Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

judgehost: create_cgroups fails when /sys/fs/cgroup is mounted with read-only option #193

Closed
ir5 opened this issue Jul 6, 2024 · 2 comments · Fixed by #194
Closed

judgehost: create_cgroups fails when /sys/fs/cgroup is mounted with read-only option #193

ir5 opened this issue Jul 6, 2024 · 2 comments · Fixed by #194

Comments

@ir5
Copy link

ir5 commented Jul 6, 2024

In the current instructions for launching judgehosts on DockerHub, it is specified that the /sys/fs/cgroup directory is mounted with read-only permission.

docker run -it --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name judgehost-0 --link domserver:domserver --hostname judgedaemon-0 -e DAEMON_ID=0 domjudge/judgehost:latest

However, with this permission, the startup script does not seem to run successfully, especially when the host machine starts from scratch. In the file https://github.com/DOMjudge/domjudge/blob/main/judge/create_cgroups.in, there is a sequence of commands to create a new directory in /sys/fs/cgroup. This process does not complete successfully.

judgehost-0  | [..] Setting timezone
judgehost-0  |
judgehost-0  | Current default time zone: 'Asia/Tokyo'
judgehost-0  | Local time is now:      Sat Jul  6 23:53:32 JST 2024.
judgehost-0  | Universal Time is now:  Sat Jul  6 14:53:32 UTC 2024.
judgehost-0  |
judgehost-0  | [ok] Container timezone set to: Asia/Tokyo
judgehost-0  |
judgehost-0  | [..] Setting up restapi file
judgehost-0  | [ok] Restapi file set up
judgehost-0  |
judgehost-0  | [..] Setting up cgroups
judgehost-0  | mkdir: cannot create directory '/sys/fs/cgroup/cpuset/domjudge': Read-only file system
judgehost-0  | mkdir: cannot create directory '/sys/fs/cgroup/memory/domjudge': Read-only file system
judgehost-0  | chown: cannot access '/sys/fs/cgroup/*/domjudge': No such file or directory
judgehost-0  | bin/create_cgroups: 41: cannot create /sys/fs/cgroup/cpuset/domjudge/cpuset.cpus: Directory nonexistent
judgehost-0  | bin/create_cgroups: 42: cannot create /sys/fs/cgroup/cpuset/domjudge/cpuset.mems: Directory nonexistent

When I launch the judgehost container without read-only permission, it runs successfully. However, I'm not sure if this is intended because running with write permission may be a strong requirement. Therefore, I would like the maintainers to modify either:

  • The current instructions on DockerHub (as well as README.md), or
  • The implementation of create_cgroups to retain read-only permission.

I executed the docker commands with domjudge/judgehost:8.2.2 on Ubuntu 22.04.
@vmcj
Copy link
Member

vmcj commented Jul 6, 2024

Can you output the contents of /proc/cmdline?

@ir5
Copy link
Author

ir5 commented Jul 7, 2024
edited
Loading

Here is the result of cat /proc/cmdline in my environment.

BOOT_IMAGE=/boot/vmlinuz-6.5.0-1023-gcp root=PARTUUID=3730d483-5600-4b0e-97c8-c0dccea2257c ro quiet cgroup_enable=memory swapaccount=1 systemd.unified_cgroup_hierarchy=0 panic=-1

vmcj added a commit that referenced this issue Jul 7, 2024
@vmcj
Don't mount the cgroup as read-only
e3f1501 
Fixes: #193

I wonder why we never had this in the past as we do intent to create the domjudge cgroup in that directory.
@vmcj vmcj mentioned this issue Jul 7, 2024
Merged
github-merge-queue bot pushed a commit that referenced this issue Jul 7, 2024
@vmcj
Don't mount the cgroup as read-only
2608426 
Fixes: #193

I wonder why we never had this in the past as we do intent to create the domjudge cgroup in that directory.
@vmcj vmcj closed this as completed in #194 Jul 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Don't mount the cgroup as read-only DOMjudge/domjudge-packaging
2 participants
@ir5 @vmcj