Add an option to disable kernel memory limiting

[paulfelix]

Attempting to set a kernel memory limit when running containers on some systems causes a fatal error. The error message is "kernel memory accounting disabled in this runc build".

This happens because github.com/opencontainers/runc (part of containerd.io) has been built for some systems (like CentOS) with the nokmem option. So for these systems, we need to disable kernel memory limiting.

[rdallman]

hmm, it may be better just to check this in startup and quit with a nice error. memory limits are kinda key to the whole thing, it would not be a very fun experience without them (thrashing) and makes scheduling functions really challenging. unless there's another way to limit memory on these kinds of systems? we should probably recommend an alternate docker/runc installation in these cases?

thanks for reporting, this is unfortunate.

[paulfelix]

Here is more info on why this is an issue.

There was some problem found when setting kernel memory limits on containers running on systems with Linux kernel version 3.x (e.g., CentOS 7):
opencontainers/runc#1725

So the solution was to introduce a nokmem build option for github.com/opencontainers/runc, and use that option when building on Linux kernel 3.x systems.

Thus, there seems to be two options:

1. Downgrade your system's containerd.io to containerd.io-1.2.2-3.3.el7 (a version not built with nokmem) and hope you don't run into the same issue.

2. Don't run Fn server on a Linux kernel 3.x system.

But, In cases where we are in full control of the Fn host environment and its functions, it would be REALLY NICE to have an Fn server config option that disables kernel memory limit setting.

[praveendk]

is containerd.io-1.2.2-3.3.el7 is installed as part of docker install? or fn?

[denismakogon]

@praveendk docker, Fn is self-contained binary.