Toggle navigation
主页
English
K8S
Golang
Guitar
About Me
归档
标签
Welcome to Sanger's Blog!
golang:latest 最新镜像包编译失败
docker
2023-06-20 18:02:23
248
0
0
sanger
docker
[TOC] # 说明 系统:centos7.x docker版本:19.03.13  ``` + go version runtime/cgo: pthread_create failed: Operation not permitted SIGABRT: abort PC=0x7f664ca35ccc m=0 sigcode=18446744073709551610 goroutine 0 [idle]: runtime: g 0: unknown pc 0x7f664ca35ccc stack: frame={sp:0x7fff3ee82550, fp:0x0} stack=[0x7fff3e6839d0,0x7fff3ee829e0) 0x00007fff3ee82450: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82460: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82470: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82480: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82490: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824a0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824b0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824c0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824d0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824e0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824f0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82500: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82510: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82520: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82530: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82540: 0x0000000000000000 0x00007f664ca35cbe 0x00007fff3ee82550: <0x0000000000000000 0x2b87b91095575200 0x00007fff3ee82560: 0x0000000000000006 0x00007f664c9a9b80 0x00007fff3ee82570: 0x0000000000000001 0x00007fff3ee82820 0x00007fff3ee82580: 0x0000000000e69fa0 0x00007f664c9e6ef2 0x00007fff3ee82590: 0x00007f664cb7ee70 0x00007f664c9d1472 0x00007fff3ee825a0: 0x0000000000000020 0x0000000000000000 0x00007fff3ee825b0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee825c0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee825d0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee825e0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee825f0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82600: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82610: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82620: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82630: 0x0000000000000000 0x2b87b91095575200 0x00007fff3ee82640: 0x00007f664cb7e840 0x00007f664cb7e840 runtime: g 0: unknown pc 0x7f664ca35ccc stack: frame={sp:0x7fff3ee82550, fp:0x0} stack=[0x7fff3e6839d0,0x7fff3ee829e0) 0x00007fff3ee82450: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82460: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82470: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82480: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82490: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824a0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824b0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824c0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824d0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824e0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee824f0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82500: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82510: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82520: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82530: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82540: 0x0000000000000000 0x00007f664ca35cbe 0x00007fff3ee82550: <0x0000000000000000 0x2b87b91095575200 0x00007fff3ee82560: 0x0000000000000006 0x00007f664c9a9b80 0x00007fff3ee82570: 0x0000000000000001 0x00007fff3ee82820 0x00007fff3ee82580: 0x0000000000e69fa0 0x00007f664c9e6ef2 0x00007fff3ee82590: 0x00007f664cb7ee70 0x00007f664c9d1472 0x00007fff3ee825a0: 0x0000000000000020 0x0000000000000000 0x00007fff3ee825b0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee825c0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee825d0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee825e0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee825f0: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82600: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82610: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82620: 