Docker Container Does Not Start

deon.korb · February 28, 2021, 7:14pm

Hi,

I’ve been using @kcollins1 Docker containers for a while, but after attempting to upgrade to 8.1.2, I cannot get it to start.

The container remains in restarting state and I see this in the logs:

Way down in the nanosleep lines this appears:

I’ve even tried to pull and run 8.1.1, but same happens.

This is my run command:

docker run -p 8088:8088 --name RPiIgnitionMaker --restart=always \
-e TZ=Africa/Johannesburg \
-e GATEWAY_ADMIN_USERNAME=<username> \
-e GATEWAY_ADMIN_PASSWORD=<password> \
-v my-ignition-data:/var/lib/ignition/data \
-e IGNITION_EDITION=maker \
-e IGNITION_LICENSE_KEY=<key>\
 -e IGNITION_ACTIVATION_TOKEN=<token> \
-e GATEWAY_MODULES_ENABLED=opc-ua,perspective,sfc,tag-historian -d kcollins/ignition:latest

Running on Pi 2.

Please help, even just to get 8.1.1 running again.

Regards,
Deon

kcollins1 · March 1, 2021, 3:20pm

This has to do with some system-related issues on Raspberry Pi 32-bit… For the moment, add the extended privileges flag, --privileged to your run command… I’ll follow-up with more specific guidance.

deon.korb · March 1, 2021, 3:31pm

Running again! Thanks!

I’m keen to know more. Even if it means it’s time to upgrade to a Pi 4

kcollins1 · March 1, 2021, 3:34pm

The issue with “No monotonic clock was available - timed services may be adversely affected if the time-of-day clock changes” or “nanosleep(100ms) failed. Operation not permitted” (wanted to place those explicit messages in for the search later ) seems to only occur on recent Raspbian 32-bit installations running Docker.

It seems that this issue report discusses the need for libseccomp2 library to be updated to address this issue. This solved the problem for me on a Raspbian 32-bit install:

# Install a few prerequisite packages to be able to do the build
sudo apt install build-essential git gperf
# Download the libseccomp2 release package and unpack
wget https://github.com/seccomp/libseccomp/releases/download/v2.5.1/libseccomp-2.5.1.tar.gz
tar zvxf libseccomp-2.5.1.tar.gz
cd libseccomp-2.5.1
# Build and install
./configure && make
sudo make install
# Preserve the original libraries from the .deb package from the base install
mkdir ~/old-libs
sudo mv /usr/lib/arm-linux-gnuabihf/libseccomp.so.2* ~/old-libs/
# Remove the library cache and rebuild
sudo rm /etc/ld.so.cache
sudo ldconfig

Once I updated libseccomp2, I was able to start the container without privileged mode. One additional note/disclaimer on the steps above–these updates are being done outside the scope of the package manager and may cause things in the future to break. I couldn’t find the equivalent of a debian backports repo for Raspberry Pi OS; there may be a “more official” way to get that library up-to-date.

Hope this helps!

Kevin C.

kcollins1 · March 1, 2021, 3:35pm

FWIW, I did all my reproduction steps for this particular issue on a RPi 4… So you’d have fought it there, too .

deon.korb · March 1, 2021, 3:43pm

Any particular danger in just leaving it priviledged?

kcollins1 · March 2, 2021, 2:48pm

I suppose it depends on your use case… Sometimes it can be used for devices like Raspberry Pi in order for the container to interface with host-level devices (like GPIO, for example); these would normally not be visible/accessible from a container.

zvannest · March 5, 2021, 4:18pm

I am having some similar issues when trying to download Ignition on my Pi 4.
I used

sudo docker run -p 8088:8088 --name my-ignition -e GATEWAY_ADMIN_PASSWORD=password -e IGNITION_EDITION=full -d kcollins/ignition:nightly

which downloaded with no issues. However when I start the container it starts, but after a second it stops with an exit code 1. Is there any help you can offer.

