The machines are being shutdown using an automated script, when they are started again in the morning some of the machines docker service fail to start.
We start it again using systemctl and then docker service starts but many containers are unable to start.
1 major diff from my other environments - This is running on an Azure VM, that has data disk. Due to performance issues Azure recommended not using the OS disk, but rather using the Data disk to host docker as well.
so in daemon.json we setup "data-root": to be on the mounted data disk.
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.290544908Z" level=error msg="stream copy error: reading from a closed fifo"
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.291066423Z" level=error msg="stream copy error: reading from a closed fifo"
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.308654806Z" level=error msg="Container not cleaned up from containerd from previous run" container=bb3ed15b048a4e238e621c6132fc3eb
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.350653261Z" level=error msg="stream copy error: reading from a closed fifo"
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.350694862Z" level=error msg="stream copy error: reading from a closed fifo"
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.438887887Z" level=error msg="0275e9fe31a598f36f33baba545504639570d155af7e8e1c5d86ab3474b22607 cleanup: failed to delete container
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.438921088Z" level=error msg="Failed to start container 0275e9fe31a598f36f33baba545504639570d155af7e8e1c5d86ab3474b22607: mkdir /ru
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.452774269Z" level=error msg="Container not cleaned up from containerd from previous run" container=a6eef1a1fd61cb0315dd65add4e8fb8
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.503689269Z" level=error msg="stream copy error: reading from a closed fifo"
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.503738371Z" level=error msg="stream copy error: reading from a closed fifo"
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.581512709Z" level=error msg="200654d8ceeac5f08c1bef83e541fa460fd432f816be7f5be1274f854f821ca9 cleanup: failed to delete container
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.581547810Z" level=error msg="Failed to start container 200654d8ceeac5f08c1bef83e541fa460fd432f816be7f5be1274f854f821ca9: mkdir /ru
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.586983159Z" level=error msg="9477ba5bc530b58fddb10983ba7d502ee3b52eafdd6de485d973d2d062fbc90d cleanup: failed to delete container
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.587013560Z" level=error msg="Failed to start container 9477ba5bc530b58fddb10983ba7d502ee3b52eafdd6de485d973d2d062fbc90d: mkdir /ru
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.611438932Z" level=error msg="Container not cleaned up from containerd from previous run" container=eefa30ddc7f1a58a81496c64bd1bc2c
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.629294423Z" level=error msg="f579ea5779d73a9e698f62221385d2ddc8aa271ffceadb2c485fbda5b6eafc3d cleanup: failed to delete container
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.629333324Z" level=error msg="Failed to start container f579ea5779d73a9e698f62221385d2ddc8aa271ffceadb2c485fbda5b6eafc3d: mkdir /ru
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.659101042Z" level=error msg="stream copy error: reading from a closed fifo"
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.659146444Z" level=error msg="stream copy error: reading from a closed fifo"
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.736744077Z" level=error msg="bb3ed15b048a4e238e621c6132fc3eb551c9abdd615a0daa990a1a641ab44afc cleanup: failed to delete container
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.736782078Z" level=error msg="Failed to start container bb3ed15b048a4e238e621c6132fc3eb551c9abdd615a0daa990a1a641ab44afc: mkdir /ru
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.843428611Z" level=error msg="a6eef1a1fd61cb0315dd65add4e8fb8598e9e863fa1dfa37b3d402229eebf068 cleanup: failed to delete container
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.843461112Z" level=error msg="Failed to start container a6eef1a1fd61cb0315dd65add4e8fb8598e9e863fa1dfa37b3d402229eebf068: mkdir /ru
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.864845100Z" level=error msg="eefa30ddc7f1a58a81496c64bd1bc2c57cdd32b929f91015016133277a3a6a87 cleanup: failed to delete container
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.864876501Z" level=error msg="Failed to start container eefa30ddc7f1a58a81496c64bd1bc2c57cdd32b929f91015016133277a3a6a87: mkdir /ru
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.864921902Z" level=info msg="Loading containers: done."
