Pivotal Knowledge Base

Follow

Garden FIM Compatibility issue "Cannot set limits on the memory cgroup"

Environment

Pivotal Cloud Foundry (PCF) Deployments 1.11 and above with the File Integrity Monitoring (FIM) add-on deployed to Diego cells. 

Symptom

This article is about the PCF configurations where the File Integrity Monitoring (FIM) add-on deployed to Diego cells. 

CF pushing an app fails and prints:

"cannot set limits on the memory cgroup, as the container has not joined it"

This was originally discovered and reported by the Diego team (https://github.com/cloudfoundry/garden-runc-release/issues/74)

Cause

FIM colocated alongside Garden has a rare compatibility issue. FIM will make system resources (cgroups) temporarily unavailable to garden during FIM's startup. If Garden happens to create a container during this time, it will fail with the above message.

Resolution

Subsequent CF pushes won't fail for the same reason after a few seconds. This because a few seconds is more than enough time for FIM to remount the cgroups.

We're not aware of this ever occurring in production, it was self-discovered by Diego. FIM is doing work to prevent this problem from occurring in future versions of FIM.

Comments

Powered by Zendesk