【containerd错误解决系列】failed to create shim task, OCI runtime create failed, unable to retrieve OCI...

最新推荐文章于 2024-06-12 08:59:06 发布

安安csdn 最新推荐文章于 2024-06-12 08:59:06 发布阅读量1.5w 文章描述了一种在CentOS8系统上遇到的Pod无法创建的问题，原因是containerd进程中的libseccomp版本过低。通过检查现有版本，卸载旧版并安装新版libseccomp(2.5.2)，无需重启containerd，Pod的状态即恢复正常，且runc显示libseccomp已更新至高版本。摘要由CSDN通过智能技术生成

containerd进程有大量报错，主要有：

failed to create containerd task: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/k8s.io/c4847070fad34a8da9b16b5c20cdc38e28a15cfcf9913d712e4fe60d8c9029f7/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown

查看现有libseccomp版本

# sudo rpm -qa | grep libseccomp
libseccomp-2.3.3-3.el8.x86_64
卸载低版本libseccomp
 
# sudo rpm -e libseccomp-2.3.3-3.el8.x86_64 --nodeps
# sudo rpm -qa | grep libseccomp
安装高版本libseccomp
 
# yum provides libseccomp
Last metadata expiration check: 0:48:39 ago on Tue 28 Mar 2023 01:49:06 PM CST.
libseccomp-2.5.2-1.el8.i686 : Enhanced seccomp library
Repo        : Base
Matched from:
Provide    : libseccomp = 2.5.2-1.el8
libseccomp-2.5.2-1.el8.x86_64 : Enhanced seccomp library
Repo        : Base
Matched from:
Provide    : libseccomp = 2.5.2-1.el8
# yum install libseccomp-2.5.2-1.el8.x86_64
Last metadata expiration check: 0:49:46 ago on Tue 28 Mar 2023 01:49:06 PM CST.
Dependencies resolved.
======================================================================================================================================================================
 Package                                   Arch                                  Version                                    Repository                           Size
======================================================================================================================================================================
Installing:
 libseccomp                                x86_64                                2.5.2-1.el8                                Base                                 71 k
Transaction Summary
======================================================================================================================================================================
Install  1 Package
Total download size: 71 k
Installed size: 166 k
Is this ok [y/N]: y
Downloading Packages:
libseccomp-2.5.2-1.el8.x86_64.rpm                                                                                                      38 MB/s |  71 kB     00:00    
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                 7.0 MB/s |  71 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                              1/1 
  Installing       : libseccomp-2.5.2-1.el8.x86_64                                                                                                                1/1 
  Running scriptlet: libseccomp-2.5.2-1.el8.x86_64                                                                                                                1/1 
  Verifying        : libseccomp-2.5.2-1.el8.x86_64                                                                                                                1/1 
Installed:
  libseccomp-2.5.2-1.el8.x86_64                                                                                                                                       
Complete!
# sudo rpm -qa | grep libseccomp
libseccomp-2.5.2-1.el8.x86_64
解决后现象
 
pod状态 
安装之后，不用重启containerd进程，就看到了目前pod的状态都正常了 
runc中依赖的libseccomp
 libseccomp已经是高版本的了 
# runc --version
runc version 1.1.4
commit: v1.1.4-0-g5fd4c4d1
spec: 1.0.2-dev
go: go1.18.10
libseccomp: 2.5.2
libseccomp需要高于2.4版本 
containerd.io 要求安装版本为 2.4.0 的 libseccomp 
具体官方依据还未找到，后续找到补充 
k8s系列-06-containerd的基本操作 卸载安装libeseccomp
 containerd.io depends libseccomp2 ( = 2.4.0) but 2.3.1-2.1ubuntu4 is to be installed
                    【containerd错误解决系列】failed to create shim task, OCI runtime create failed, unable to retrieve OCI...
                    【containerd错误解决系列】failed to create shim task, OCI runtime create failed, unable to retrieve OCI runtime error, runc did not terminate successfully
				libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccomp 2.5.1版本，修复Containerd不兼容问题的组件包。libseccv
					docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc crea
        这个是说缺少依赖包 libseccomp ，需要注意的是centos 7中yum下载的版本是2.3的，版本不满足我们最新containerd的需求，需要下载2.4以上的，所以我们先下载2.5.1版本的 libseccomp：        libseccomp 2.5.1 版本下载地址        卸载旧版本：
        安装新版本的：
        查看现有版本：