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.893609391Z" level=warning msg="Not using native diff for overlay2, this may cause degraded performance for building images: kernel
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.894162006Z" level=info msg="Docker daemon" commit=afacb8b7f0 graphdriver(s)=overlay2 version=19.03.8
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.895777950Z" level=info msg="Daemon has completed initialization"
Jul 09 06:01:46 prod-serv dockerd[59946]: time="2020-07-09T06:01:46.914413963Z" level=info msg="API listen on /var/run/docker.sock"
Jul 09 06:01:46 prod-serv systemd[1]: Started Docker Application Container Engine.
-- Subject: Unit docker.service has finished start-up
similar to #597
Output of docker version
:
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:25:46 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:24:19 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
Output of docker info
:
Client:
Debug Mode: false
Server:
Containers: 208
Running: 208
Paused: 0
Stopped: 0
Images: 1
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.3.0-1032-azure
Operating System: Ubuntu 18.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.59GiB
Name: prod-serv
ID: RQJD:7ZKW:YLDY:QCHP:MMHB:2X2S:RIUD:AVV6:OH74:C7D6:2VOX:UJU6
Docker Root Dir: /mnt/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
Additional environment details (AWS, VirtualBox, physical, etc.)
Azure VM, Ubuntu 18.04
1 major diff from my other environments - This is running on an Azure VM, that has data disk. Due to performance issues Azure recommended not using the OS disk, but rather using the Data disk to host docker as well.
so in daemon.json we setup "data-root": to be on the mounted data disk.
FSTAB config:
UUID={REDACTED} /mnt ext4 defaults,nofail 1 2
I recall this PR in containerd that updated the systemd unit for a similar thing; containerd/containerd#3741
Not sure if that was backported to containerd 1.2.x, but you can add that to a systemd drop-in/override file
Could it be a timing issue? Is the extra disk mounted before docker and containerd start?
We thought that it might be timing, so we added to docker systemd file that it should run after our mount systemd ({}.mount)
But it still occasionally happens.
Maybe i should add it to the containerd systemd instead?
Updating that i've added the "AFTER" to containerd but unfortunately this still happens.
I notice that when this happens , i login to the server and docker service is shutdown here is the log from systemctl
$ sudo systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2020-07-15 03:07:00 UTC; 14h ago
Docs: https://docs.docker.com
Main PID: 1576 (code=exited, status=0/SUCCESS)
Jul 15 03:06:56 dockerd[1576]: time="2020-07-15T03:06:56.902695762Z" level=error msg="Failed to delete interface (veth67f53d4)'s link on endpoint (fbc99d828136493e16713d2c2d7b87ee693280530
Jul 15 03:06:56 dockerd[1576]: time="2020-07-15T03:06:56.916640358Z" level=error msg="fe95afb59c3b55a67c3111020d459f593e6e08f7e7161fd2374e280d2a5d7b2c cleanup: failed to delete container f
Jul 15 03:06:56 dockerd[1576]: time="2020-07-15T03:06:56.927910055Z" level=error msg="restartmanger wait error: transport is closing: unavailable"
Jul 15 03:06:56 dockerd[1576]: time="2020-07-15T03:06:56.935258353Z" level=error msg="7079dbff388436ebfa35986e91654b5520e15c107464f7aef452aabf1c36d4b0 cleanup: failed to delete container f
Jul 15 03:06:56 dockerd[1576]: time="2020-07-15T03:06:56.946488849Z" level=error msg="restartmanger wait error: transport is closing: unavailable"
Jul 15 03:06:56 dockerd[1576]: time="2020-07-15T03:06:56.954320247Z" level=error msg="Failed to delete interface (veth110fca7)'s link on endpoint (1db2757d240b7fa8c01331092cd592b7c8d1b4e96
Jul 15 03:06:56 dockerd[1576]: time="2020-07-15T03:06:56.968320943Z" level=error msg="982258c2c8e8c267291f00caeca44657d3246fa0b798e44c74a703c1855704a3 cleanup: failed to delete container f
Jul 15 03:06:56 dockerd[1576]: time="2020-07-15T03:06:56.981775539Z" level=error msg="481aa1430137f21a21c76fcf7fe7e1fdbf5dd3d15c5a9d521ab8d5b5bcc4cde4 cleanup: failed to delete container f
Jul 15 03:06:56 dockerd[1576]: time="2020-07-15T03:06:56.984641838Z" level=error msg="restartmanger wait error: transport is closing: unavailable"
Jul 15 03:07:00 systemd[1]: Stopped Docker Application Container Engine.
