Dagger on nestybox/sysbox | Dagger | Page 1

wispy bronze Jun 24, 2023, 4:49 AM

#

the dagger engine goes into an error restart loop, permission denied

time="2023-06-24T04:44:48Z" level=info msg="detected mtu 1460 via interface eth0"
dnsmasq[114]: started, version 2.87 cachesize 150
dnsmasq[114]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset no-nftset auth no-cryptohash no-DNSSEC loop-detect inotify dumpfile
dnsmasq[114]: warning: interface dagger0 does not currently exist
dnsmasq[114]: using only locally-known addresses for dagger.local
dnsmasq[114]: reading /etc/dnsmasq-resolv.conf
dnsmasq[114]: using nameserver 169.254.169.254#53
dnsmasq[114]: using only locally-known addresses for dagger.local
dnsmasq[114]: read /var/run/containers/cni/dnsname/dagger/addnhosts - 0 addresses
time="2023-06-24T04:44:48Z" level=debug msg="setting up engine tracing"
time="2023-06-24T04:44:48Z" level=debug msg="creating engine GRPC server"
time="2023-06-24T04:44:48Z" level=debug msg="creating engine lockfile"
time="2023-06-24T04:44:48Z" level=debug msg="creating engine controller"
time="2023-06-24T04:44:48Z" level=debug msg="engine name: f3b235e82197"
time="2023-06-24T04:44:48Z" level=info msg="auto snapshotter: using overlayfs"
time="2023-06-24T04:44:48Z" level=debug msg="running in rootless mode"
time="2023-06-24T04:44:48Z" level=debug msg="creating new network namespace outvzcqv5lhddewwhdgzkfvwy"
buildkitd: permission denied

weary pebble Jun 24, 2023, 4:18 PM

#

did you provisiong the engine with the --runtime=sysbox-runc runtime?

wispy bronze Jun 24, 2023, 5:15 PM

#

I made that the default runtime in docker and let the SDK handle the engine

weary pebble Jun 24, 2023, 5:59 PM

#

wispy bronze I made that the default runtime in docker and let the SDK handle the engine

yep, seems like the right approach.... quite strange that you're getting permission errors though since I'd have imagined buildkit to work as well since they claim that dind works 🤔

wispy bronze Jun 24, 2023, 6:02 PM

#

It might be that sysbox uses and passes fewer permissions to begin with

full egret Jul 6, 2023, 2:14 PM

#

hi, FYI I've just deployed the dagger engine in sysbox. in fact in docker-in-docker running in sysbox.

I had the same issue as you (failure to create a new network namespace), and noticed that it was running in rootless mode. I started the dagger-engine in non-rootless mode (with the "--rootless=false" flag) and it worked.

I haven't made much tests for the moment, but with a very basic test it works...

weary pebble Jul 6, 2023, 3:57 PM

#

full egret hi, FYI I've just deployed the dagger engine in sysbox. in fact in docker-in-doc...

👋 just curious where did you specify that rootless flag. Is that part of sysbox? since I don't recall that flag existing in the dagger-engine

full egret Jul 6, 2023, 4:22 PM

#

It's a dagger engine flag

#

At least in the latest version 😉

weary pebble Jul 6, 2023, 4:48 PM

#

full egret It's a dagger engine flag

:toot:, just found it. It actually makes sense. I also remember where that network is error is coming from (https://github.com/rootless-containers/slirp4netns). Since rootless networking has a lot of qwirks..

#

we're basically hitting this code path in sysbox: https://github.com/marcosnils/dagger/blob/c12538479470bcab8936d7f88f757d3c5333f31f/cmd/engine/main.go#L141

GitHub

dagger/cmd/engine/main.go at c12538479470bcab8936d7f88f757d3c5333f3...

A programmable CI/CD engine that runs your pipelines in containers - dagger/cmd/engine/main.go at c12538479470bcab8936d7f88f757d3c5333f31f · marcosnils/dagger

full egret Jul 6, 2023, 5:03 PM

#

weary pebble we're basically hitting this code path in `sysbox`: https://github.com/marcosnil...

exactly

#Dagger on nestybox/sysbox