dockerd-rootless.sh: check containerd-rootless.sh conflict#52175
dockerd-rootless.sh: check containerd-rootless.sh conflict#52175AkihiroSuda wants to merge 1 commit intomoby:masterfrom
Conversation
Fix issue 52171 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
| : "${CONTAINERD_ROOTLESS_ROOTLESSKIT_STATE_DIR:=$XDG_RUNTIME_DIR/containerd-rootless}" | ||
| if [ -e "$CONTAINERD_ROOTLESS_ROOTLESSKIT_STATE_DIR" ]; then | ||
| # https://github.com/moby/moby/issues/52171 | ||
| # Hard requirement, not bypassable with --force | ||
| ERROR "dockerd-rootless.sh conflicts with containerd-rootless.sh. Stop containerd-rootless.sh if it's running, and remove $CONTAINERD_ROOTLESS_ROOTLESSKIT_STATE_DIR if it still exists." |
There was a problem hiding this comment.
I'm wondering;
- Does the
containerd-rootless.shscript need a similar check? - Alternatively; should they actually conflict? Or could / should we (somehow) consider that if containerd is started as part of
dockers-rootless.shthat it should spin up its own instance?
Not 100% sure what's best; either
- match the "containerd as child process of
dockerd" (as we do when startingdockerdmanually, so not using a system-service) - consider containerd already running (rootless) to be "system containerd service is running, so use that instance"
Just thinking out loud here; open to suggestions / thoughts!
There was a problem hiding this comment.
Does the containerd-rootless.sh script need a similar check?
Yes. Will open a PR there later.
Alternatively; should they actually conflict? Or could / should we (somehow) consider that if containerd is started as part of dockers-rootless.sh that it should spin up its own instance?
They shouldn't do, but they do currently.
Probably dockerd-rootless.sh should join the namespaces created by containerd-rootless.sh, but it not trivial to implement and test such a complicated configuration.
There was a problem hiding this comment.
You mean "containerd" namespace (so it cannot create a new (moby.xx?) namespace if it's already running / initialized?), or otherwise?
I was considering if it treated it as a "system containerd already running, then use it, otherwise create our own ("managed") instance; any way that's possible?
There was a problem hiding this comment.
I meant the kernel namespaces ( e.g. mntns) crated by containerd-rootless.sh
- What I did
dockerd-rootless.sh: check containerd-rootless.sh conflict
fixes #52171
Prior to this fix, Rootless Docker could fail with cryptic errors when Rootless containerd is running too
- How I did it
Check if
$XDG_RUNTIME_DIR/containerd-rootlessexists- How to verify it
- Human readable description for the release notes
- A picture of a cute animal (not mandatory but encouraged)