...skipping...
Then i do systemctl start docker and it comes back alive but only some of the containers are able to start.
the rest are in stopped state with:
83b617f10013 image "/bin/sh -c \"/sc…" 2 weeks ago Exited (2) 15 hours ago longrun__1
the docker start for that container fails with the following
Error response from daemon: mkdir /run/containerd/io.containerd.runtime.v1.linux/moby/83b617f10013b183d4f392269564283ba0cb83fec5595e89b3b8c77be884800d: file exists: unknown
Error: failed to start containers: longrun__1
Forcing me to recreate them
I further investigated the logs and seems like not relevant to the mounting point.
it seems that containerd is being killed by OOM during start up and this probably causes the issues.
I think that maybe some other startup processes are heavy on memory but ContainerD is the one getting killed. Maybe we can delay the start of containerd service or should we just adjust OOM score instead to preserve containerd during startup?
Wdyt?
[ 247.436380] exe invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-999
[ 247.436384] CPU: 0 PID: 46173 Comm: exe Not tainted 5.3.0-1032-azure #33~18.04.1-Ubuntu
[ 247.436386] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v2.0 08/26/2016
[ 247.436386] Call Trace:
[ 247.436395] dump_stack+0x57/0x75
[ 247.436399] dump_header+0x4f/0x200
[ 247.436401] oom_kill_process+0xe6/0x120
[ 247.436403] out_of_memory+0x109/0x510
[ 247.436407] __alloc_pages_slowpath+0xad1/0xe10
[ 247.436411] ? __switch_to_asm+0x34/0x70
[ 247.436414] __alloc_pages_nodemask+0x2cd/0x320
[ 247.436418] alloc_pages_current+0x6a/0xe0
[ 247.436420] __page_cache_alloc+0x6a/0xa0
[ 247.436422] pagecache_get_page+0x9c/0x2b0
[ 247.436423] filemap_fault+0x643/0xb40
[ 247.436428] ? unlock_page_memcg+0x12/0x20
[ 247.436431] ? page_add_file_rmap+0x5e/0x150
[ 247.436434] ? futex_wait_queue_me+0xd6/0x120
[ 247.436436] ? filemap_map_pages+0x18b/0x380
[ 247.436440] ext4_filemap_fault+0x31/0x44
[ 247.436443] __do_fault+0x57/0x110
[ 247.436446] __handle_mm_fault+0xdeb/0x1330
[ 247.436449] handle_mm_fault+0xb7/0x200
[ 247.436453] __do_page_fault+0x29c/0x4c0
[ 247.436456] do_page_fault+0x35/0x110
[ 247.436459] page_fault+0x39/0x40
[ 247.436461] RIP: 0033:0x561686a115b0
[ 247.436467] Code: Bad RIP value.
