AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : blog
blog

Table des matières

2 billet(s) pour janvier 2026

Git - Duplication d'un dépôt2026/01/19 10:22Jean-Baptiste
Exemple simple de conf Nagios2026/01/14 10:07Jean-Baptiste

Err podman - User-selected graph driver overlay overwritten by graph driver vfs from database

Voir :

Voir aussi :

  • CONTAINERD_SNAPSHOTTER
$ podman search nginx
ERRO[0000] User-selected graph driver "overlay" overwritten by graph driver "vfs" from database - delete libpod local files ("/home/jean/.local/share/containers/storage") to resolve.  May prevent use of images created by other tools 
ERRO[0000] User-selected graph driver "overlay" overwritten by graph driver "vfs" from database - delete libpod local files ("/home/jean/.local/share/containers/storage") to resolve.  May prevent use of images created by other tools 
$ podman info --format '{{ .Store.GraphDriverName }}'
podman info --format '{{ .Store.GraphDriverName }}'
ERRO[0000] User-selected graph driver "overlay" overwritten by graph driver "vfs" from database - delete libpod local files ("/home/jean/.local/share/containers/storage") to resolve.  May prevent use of images created by other tools 
vfs

~/.config/containers/storage.conf 

[storage]
driver = "overlay"
[storage.options]
mount_program = "/usr/bin/fuse-overlayfs"
$ nerdctl info | grep -i "storage"
 Storage Driver: overlayfs
  Storage: native overlayfs
$ ls -lh /home/jean/.local/share/containers/storage/libpod/bolt_state.db 
-rw------- 1 jean jean 128K sep 30 14:26 /home/jean/.local/share/containers/storage/libpod/bolt_state.db
env STORAGE_DRIVER=vfs podman search nginx
env STORAGE_DRIVER=overlayfs podman search nginx

Solution

rm ~/.config/containers/storage.conf
mv /home/jean/.local/share/containers/storage/libpod/ /home/jean/.local/share/containers/storage/libpod.bak

Voir aussi 

podman system reset

Autres

# ctr plugins ls | grep snapshot
io.containerd.snapshotter.v1           blockfile                linux/amd64    skip      
io.containerd.snapshotter.v1           btrfs                    linux/amd64    skip      
io.containerd.snapshotter.v1           devmapper                linux/amd64    skip      
io.containerd.snapshotter.v1           native                   linux/amd64    ok        
io.containerd.snapshotter.v1           overlayfs                linux/amd64    ok        
io.containerd.snapshotter.v1           aufs                     linux/amd64    skip      
io.containerd.snapshotter.v1           zfs                      linux/amd64    skip      
io.containerd.service.v1               snapshots-service        -              ok        
io.containerd.grpc.v1                  snapshots                -              ok
sudo ctr containers info my-container
2025/09/30 21:44 · Jean-Baptiste
, ,

Pb cgroup controllers not delegated to non-privileged users - SystemD delegate failed - cgroupControllers

Voir aussi :

Source : https://unix.stackexchange.com/questions/624428/cgroups-v2-cgroup-controllers-not-delegated-to-non-privileged-users-on-centos-s 

$ podman info --format '{{json .}}' | jq .host.cgroupControllers
[]
 
$ cat /sys/fs/cgroup/user.slice/user-1003.slice/cgroup.controllers
 
$ cat /sys/fs/cgroup/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers

/etc/systemd/system/user-0.slice 

[Unit]
Before=systemd-logind.service
 
[Slice]
Slice=user.slice
 
[Install]
WantedBy=multi-user.target

/etc/systemd/system/user@.service.d/delegate.conf 

[Service]
Delegate=cpu cpuset io memory pids

/etc/systemd/system/user-.slice.d/override.conf 

[Slice]
CPUAccounting=yes
MemoryAccounting=yes
IOAccounting=yes
TasksAccounting=yes
chmod a+r /etc/systemd/system/user-0.slice 
chmod a+r /etc/systemd/system/user@.service.d/delegate.conf
chmod a+r /etc/systemd/system/user-.slice.d/override.conf
 
systemctl daemon-reload
systemctl --user daemon-reload

Vérif (avec le compte utilisateur) 

cat /sys/fs/cgroup/user.slice/user-$(id -u).slice/user@$(id -u).service/cgroup.controllers
$ cat /sys/fs/cgroup/user.slice/user-1000.slice/cgroup.controllers
cpuset cpu io memory pids

