564c62
Compare
|
It doesn't work if I drop the |
giuseppe
force-pushed
the
sc_drop_var_lib_docker
branch
from
2564c62 to
a21e5a9
Compare
|
@rhvgoyal thanks for the review. I've added another patch that drops any mount point under I've verified that no shm mount is leaked into the node container. |
|
oci-umount will do this for you anyway. So you don't have to do this yourself? Given you need /var/lib/docker/containers/ to access these logs, I would say for your use case volume mount it in. And oci-umount will make sure all mount points under /var/lib/docker/containers don't show up inside containers. |
|
does oci-umount work as a runC hook? There are some differences in the way hooks work with runC compared to our version of Docker. We needed to do some changes into oci-systemd-hook and oci-register-machine to get them working with runC. So if it was not already tested, it will probably require some (minor) changes to oci-umount before it can be used within runC. |
|
oci-umount is supposed to be working same way as oci-umount-systemd hook. I think ultimately they are runc hooks. @dwalsh had done some fixes recently to take care of some of the differences. So I am hoping latest upstream works for you. Please give it a try. If not, let us know, we will fix it. |
|
I have tested oci-umount only with docker. With system-containers and runc, calling convention might be little different (as you mentioned) and it might require some tweaks. Having said that @dwlash had done some changes recently so that it works with cri-o and I hope that takes care of system container issues as well. |
|
cc @rhatdan |
|
@rhvgoyal @rhatdan thanks for the update, but unfortunately we are still not able to use it yet as it is not on RHELAH 7.3.6. |
|
making runc rpm depend on oci hook rpms sounds reasonable to me. I am sort of surprised that 7.3.6 does not have oci-umount package. |
|
cc @lsm5 |
|
oci-umount is currently a subpackage of the docker package. We want to move this out. CRI-O will depend on oci-umount also. |
openshift-merge-robot
added
the
size/S
|
/assign @sdodson |
openshift-merge-robot
added
the
approved
|
/approve no-issue |
Not sure what that's about ... |
|
/test all @ashcrow that means the required test did not finish successfully |
|
@stevekuznetsov thanks! I returned yesterday and didn't realize the new commands. |
|
/test all |
|
/retest |
|
/test extended_conformance_gce |
|
Looks totally unrelated but ... |
|
/retest |
with /var/lib/docker/containers so we don't leak /var/lib/docker/devicemapper mount points into the container. Reference: openshift#15105 Signed-off-by: Giuseppe Scrivano <[email protected]>
Do not leave any mount point busy under /var/lib/docker/containers Signed-off-by: Giuseppe Scrivano <[email protected]>
giuseppe
force-pushed
the
sc_drop_var_lib_docker
branch
from
6543e72 to
d14bce0
Compare
|
/test cmd |
|
@sdodson is this good to go? Missing a LGTM |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ashcrow, giuseppe, sdodson The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
Automatic merge from submit-queue (batch tested with PRs 17476, 17143, 15115, 17094, 17500). |
Reference: #15105
Signed-off-by: Giuseppe Scrivano [email protected]