[ 247.436468] RSP: 002b:00007fd15357eaa8 EFLAGS: 00010246
[ 247.436470] RAX: 000000c0000a2600 RBX: 000000000000029f RCX: 000000c00005e500
[ 247.436471] RDX: 00000000000002a5 RSI: 0000000000000000 RDI: 000000c000051701
[ 247.436472] RBP: 00007fd15357eaf0 R08: 000000c0000517a0 R09: 0000000000000001
[ 247.436473] R10: 0000000000000001 R11: 0000000000000000 R12: 000000c00006cf78
[ 247.436474] R13: 000000c00030c250 R14: 0000000000000000 R15: 00007ffeed28fa80
[ 247.436476] Mem-Info:
[ 247.436482] active_anon:3444171 inactive_anon:176 isolated_anon:0
active_file:74 inactive_file:98 isolated_file:8
unevictable:0 dirty:0 writeback:0 unstable:0
slab_reclaimable:75678 slab_unreclaimable:211475
mapped:65 shmem:2486 pagetables:37067 bounce:0
free:35727 free_pcp:363 free_cma:0
[ 247.436485] Node 0 active_anon:13776684kB inactive_anon:704kB active_file:296kB inactive_file:392kB unevictable:0kB isolated(anon):0kB isolated(file):32kB mapped:260kB dirty:0kB writeback:0kB shmem:9944kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 5959680kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 247.436486] Node 0 DMA free:15908kB min:64kB low:80kB high:96kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15996kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 247.436504] lowmem_reserve[]: 0 0 0 0 0
[ 247.436506] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[ 247.436515] Node 0 DMA32: 20*4kB (UME) 12*8kB (UE) 17*16kB (UE) 10*32kB (UE) 10*64kB (UME) 5*128kB (ME) 1*256kB (U) 0*512kB 2*1024kB (ME) 3*2048kB (UME) 13*4096kB (M) = 63744kB
[ 247.436525] Node 0 Normal: 386*4kB (E) 1350*8kB (UME) 532*16kB (ME) 931*32kB (ME) 159*64kB (ME) 8*128kB (UME) 3*256kB (UM) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 63128kB
[ 247.436535] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 247.436537] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 247.436537] 2658 total pagecache pages
[ 247.436539] 0 pages in swap cache
[ 247.436540] Swap cache stats: add 0, delete 0, find 0/0
[ 247.436541] Free swap = 0kB
[ 247.436541] Total swap = 0kB
[ 247.436542] 4194061 pages RAM
[ 247.436543] 0 pages HighMem/MovableOnly
[ 247.436544] 107664 pages reserved
[ 247.436544] 0 pages cma reserved
[ 247.436545] 0 pages hwpoisoned
[ 247.436546] Tasks state (memory values in pages):
[ 247.436546] [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name
[ 247.438786] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/containerd.service,task=containerd,pid=1652,uid=0
[ 247.439388] Out of memory: Killed process 1652 (containerd) total-vm:4202436kB, anon-rss:71528kB, file-rss:0kB, shmem-rss:0kB
[ 247.462757] oom_reaper: reaped process 1652 (containerd), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
Hmm.. interesting; I recall that containerd defaulted to having a negative oom_score_adj
, but it appears it doesn't?
$ cat /proc/$(pidof containerd)/oom_score_adj
dockerd
does have oom-score set;
$ cat /proc/$(pidof dockerd)/oom_score_adj
The containerd shims also have a score set;
$ for p in $(pidof containerd-shim); do cat /proc/$p/oom_score_adj; done
Looks like the default oom_score
of containerd is 0
. If we start containerd as a child process (so not have containerd as its own systemd service), we do adjust the oom_score;
Stop the docker and containerd systemd service
systemctl stop docker
systemctl stop containerd
Manually start dockerd
(this will start containerd as a child process if no containerd service is running)
ps auxf | grep docker
root 172861 0.0 0.0 6432 736 pts/0 S+ 09:55 0:00 | \_ grep --color=auto docker
root 172701 0.1 1.0 1230796 82952 pts/1 Sl+ 09:51 0:00 \_ dockerd --debug
root 172711 0.2 0.5 1039336 43500 ? Ssl 09:51 0:00 \_ containerd --config /var/run/docker/containerd/containerd.toml --log-level debug
Check the config file that was written;
cat /var/run/docker/containerd/containerd.toml
root = "/var/lib/docker/containerd/daemon"
state = "/var/run/docker/containerd/daemon"
plugin_dir = ""
disabled_plugins = ["cri"]
oom_score = -500
[grpc]
address = "/var/run/docker/containerd/containerd.sock"
tcp_address = ""
tcp_tls_cert = ""
tcp_tls_key = ""
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
[debug]
address = "/var/run/docker/containerd/containerd-debug.sock"
uid = 0
gid = 0
level = "debug"
[metrics]
address = ""
grpc_histogram = false
[cgroup]
path = ""
[plugins]
[plugins.linux]
shim = "containerd-shim"
runtime = "runc"
runtime_root = "/var/lib/docker/runc"
no_shim = false
shim_debug = true
And verified that the oom-score is -500
;
cat /proc/$(pidof containerd)/oom_score_adj
@thaJeztah What would be the preferred hotfix at the moment?
I adapted the OOM_Score using containerd config, but should i maybe delete the systemd service and let docker start containerd when it goes up?
The OOM score i set for containerd config is -999.