gvkhna

I use KinD, it works fine, bit of an annoyance to setup and use it but i have had it running for almost 2 years so it’s quite stable. Yes only if the community requests it but many newer applications are multiple docker containers and setup/management is a pain. That’s what k8 solves and it has uses in home labs. Not sure why it’s not more requested.

I may do this but after a couple of years I may switch to truenas scale because of this issue. I would rather not switch to a VM, it's just more a heavier hammer than I would like for the job.

I used another PC yes, put it in the motherboard of a server running windows. Did the install. Took it out and put it into the unraid server. Still working!

I’ll give this a try and report back. My suspicion is it’s not writing anything to cgroups. It’s all the right environment for systemd to shut up and load. Systemd is failing without the right conditions. as far as I also read cgroup2 changes the cgroup namespace by default from host to private, so that may have some bearing in the issue. we’re you able to get the container working? Can you post your flags for confirmation, that will be helpful. I’ll update the readme etc.

@ich777 I just got it working, you can see in the latest post on that topic. I had to set cgroupns host, and /sys/fs/cgroup RW, a little suspect but it is working so I'm not too bothered. Any issue you think to look out for?

After some fiddling this is how I got it working. I'll update if i have any issues later on. --name='mullvadvpn' --net='internal' --ip='172.22.251.251' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e HOST_HOSTNAME="Unraid" -e HOST_CONTAINERNAME="mullvadvpn" -e 'VPN_INPUT_PORTS'='8080,8888,9118' -e 'VPN_ALLOW_FORWARDING'='true' -e 'MICROSOCKS_ENABLE'='true' -e 'DEBUG'='true' -e 'MICROSOCKS_AUTH_NONE'='true' -e 'TINYPROXY_ENABLE'='true' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.icon='https://mullvad.net/apple-touch-icon.png' -p '8080:8080/tcp' -p '9118:9118/tcp' -p '8888:8888/tcp' -v '/mnt/user/appdata/mullvadvpn/etc-mullvadvpn/':'/etc/mullvad-vpn/':'rw' -v '/mnt/user/appdata/mullvadvpn/custom-init.d/':'/etc/custom-init.d':'ro' -v '/mnt/user/appdata/mullvadvpn/var-cache/':'/var/cache/mullvad-vpn':'rw' -v '/sys/fs/cgroup':'/sys/fs/cgroup':'rw' --cgroupns host --security-opt seccomp=unconfined --tmpfs /tmp --tmpfs /run --tmpfs /run/lock --restart=always --log-opt max-size=1m --ulimit nofile=80000:90000 'ghcr.io/gvkhna/docker-mullvadvpn' Key: --cgroupns host, and /sys/fs/cgroup RW This is on unraidcgroup2

I did that, that got me in the right direction. But this container would not start with that error. Container running in privileged yes. The container is the mullvadvpn container I liked in my last message:

It looks like I'm having issues related to this and not being able to set a "hybrid" cgroup setup. This seems to be issues mostly related to Docker, something Podman doesn't exhibit. So I'm pretty annoyed. I set the following run flags on this container --cgroup-parent=docker.slice --cgroupns private --security-opt seccomp=unconfined --tmpfs /tmp --tmpfs /run --tmpfs /run/lock --restart=always --log-opt max-size=1m --ulimit nofile=90000:90000 and no volume mount for /sys/fs/cgroup but am getting the following error: Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted It seems setting the systemd.unified_cgroup_hierarchy=0 is the solution but since this is not possible in unraid, it's unclear what to do. As well this kind of setup is getting extremely convoluted just to be able to run systemd in a container. So I'm starting to think again that's probably not worth the headache. @ich777 Do you have any idea of what to do here? I see you're following this type of issue on github for LXC as well?

