我已经创建了一个 VRF,并且已经将接口和路由添加到了我的 VRF。我的 VRF 如下所示。
我的 VRF 名为 wan1:
[root@host ~]# ip route list vrf wan1
default via 12.12.12.12 dev enp1s0.4025
12.12.12.0/25 dev enp1s0.4025 proto kernel scope link src 12.12.12.1
12.12.12.1 dev enp1s0.4025 scope link
我的 VRF 可以 ping 通:
[root@host ~]# ping 8.8.8.8 -I wan1
ping: Warning: source address might be selected on device other than wan1.
PING 8.8.8.8 (8.8.8.8) from 12.12.12.12 wan1: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=120 time=4.54 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=120 time=4.54 ms
但是,当我尝试在 VRF 中启动程序时,出现以下错误:
[root@host ~]# ip vrf exec wan1 /usr/sbin/ssh [email protected]
Failed to mount cgroup2: No such file or directory
我知道我的内核支持:
[root@host network-scripts]# cat /proc/filesystems
nodev sysfs
nodev rootfs
nodev ramfs
nodev bdev
nodev proc
nodev cpuset
nodev cgroup
nodev cgroup2
nodev tmpfs
nodev devtmpfs
nodev configfs
nodev debugfs
nodev tracefs
nodev securityfs
nodev sockfs
nodev dax
nodev bpf
nodev pipefs
nodev hugetlbfs
nodev devpts
nodev autofs
nodev pstore
nodev efivarfs
nodev mqueue
nodev selinuxfs
xfs
vfat
知道我为什么会收到这个错误吗?我在 Centos 7 上运行,内核为 4.17.10-1
谢谢你的帮助
编辑:这是完整的堆栈跟踪:
[root@host tmp]# strace ip vrf exec wan1 /usr/sbin/ssh [email protected]
execve("/usr/sbin/ip", ["ip", "vrf", "exec", "wan1", "/usr/sbin/ssh", "[email protected]"], [/* 25 vars */]) = 0
brk(NULL) = 0x1714000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa21313c000
access("/etc/ld.so.preload", R_OK) = 0
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
close(3) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=32868, ...}) = 0
mmap(NULL, 32868, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fa213133000
close(3) = 0
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=19776, ...}) = 0
mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fa212d18000
mprotect(0x7fa212d1a000, 2097152, PROT_NONE) = 0
mmap(0x7fa212f1a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fa212f1a000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P%\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2173512, ...}) = 0
mmap(NULL, 3981792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fa21294b000
mprotect(0x7fa212b0e000, 2093056, PROT_NONE) = 0
mmap(0x7fa212d0d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c2000) = 0x7fa212d0d000
mmap(0x7fa212d13000, 16864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fa212d13000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa213132000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa213130000
arch_prctl(ARCH_SET_FS, 0x7fa213130740) = 0
mprotect(0x7fa212d0d000, 16384, PROT_READ) = 0
mprotect(0x7fa212f1a000, 4096, PROT_READ) = 0
mprotect(0x669000, 4096, PROT_READ) = 0
mprotect(0x7fa21313d000, 4096, PROT_READ) = 0
munmap(0x7fa213133000, 32868) = 0
socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_ROUTE) = 3
setsockopt(3, SOL_SOCKET, SO_SNDBUF, [32768], 4) = 0
setsockopt(3, SOL_SOCKET, SO_RCVBUF, [1048576], 4) = 0
setsockopt(3, SOL_NETLINK, 11, [1], 4) = 0
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=1736, groups=00000000}, [12]) = 0
sendmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{",\0\0\0\22\0\1\0\347\305`[\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 44}], msg_controllen=0, msg_flags=0}, 0) = 44
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{NULL, 0}], msg_controllen=0, msg_flags=MSG_TRUNC}, MSG_PEEK|MSG_TRUNC) = 1316
brk(NULL) = 0x1714000
brk(0x1735000) = 0x1735000
brk(NULL) = 0x1735000
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"$\5\0\0\20\0\0\0\347\305`[\310\6\0\0\0\0\1\0\6\0\0\0\301\4\1\0\0\0\0\0"..., 1316}], msg_controllen=0, msg_flags=0}, 0) = 1316
open("/proc/mounts", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa21313b000
read(4, "sysfs /sys sysfs rw,seclabel,nos"..., 1024) = 1024
read(4, "0 0\ncgroup /sys/fs/cgroup/pids c"..., 1024) = 1024
read(4, "emd-1 /proc/sys/fs/binfmt_misc a"..., 1024) = 580
read(4, "", 1024) = 0
read(4, "", 1024) = 0
close(4) = 0
munmap(0x7fa21313b000, 4096) = 0
stat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/var/run", {st_mode=S_IFDIR|0755, st_size=800, ...}) = 0
stat("/var/run/cgroup2", {st_mode=S_IFDIR|0755, st_size=40, ...}) = 0
mount("none", "/var/run/cgroup2", "cgroup2", 0, NULL) = -1 ENOENT (No such file or directory)
write(2, "Failed to mount cgroup2: No such"..., 51Failed to mount cgroup2:No such file or directory) = 51
exit_group(1) = ?
+++ exited with 1 +++
答案1
我不熟悉 VRF,但看起来您在安装 cgroup v2 时遇到了问题。根据文档(https://www.kernel.org/doc/Documentation/cgroup-v2.txt) 命令应该是这样的:
mount -t cgroup2 none $MOUNT_POINT
您可以尝试使用以下命令检查它尝试挂载 cgroupv2 的位置:
strace -e trace=mount ip vrf exec wan1 /usr/sbin/ssh [email protected]
也许它试图将 cgroup 挂载到不存在的目录中。但这只是我的猜测。