0x0000000000000000 0x0000000000000000 0x00007fff3ee82630: 0x0000000000000000 0x2b87b91095575200 0x00007fff3ee82640: 0x00007f664cb7e840 0x00007f664cb7e840 goroutine 1 [running]: runtime.systemstack_switch() /usr/local/go/src/runtime/asm_amd64.s:463 fp=0xc00004c780 sp=0xc00004c778 pc=0x4672c0 runtime.main() /usr/local/go/src/runtime/proc.go:170 +0x6d fp=0xc00004c7e0 sp=0xc00004c780 pc=0x43942d runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004c7e8 sp=0xc00004c7e0 pc=0x4694e1 rax 0x0 rbx 0x6 rcx 0xffffffffffffffff rdx 0x6 rdi 0x6 rsi 0x6 rbp 0x7f664c9a9b80 rsp 0x7fff3ee82550 r8 0x0 r9 0x73 r10 0x8 r11 0x246 r12 0x6 r13 0x7fff3ee82820 r14 0xe69fa0 r15 0x1 rip 0x7f664ca35ccc rflags 0x246 cs 0x33 fs 0x0 gs 0x0 ``` # 原因 经查只有dev环境节点在编译阶段有这种报错,pre和prod都没有此类报错 droneci agent dev两个节点进程数均超过1000多(与这个没有正相关性) 当使用 **golang:latest** 时会触发这个错误,用 **golang:1.20.5** 时不会报错(目前golang的最新版本都是1.20.5),这两个镜像是一些区别,比如大小、更新时间等,具体是哪些地方在影响暂时没有看出来 # 解决方案比较 ## seccomp解决方案 此方案未开启seccomp,可能导致容器可以重启主机等高权限的操作,影响较大。 ## 升级docker版本 **推荐此方案** 从19.03.13-3升级到了20.10.13-3,解决了此问题 # seccomp解决方案 ## 全局 加上了 **seccomp-profile** 相关的配置,重启 **docker** 即可 ### /etc/docker/daemon.json ``` { "registry-mirrors": [ "https://docker.m.daocloud.io", "https://dockerproxy.com", "https://docker.mirrors.ustc.edu.cn", "https://docker.nju.edu.cn", "https://igqnfj9t.mirror.aliyuncs.com" ], "insecure-registries": [ "reg-dev.xxx.com", "reg.xxx.com" ], "seccomp-profile": "/etc/docker/seccomp.json", "log-driver": "json-file", "log-opts": {"max-size":"500m", "max-file":"1"}, "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "storage-driver": "overlay2", "storage-opts": ["overlay2.override_kernel_check=true"] } ``` ### /etc/docker/seccomp.json ``` { "seccomp.json": "unconfined" } ``` ## 局部(针对需要的容器修改) ``` version: "3" services: agent: image: grafana/agent:latest security_opt: - seccomp:unconfined volumes: - ./agent/config:/etc/agent-config entrypoint: - /bin/agent - -config.file=/etc/agent-config/agent.yaml - -metrics.wal-directory=/tmp/agent/wal - -enable-features=integrations-next - -config.expand-env - -config.enable-read-api ports: - "12345:12345" ``` # 升级docker版本 ``` yum remove docker-ce-cli-19.03.13-3.el7.x86_64 docker-ce-19.03.13-3.el7.x86_64 -y && \ yum install docker-ce-20.10.13-3.el7.x86_64 -y && \ systemctl daemon-reload && systemctl start docker ``` ## docker安装脚本 ``` #!bin/bash yum remove docker docker-common docker-selinux docker-engine -y yum install -y yum-utils device-mapper-persistent-data lvm2 #yum-config-manager --add-repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo #yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #阿里源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo #指定版本安装 #yum -y install docker-ce-17.09.0.ce && mkdir -p /data/docker #安装最新版本 yum -y install $1 && mkdir -p /data/docker #useradd opadmin #usermod -G docker opadmin sed -i "s#ExecStart=/usr/bin/dockerd#ExecStart=/usr/bin/dockerd --data-root /data/docker -H unix://#g" /usr/lib/systemd/system/docker.service mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": [ "https://docker.m.daocloud.io", "https://dockerproxy.com", "https://docker.mirrors.ustc.edu.cn", "https://docker.nju.edu.cn", "https://igqnfj9t.mirror.aliyuncs.com" ], "insecure-registries": ["reg-dev.xxx.com","reg.xxx.com"], "log-driver": "json-file", "log-opts": {"max-size":"500m", "max-file":"1"}, "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "default-address-pools":[{"base":"172.80.0.0/16","size":24},{"base":"172.90.0.0/16","size":24}] } EOF systemctl daemon-reload && systemctl start docker ``` ## 参考 https://stackoverflow.com/questions/57942371/docker-runtime-cgo-pthread-create-failed-resource-temporarily-unavailable https://github.com/containers/skopeo/issues/1501 https://alstonwilliams.github.io/%E5%AE%B9%E5%99%A8/2019/02/17/Docker-seccomp/ https://docs.docker.com/engine/security/seccomp/ https://docs.docker.com.zh.xy2401.com/engine/security/seccomp/
上一篇:
OOP
下一篇:
移动光猫相关知识
0
赞
248 人读过
新浪微博
微信
更多分享
腾讯微博
QQ空间
人人网
文档导航
sanger
