Containerd OCI runtime create failed
Kubernetes 集群新增 worker 节点(centos7、containerd),发现容器一直启动不起来。
2、报错信息
经查看系统 message 日志发现如下报错信息:
rpc error: code = Unknown desc = failed to create containerd task: failed to create shim: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/k8s.io/70c5e55bb669eb5dfea71deb45383d3ecdaa7cffe794cced5bf925881f052353/log.json: no such file or directory): runc did not terminate successfully: exit status 127
3、报错解决
判断是 runc 异常,执行 /usr/local/sbin/runc -v 命令发现缺少依赖包 libseccomp:
$ /usr/local/sbin/runc -v
/usr/local/sbin/runc: error while loading shared libraries: libseccomp.so.2: cannot open shared object file: No such file or directory
经下载发现 centos7 中 yum 下载的版本是 2.3 的,未解决我们的报错,版本不满足最新 containerd 的需求,需要下载 2.4 以上的版本。
# 卸载旧版 libseccomp
$ rpm -qa | grep libseccomp
libseccomp-2.3.1-4.el7.x86_64
$ rpm -e libseccomp-devel-2.3.1-4.el7.x86_64 --nodeps
$ rpm -e libseccomp-2.3.1-4.el7.x86_64 --nodeps
# 下载新版 libseccomp
$ wget http://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/libseccomp-2.5.1-1.el8.x86_64.rpm
# 安装软件
$ rpm -ivh libseccomp-2.5.1-1.el8.x86_64.rpm
warning: libseccomp-2.5.1-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:libseccomp-2.5.1-1.el8 ################################# [100%]
# 查看版本
$ rpm -qa | grep libseccomp
libseccomp-2.5.1-1.el8.x86_64
再次执行 /usr/local/sbin/runc -v 命令,未发现报错,此时容器也已经正常。
$ /usr/local/sbin/runc -v
runc version 1.1.2
commit: v1.1.2-0-ga916309f
spec: 1.0.2-dev
go: go1.17.11
libseccomp: 2.5.
