如何使用 systemd 运行 kata 容器？

问：

我正在尝试在我的 ubuntu 22.04 机器上使用 containerd 运行 带有 systemd 的 kata 容器，但我无法使其工作。我的期望是能够在 systemd 管理的容器内运行所有进程。据我了解，通过使用简单的 docker 映像（可选使用 ubuntu 作为基础）和 systemd 作为入口点，使用 kata 容器应该很容易实现这一点。

这是我尝试过的：

• 使用 apt 安装 containerd
• 按照我在他们的 github 上找到的指南安装了 kata 容器：https://github.com/kata-containers/kata-containers/blob/main/docs/install/container-manager/containerd/containerd-install.md#install-kata-containers
• 将 containerd 配置为使用 kata 容器作为运行时，根据其指南：https://github.com/kata-containers/kata-containers/blob/main/docs/install/container-manager/containerd/containerd-install.md#install-kata-containers
• 尝试运行此映像：

FROM ubuntu:22.04
LABEL maintainer="Enio Carboni"

ARG DEBIAN_FRONTEND=noninteractive

# Install: dependencies, clean: apt cache, remove dir: cache, man, doc, change mod time of cache dir.
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
       software-properties-common \
       rsyslog systemd systemd-cron sudo \
    && apt-get clean \
    && rm -Rf /usr/share/doc && rm -Rf /usr/share/man \
    && rm -rf /var/lib/apt/lists/* \
    && touch -d "2 hours ago" /var/lib/apt/lists
RUN sed -i 's/^\($ModLoad imklog\)/#\1/' /etc/rsyslog.conf

RUN rm -f /lib/systemd/system/systemd*udev* \
  && rm -f /lib/systemd/system/getty.target

VOLUME ["/sys/fs/cgroup", "/tmp", "/run"]
CMD ["/lib/systemd/systemd"]

使用以下命令：sudo ctr run --runtime io.containerd.run.kata.v2 -t docker.io/eniocarboni/docker-ubuntu-systemd:20.04 ubuntu-systemd

• 在容器内，我能够看到 pid 1，但是当我尝试运行 systemctl 时，我得到/lib/systemd/systemdSystem has not been booted with systemd as init system (PID 1). Can't operate.

• 我检查了容器内的 cgroup，似乎它没有从沙盒 vm 挂载

• 这是我的 kata-env 输出：

[Kernel]
  Path = "/opt/kata/share/kata-containers/vmlinux-6.1.38-114"
  Parameters = "systemd.unit=kata-containers.target systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket scsi_mod.scan=none"

[Meta]
  Version = "1.0.26"

[Image]
  Path = "/opt/kata/share/kata-containers/kata-ubuntu-latest.image"

[Initrd]
  Path = ""

[Hypervisor]
  MachineType = "q35"
  Version = "QEMU emulator version 7.2.0 (kata-static)\nCopyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers"
  Path = "/opt/kata/bin/qemu-system-x86_64"
  BlockDeviceDriver = "virtio-scsi"
  EntropySource = "/dev/urandom"
  SharedFS = "virtio-fs"
  VirtioFSDaemon = "/opt/kata/libexec/virtiofsd"
  SocketPath = "<<unknown>>"
  Msize9p = 8192
  MemorySlots = 10
  HotPlugVFIO = "no-port"
  ColdPlugVFIO = "no-port"
  Debug = false

[Runtime]
  Path = "/opt/kata/bin/kata-runtime"
  GuestSeLinuxLabel = ""
  Debug = false
  Trace = false
  DisableGuestSeccomp = true
  DisableNewNetNs = false
  SandboxCgroupOnly = false
  [Runtime.Config]
    Path = "/opt/kata/share/defaults/kata-containers/configuration-qemu.toml"
  [Runtime.Version]
    OCI = "1.0.2-dev"
    [Runtime.Version.Version]
      Semver = "3.2.0"
      Commit = "45687e3251604ccc71b595d37f14253c4584cd5f"
      Major = 3
      Minor = 2
      Patch = 0

[Host]
  Kernel = "6.2.0-1016-azure"
  Architecture = "amd64"
  VMContainerCapable = false
  SupportVSocks = true
  [Host.Distro]
    Name = "Ubuntu"
    Version = "22.04"
  [Host.CPU]
    Vendor = "AuthenticAMD"
    Model = "AMD Ryzen 7 5800X 8-Core Processor"
    CPUs = 8
  [Host.Memory]
    Total = 12013392
    Free = 1600656
    Available = 9015476

[Agent]
  Debug = false
  Trace = false