$ podman info --format '{{json .}}' | jq .host.cgroupControllers
[
  "cpuset",
  "cpu",
  "io",
  "memory",
  "pids"
]

Autres

Pour information : /usr/lib/systemd/system/user-.slice.d/10-defaults.conf 

#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
 
[Unit]
Description=User Slice of UID %j
After=systemd-user-sessions.service
StopWhenUnneeded=yes
 
[Slice]
TasksMax=80%

FIXME

2025/09/29 14:21 · Jean-Baptiste
, , ,

Trouver les fichiers dupliqués - double - doublon

find . -not -empty -type f -exec md5sum {} \; | sort | uniq -w32 -dD

Avec fdupes (voir aussi jdupes) 

fdupes -rnN OpsMilori OpsMilori2

FIXME

2025/09/19 10:10 · Jean-Baptiste
, ,

Pb encodage fichier ansible-lint yamllint

Erreurs

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe9 in position 824: invalid continuation byte
iconv: illegal input sequence at position 824

ansible-lint plante lors de l'analyse d'un fichier YAML

Aucune erreur avec yamllint (parce qu'il ne fait pas les includes) 

ansible-lint --offline app/plop.yml

Analyse et solution

$ strace --trace=%file ansible-lint --offline app/plop.yml
---
stat("/data/ansible/roles/app1/tasks/inventory_plugins", 0x7ffc4f077930) = -1 ENOENT (No such file or directory)
stat("/data/ansible/roles/app1/tasks/httpapi_plugins", 0x7ffc4f077930) = -1 ENOENT (No such file or directory)
stat("/data/ansible/roles/app1/tasks/become_plugins", 0x7ffc4f077930) = -1 ENOENT (No such file or directory)
getcwd("/data/ansible/playbooks", 1024) = 24
getcwd("/data/ansible/playbooks", 1024) = 24
getcwd("/data/ansible/playbooks", 1024) = 24
stat("/data/ansible/roles/plop/tasks/main.yml", {st_mode=S_IFREG|0640, st_size=1002, ...}) = 0
openat(AT_FDCWD, "/data/ansible/roles/plop/tasks/main.yml", O_RDONLY|O_CLOEXEC) = 6
Traceback (most recent call last):
  File "/data/venv-ansible/lib64/python3.9/site-packages/ansible/parsing/utils/yaml.py", line 72, in from_yaml
openat(AT_FDCWD, "/data/venv-ansible/lib64/python3.9/site-packages/ansible/parsing/utils/yaml.py", O_RDONLY|O_CLOEXEC) = 6
    new_data = json.loads(data, cls=AnsibleJSONDecoder)
  File "/usr/lib64/python3.9/json/__init__.py", line 359, in loads
openat(AT_FDCWD, "/usr/lib64/python3.9/json/__init__.py", O_RDONLY|O_CLOEXEC) = 6
return cls(**kw).decode(s)
File "/usr/lib64/python3.9/json/decoder.py", line 337, in decode
openat(AT_FDCWD, "/usr/lib64/python3.9/json/decoder.py", O_RDONLY|O_CLOEXEC) = 6
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib64/python3.9/json/decoder.py", line 355, in raw_decode
openat(AT_FDCWD, "/usr/lib64/python3.9/json/decoder.py", O_RDONLY|O_CLOEXEC) = 6
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/data/venv-ansible/bin/ansible-lint", line 8, in <module>
openat(AT_FDCWD, "/data/venv-ansible/bin/ansible-lint", O_RDONLY|O_CLOEXEC) = 6
---
$ file /data/ansible/roles/plop/tasks/main.yml
/data/ansible/roles/plop/tasks/main.yml: ISO-8859 text
$ yamllint /data/ansible/roles/plop/tasks/main.yml
Traceback (most recent call last):
  File "/data/venv-ansible/bin/yamllint", line 8, in <module>
    sys.exit(run())
  File "/data/venv-ansible/lib64/python3.9/site-packages/yamllint/cli.py", line 227, in run
    prob_level = show_problems(problems, file, args_format=args.format,
  File "/data/venv-ansible/lib64/python3.9/site-packages/yamllint/cli.py", line 102, in show_problems
    for problem in problems:
  File "/data/venv-ansible/lib64/python3.9/site-packages/yamllint/linter.py", line 191, in _run
    buffer = decoder.auto_decode(buffer)
  File "/data/venv-ansible/lib64/python3.9/site-packages/yamllint/decoder.py", line 71, in auto_decode
    return stream_data.decode(encoding=detect_encoding(stream_data))
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe9 in position 824: invalid continuation byte

