docker container crashing

Question

Hi,   
  
I've basically followed this guide the docker setup guide \[1], but with one difference. Since I'm using an ARM based Raspberry Pi, I've built the armv7l docker image from \[2].  
  
Starting the docker container  
sudo docker run --rm --init -it --name aws-iot-greengrass --entrypoint /greengrass-entrypoint.sh -v /tmp/certs:/greengrass/certs -v /tmp/config:/greengrass/config -v /tmp/log:/greengrass/ggc/var/log -p 8883:8883 armv7l/aws-iot-greengrass:1.9.1  
  
I then see a fatal error occuring in log/system/runtime.log:

```
[2019-05-14T14:31:59.282Z][INFO]-Downloading artifact.  {"artifactId": "blabla"}
[2019-05-14T14:32:00.761Z][INFO]-Successfully downloaded the artifact.  {"artifactId": "blabla"}
[2019-05-14T14:32:01.994Z][INFO]-Finished executing the group downloading step.
[2019-05-14T14:32:01.994Z][INFO]-Stopping All running workers.
[2019-05-14T14:32:01.994Z][INFO]-Stopping all workers.
[2019-05-14T14:32:01.994Z][INFO]-Lifecycle manager is stopped.
[2019-05-14T14:32:02.034Z][INFO]-The current core is using the AWS IoT certificates with fingerprint.   {"fingerprint": "blabla"}
[2019-05-14T14:32:02.039Z][INFO]-Finding mounted cgroups.
[2019-05-14T14:32:02.063Z][INFO]-Starting file sync.    {"src": "/etc/resolv.conf", "dst": "/greengrass/ggc/packages/1.9.1/dns/etc/resolv.conf"}
[2019-05-14T14:32:02.08Z][FATAL]-Failed to reset thread's mount namespace due to an unexpected error. To maintain consistency, GGC will crash and need to be manually restarted.       {"errorString": "operation not permitted"}
```

Why does this happen?  
  
\[1] https://docs.aws.amazon.com/greengrass/latest/developerguide/run-gg-in-docker-container.html   
\[2] https://d1onfpft10uf5o.cloudfront.net/greengrass-core/downloads/1.9.1/aws-greengrass-docker-1.9.1.tar.gz

Answer

Thanks KR-AWS,   
I thought I had switched to NoContainer already, but apparently not.  
  
> If you change the container mode for your Lambda it should work. You might want to specify the group default to non-container.  
  
It seems like overriding to IsolationMode: NoContainer for my single Lambda was not sufficient (while keeping the default setting for group function defaults). I actually had to specify the group default to get it working.

Answer

Hi andersgb,  
  
From the Greengrass Dockerfile README.md, https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html#gg-docker-download  
  
If you see the error message ```\[FATAL]-Failed to reset thread's mount namespace due to an unexpected error: "operation not permitted". To maintain consistency, GGC will crash and need to be manually restarted.``` in ```/greengrass/ggc/var/log/system/runtime.log```. This is most probably caused by deploying a ```GreengrassContainer``` lambda to ```GGC running in Docker Container``` as this use-case is not yet supported. All the lambdas should be deployed in ```NoContainer``` mode. To fix this, disregard the current deployment stuck ```In Progress```. Start a new deployment and make sure that all the lambdas are deployed in ```NoContainer``` mode. After that, while starting the GGC Docker Container, do not bind-mount the existing ```deployment``` directory onto ```GGC Docker Container```. Create a new empty ```deployment``` directory in its place and bind-mount that in the ```GGC Docker container``` instead. New GGC Docker Container should receive the latest deployment with lambdas running in ```NoContainer``` mode.  
  
If you change the container mode for your Lambda it should work. You might want to specify the group default to non-container.  
  
Thanks,  
KR-AWS

docker container crashing

Relevant content