Containerd Task Fails to Start Container: ctr: failed to create shim task: OCI runtime create failed

2023-03-21

docker

Error message:

1
ctr: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/i4t/nginx/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown

The commands we ran were:

1
[root@web01 ~]# ctr -n i4t c ls
2
CONTAINER    IMAGE                             RUNTIME
3
nginx        docker.io/library/nginx:alpine    io.containerd.runc.v2
4
[root@web01 ~]# ctr -n i4t task start -d nginx
5
ctr: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/i4t/nginx/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown

The root cause is an abnormal runc, which requires reinstalling its dependency.

Solution:
This indicates that the libseccomp package is missing or incompatible. Note that on CentOS 7 the version installed via yum is 2.3, which does not meet the requirements of the latest containerd. You need to install version 2.4 or higher.

1
# Uninstall the old version
2
[i4t@web01 ~]# rpm -qa | grep libseccomp
3
libseccomp-devel-2.3.1-4.el7.x86_64
4
libseccomp-2.3.1-4.el7.x86_64
5
[i4t@web01 ~]# rpm -e libseccomp-devel-2.3.1-4.el7.x86_64 --nodeps
6
[i4t@web01 ~]# rpm -e libseccomp-2.3.1-4.el7.x86_64 --nodeps
7
# Download a package newer than 2.4
8
[i4t@web01 ~]# wget http://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/libseccomp-2.5.1-1.el8.x86_64.rpm
9
# Install it
10
[i4t@web01 ~]# rpm -ivh libseccomp-2.5.1-1.el8.x86_64.rpm
11
warning: libseccomp-2.5.1-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
12
Preparing...                          ################################# [100%]
13
Updating / installing...
14
   1:libseccomp-2.5.1-1.el8           ################################# [100%]
15
# Check the current version
16
[root@web01 ~]# rpm -qa | grep libseccomp
17
libseccomp-2.5.1-1.el8.x86_64

Run runc again:

1
[root@web01 ~]# runc
2
NAME:
3
   runc - Open Container Initiative runtime
4
runc is a command line client for running applications packaged according to
5
the Open Container Initiative (OCI) format and is a compliant implementation of the
6
Open Container Initiative specification.
7
runc integrates well with existing process supervisors to provide a production
8
container runtime environment for applications. It can be used with your
9
existing process monitoring tools and the container will be spawned as a
10
direct child of the process supervisor.
11
Containers are configured using bundles. A bundle for a container is a directory
12
that includes a specification file named "config.json" and a root filesystem.
13
The root filesystem contains the contents of the container.
14
To start a new instance of a container:
15
....