F0626 19:55:06.745273 60563 kubelet.go:1384] Failed to start ContainerManager [open /proc/sys/vm/overcommit_memory: permission denied, open /proc/sys/kernel/panic: permission denied, open /proc/sys/kernel/panic_on_oops: permission denied
We usually see this error when the LXD profile hasn't been applied. Can you confirm that the profile has been applied with the name "juju-kubernetes", and that the instances are using it?
Command with example output below. This will show you both the profile contents, and the instances that are using the profile:
Reading through your original description more carefully, this stood out:
> I have built a five machine lxd cluster using MaaS.
Ah! I don't think we've tested the case where an LXD cluster spans multiple machines. I'm not too familiar with this scenario - is it possible you need to apply the LXD profile on all five hosts?
Thanks. This is the fatal error:
F0626 19:55:06.745273 60563 kubelet.go:1384] Failed to start ContainerManager [open /proc/sys/ vm/overcommit_ memory: permission denied, open /proc/sys/ kernel/ panic: permission denied, open /proc/sys/ kernel/ panic_on_ oops: permission denied
We usually see this error when the LXD profile hasn't been applied. Can you confirm that the profile has been applied with the name "juju-kubernetes", and that the instances are using it?
Command with example output below. This will show you both the profile contents, and the instances that are using the profile:
$ lxc profile show juju-kubernetes kernel_ modules: ip_tables, ip6_tables, netlink_ diag,nf_ nat,overlay apparmor. profile= unconfined mount.auto= proc:rw sys:rw privileged: "true" nf_conntrack/ parameters/ hashsize apparmor/ parameters/ enabled /juju-d5cfa2- 0 /juju-d5cfa2- 1 /juju-d5cfa2- 2 /juju-d5cfa2- 3 /juju-d5cfa2- 4 /juju-d5cfa2- 6 /juju-d5cfa2- 5 /juju-d5cfa2- 7 /juju-d5cfa2- 9 /juju-d5cfa2- 8
config:
boot.autostart: "true"
linux.
raw.lxc: |
lxc.
lxc.
lxc.cap.drop=
security.nesting: "true"
security.
description: ""
devices:
aadisable:
path: /sys/module/
source: /dev/null
type: disk
aadisable1:
path: /sys/module/
source: /dev/null
type: disk
aadisable2:
path: /dev/kmsg
source: /dev/kmsg
type: unix-char
name: juju-kubernetes
used_by:
- /1.0/containers
- /1.0/containers
- /1.0/containers
- /1.0/containers
- /1.0/containers
- /1.0/containers
- /1.0/containers
- /1.0/containers
- /1.0/containers
- /1.0/containers
Reading through your original description more carefully, this stood out:
> I have built a five machine lxd cluster using MaaS.
Ah! I don't think we've tested the case where an LXD cluster spans multiple machines. I'm not too familiar with this scenario - is it possible you need to apply the LXD profile on all five hosts?