Following up on this. I changed to unraidcgroup2 as specified here: By adding unraidcgroup2 to syslinux.cfg. Now the container wouldn't start. I started receiving these errors: Failed to create control group inotify object: Too many open files 2023-05-04T19:03:57.371264570Z Failed to allocate manager object: Too many open files Which I was able to solve by running the following commands: sysctl fs.inotify.max_user_instances=512 Now I'm getting the following: 2023-05-04T19:10:46.161263036Z Failed to create /init.scope control group: Read-only file system 2023-05-04T19:10:46.161265019Z Failed to allocate manager object: Read-only file system 2023-05-04T19:10:46.161266536Z [!!!!!!] Failed to allocate manager object. So it looks like I'm reproducing the errors everyone else is getting. Will report back, saving this for recollection purposes in case anyone else has these issues.

Ok great thank you. That is the only low hanging fruit I saw. Let me look into cgroups further, I also have limited time for a bit. But at least it’s an interesting problem. 👍

I hear you. Honestly a crapshoot from my end as I can’t reproduce without more information of what is going on. I still actually prefer the setup of systemd running the mullvad deb out of the box because it’s what they expect, instead of a custom service setup that could break in the future. Running systemd in docker is full of issues, if unraid switched to podman I hear the situation would be a lot better. I’ll look into this as I get time as well. Would like to understand cgroup better anyway. try just starting/running this container please and im curious if this starts (what’s the output). This has instructions about some tmpfs folders that systemd needs and I’m curious if that has any impact. https://github.com/bdellegrazie/docker-ubuntu-systemd

Related to cgroups here: @BiGBaLLA Can you run `docker info` and at least state what your Cgroups version is. Mine is the following:

My `docker info` shows I'm running cgroup 1. Also my `docker stats` has the 0% everything cpu. I've been trying to figure this out for a while but gave up as I would like to see cpu usage of containers. I believe this could be related, and it's a starting point to debug potential issues other's are having with this container as well here: I see in Unraids release notes about enabling cgroup 2 with a "syslinux append line." Can someone describe this procedure in more detail. I'm not as familiar with what exactly that means. Found: https://unraid-dl.sfo2.cdn.digitaloceanspaces.com/stable/unRAIDServer-6.11.1-x86_64.txt I'm on the latest Unraid version 6.11.5. Thank you.

Here's my run flags with unraid docker docker run -d --name='mullvadvpn' --net='internal' --ip='172.22.251.251' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e HOST_HOSTNAME="Unraid" -e HOST_CONTAINERNAME="mullvadvpn" -e 'VPN_INPUT_PORTS'='8080,8888,9118' -e 'VPN_ALLOW_FORWARDING'='true' -e 'MICROSOCKS_ENABLE'='true' -e 'DEBUG'='true' -e 'MICROSOCKS_AUTH_NONE'='true' -e 'TINYPROXY_ENABLE'='true' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.icon='https://mullvad.net/apple-touch-icon.png' -p '8080:8080/tcp' -p '9118:9118/tcp' -p '8888:8888/tcp' -v '/sys/fs/cgroup':'/sys/fs/cgroup':'ro' -v '/mnt/user/appdata/mullvadvpn/etc-mullvadvpn/':'/etc/mullvad-vpn/':'rw' -v '/mnt/user/appdata/mullvadvpn/custom-init.d/':'/etc/custom-init.d':'ro' -v '/mnt/user/appdata/mullvadvpn/var-cache/':'/var/cache/mullvad-vpn':'rw' --restart=always --log-opt max-size=1m 'ghcr.io/gvkhna/docker-mullvadvpn' e3d7185ce10cc32f4f3b3fa56dc8230e39e26cc5ef98d1557b5513cacf7a750b Let me look into your log, I have/had issues with cgroups with unraid. It's not well documented/supported and it's possible I made some out of band changes to my unraid config that may not be in the stock version to get cgroups working (although mine don't work correctly) but the container does start/work fine. Also please try enabling the DEBUG=true flag, although unrelated but could help if any additional issues crop up. As well I'll look into MICROSOCKS_ENABLE being required as an option, hopefully that's something a simple template could solve but I don't believe it is actually required.

Appreciate the help trying to debug issues. But it’s concerning that none of that is reproducible for me. And in fact I have 0 issues. Running latest unraid and latest docker. Let me restart my container and check my flags. It would also be great to get clarity on your entire run commands. Since that seems to be the variable. The other consideration could be the setup files. I messaged squid about the community template forum access but so far have not heard back.