Kevin.Collins · March 5, 2021, 4:33am

What output do you have from sudo docker logs my-ignition? Also, are you running on 32-bit Raspbian OS? (output from uname -a would help)

zvannest · March 5, 2021, 3:27pm

Here is the output from sudo docker logs


wrapper  | nanosleep(100ms) failed. Operation not permitted
sleep: cannot read realtime clockwrapper  : Operation not permitted
| nanosleep(100ms) failed. Operation not permitted

wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted

wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | Startup failed: Timed out waiting for a signal from the JVM.
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | JVM did not exit on request, termination requested.
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | There were 5 failed launches in a row, each lasting less than 300 seconds.  Giving up.
wrapper  |   There may be a configuration problem: please check the logs.
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | nanosleep(100ms) failed. Operation not permitted
wrapper  | --> Wrapper Started as Console
wrapper  | Java Service Wrapper Standard Edition 32-bit 3.5.42
wrapper  |   Copyright (C) 1999-2020 Tanuki Software, Ltd. All Rights Reserved.
wrapper  |     http://wrapper.tanukisoftware.com
wrapper  |   Licensed to Inductive Automation for Inductive Automation
wrapper  | 
wrapper  | Wrapper Process has not received any CPU time for 36 seconds.  Extending timeouts.
wrapper  | Launching a JVM...
jvm 1    | OpenJDK Client VM warning: No monotonic clock was available - timed services may be adversely affected if the time-of-day clock changes
wrapper  | JVM received a signal SIGKILL (9).
wrapper  | JVM process is gone.
wrapper  | JVM exited after being requested to terminate.
wrapper  | Reloading Wrapper configuration...
wrapper  |   Please set wrapper.java.version.output to TRUE, relaunch the Wrapper to print out the Java version output, and send the log file to support@tanukisoftware.com.
wrapper  | JVM process is gone.
wrapper  | Wrapper Process has not received any CPU time for 23 seconds.  Extending timeouts.
wrapper  | Launching a JVM...
jvm 2    | OpenJDK Client VM warning: No monotonic clock was available - timed services may be adversely affected if the time-of-day clock changes
wrapper  | JVM received a signal SIGKILL (9).
wrapper  | JVM process is gone.
wrapper  | JVM exited after being requested to terminate.
wrapper  | Reloading Wrapper configuration...
wrapper  |   Please set wrapper.java.version.output to TRUE, relaunch the Wrapper to print out the Java version output, and send the log file to support@tanukisoftware.com.
wrapper  | JVM process is gone.
wrapper  | Wrapper Process has not received any CPU time for 39 seconds.  Extending timeouts.
wrapper  | Launching a JVM...
jvm 3    | OpenJDK Client VM warning: No monotonic clock was available - timed services may be adversely affected if the time-of-day clock changes
wrapper  | JVM received a signal SIGKILL (9).
wrapper  | JVM process is gone.
wrapper  | JVM exited after being requested to terminate.
wrapper  | Reloading Wrapper configuration...
wrapper  |   Please set wrapper.java.version.output to TRUE, relaunch the Wrapper to print out the Java version output, and send the log file to support@tanukisoftware.com.
wrapper  | JVM process is gone.
wrapper  | Wrapper Process has not received any CPU time for 39 seconds.  Extending timeouts.
wrapper  | Launching a JVM...
jvm 4    | OpenJDK Client VM warning: No monotonic clock was available - timed services may be adversely affected if the time-of-day clock changes
wrapper  | JVM received a signal SIGKILL (9).
wrapper  | JVM process is gone.
wrapper  | JVM exited after being requested to terminate.
wrapper  | Reloading Wrapper configuration...
wrapper  | JVM process is gone.
wrapper  | Wrapper Process has not received any CPU time for 22 seconds.  Extending timeouts.
wrapper  | Launching a JVM...
jvm 5    | OpenJDK Client VM warning: No monotonic clock was available - timed services may be adversely affected if the time-of-day clock changes
wrapper  | JVM received a signal SIGKILL (9).
wrapper  | JVM process is gone.
wrapper  | JVM exited after being requested to terminate.
wrapper  | <-- Wrapper Stopped

And here is the Output from uname -a

Linux raspberrypi 5.10.17-v7l+ #1403 SMP Mon Feb 22 11:33:35 GMT 2021 armv7l GNU/Linux

Kevin.Collins · March 5, 2021, 3:46pm

Yup, looks just like the issue above… Use some of the options mentioned above to get you going… Easiest is just adding the --privileged flag to your docker run statement. This particular issue isn’t anything wrong with the container itself, but rather the system-level libraries that the container runtime uses.

zvannest · March 5, 2021, 4:41pm

That worked thank you. I guess I was just putting --privilaged in the wrong spot.