Diffing 

$ diff <(cat -A /data/ansible/roles/plop/tasks/main.yml) <(cat /data/ansible/roles/plop/tasks/main.yml | sed -e 's/$/$/')
26c26
<     guest_source_file_path: 'C:\\Users\\{{ vm_app_user }}\\Desktop\\DM-imarrage CIE*'$
---
>     guest_source_file_path: 'C:\\Users\\{{ vm_app_user }}\\Desktop\\Dmarrage CIE*'$
29c29
<     vm_admin_password: "{{ vm_app_password }}"
\ No newline at end of file
---
>     vm_admin_password: "{{ vm_app_password }}"$
$ iconv -t utf-8 /data/ansible/roles/plop/tasks/main.yml > /data/ansible/roles/plop/tasks/main.yml.new
iconv: illegal input sequence at position 824
iconv -f iso-8859-15 -t utf-8 /data/ansible/roles/plop/tasks/main.yml > /data/ansible/roles/plop/tasks/main.yml.new
 
mv /data/ansible/roles/plop/tasks/main.yml /data/ansible/roles/plop/tasks/main.yml.bad
mv /data/ansible/roles/plop/tasks/main.yml.new /data/ansible/roles/plop/tasks/main.yml
$ yamllint /data/ansible/roles/plop/tasks/main.yml.new
/data/ansible/roles/plop/tasks/main.yml.new
  3:16      error    trailing spaces  (trailing-spaces)
  26:81     error    line too long (83 > 80 characters)  (line-length)
  29:47     error    no new line character at the end of file  (new-line-at-end-of-file)

PS : pour ansible-lint il est important que le fichier ait l’extension yml ou yaml.

2025/09/18 17:59 · Jean-Baptiste
, , , ,

CRI runtimes - Container Runtime Interface

Brouillon

Voir :

Voir Docker est mort :

CRI runtimes - Container Runtime Interface

Voir :

https://www.mirantis.com/blog/cri-dockerd-faq-blog/ dockershim and cri-dockerd

mirantis migrate nodes from dockershim

Voir l'option --cri-containerd

Docker does not implement CRI. If you're going to use Docker you need to also install cri-dockerd to translate cri API to docker API.

Plus Docker (Dockershim) support was removed since 1.24 in K8S

https://kubernetes.io/docs/setup/production-environment/container-runtimes/

Mirantis Container Runtime (MCR) is a commercially available container runtime that was formerly known as Docker Enterprise Edition.

Compraratif https://medium.com/norma-dev/benchmarking-containerd-vs-dockerd-performance-efficiency-and-scalability-64c9043924b1

CRI-O vs Docker https://www.suse.com/c/fr/podman-et-cri-o-le-nouveau-duo-de-la-conteneurisation/ Podman utilise CRI-O

Podman Podman is a daemonless, open source containerization tool used in lab exercises as a replacement for Docker.

Podman implements CRI-O, while Docker implements “CRI”.

Autres

Isolation MicroVM des containers :

  • Kata Container
  • Firecracker

https://blog.octo.com/securite-pods-isolation-runtimeclass

https://blog.stephane-robert.info/docs/conteneurs/moteurs-conteneurs/incus/

https://blog.devops.dev/who-is-the-better-container-runtime-docker-podman-containerd-or-cri-o-034c8eee879b

crun a container runtime written in C (by contrast, runc is written in Go.) firecracker-containerd from AWS, which implements the OCI specification as individual lightweight VMs (and it is also the same technology which powers AWS Lambda) gVisor from Google, which creates containers that have their own kernel. It implements OCI in its runtime called runsc.

https://vineetcic.medium.com/the-differences-between-docker-containerd-cri-o-and-runc-a93ae4c9fdac

2025/09/17 14:42 · Jean-Baptiste
, , ,

<< Billets récents | Anciens billets >>

blog.txt · Dernière modification : de 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki