I keep writing and re-writing this script, because I forgot to store it somewhere memorable ....
The problem to be solved is that the Kata Containers runtime, aka kata-runtime, will not start unless I remember to stop the VMware Tools service, aka open-vm-tools.service and unload a few dependent modules.
At present, I'm running Kata via a snap installation - I'm not terribly keen on that approach, as there seem to be too many fiddly configuration things to-do, but I'll look at that another day, and perhaps raise an issue in the Kata repo.
Meantime, this is what I have: -
/snap/kata-containers/current/usr/bin/kata-runtime -version
kata-runtime : 2.1.0
commit : 0f822919268e4095dd9bdbbb2351248b53746501
OCI specs: 1.0.1-dev
and, when I run the check tool: -
/snap/kata-containers/current/usr/bin/kata-runtime check
I get this: -
WARN[0000] Not running network checks as super user arch=amd64 name=kata-runtime pid=1431 source=runtime
WARN[0000] modprobe insert module failed arch=amd64 error="exit status 1" module=vhost_vsock name=kata-runtime output="modprobe: ERROR: could not insert 'vhost_vsock': Device or resource busy\n" pid=1431 source=runtime
ERRO[0000] kernel property not found arch=amd64 description="Host Support for Linux VM Sockets" name=vhost_vsock pid=1431 source=runtime type=module
System is capable of running Kata Containers
System can currently create Kata Containers
The vhost_vsock module cannot be loaded, as evidenced by this: -
modprobe vhost_vsock
modprobe: ERROR: could not insert 'vhost_vsock': Device or resource busy
lsmod | grep vhost
vhost_net 32768 0
tap 24576 1 vhost_net
vhost 49152 1 vhost_net
Somewhere I realised / discovered / found out that VMware Tools, more specifically
open-vm-tools, was responsible :-)
Given that, for my use cases at the moment, I don't need VMware Tools for e.g. GUI interactions between guest and host, shared folders etc. I chose to simply disable it.
I've got a script for that: -
~/stop_tools.sh
#!/bin/bash
systemctl stop open-vm-tools.service
rmmod vmw_vsock_virtio_transport_common
rmmod vmw_vsock_vmci_transport
rmmod vsock
rmmod vhost_net
rmmod vhost
So I can run my script: -
~/stop_tools.sh
and check that neither vhost* or vsock* modules are now loaded: -
lsmod | grep vs
<NOTHING RETURNED>
lsmod | grep vh
<NOTHING RETURNED>
and then load the vhost_vsock module: -
modprobe vhost_vsock
and check the loaded modules: -
lsmod | grep vs
vhost_vsock 24576 0
vmw_vsock_virtio_transport_common 32768 1 vhost_vsock
vhost 49152 1 vhost_vsock
vsock 36864 2 vmw_vsock_virtio_transport_common,vhost_vsock
lsmod | grep vh
vhost_vsock 24576 0
vmw_vsock_virtio_transport_common 32768 1 vhost_vsock
vhost 49152 1 vhost_vsock
vsock 36864 2 vmw_vsock_virtio_transport_common,vhost_vsock
and, even more importantly, use Kata: -
/snap/kata-containers/current/usr/bin/kata-runtime check
WARN[0000] Not running network checks as super user arch=amd64 name=kata-runtime pid=1911 source=runtime
System is capable of running Kata Containers
System can currently create Kata Containers
/snap/kata-containers/current/usr/bin/kata-runtime kata-check
WARN[0000] Not running network checks as super user arch=amd64 name=kata-runtime pid=1926 source=runtime
System is capable of running Kata Containers
System can currently create Kata Containers
I could probably hack a better solution and/or uninstall VMware Tools but .....
No comments:
Post a Comment