Search code examples
dockerdocker-compose

Error running docker-compose (unsupported config 'cpuset' and operation not permitted)

I'm currently using older versions of docker and docker-compose on my server running RHEL 7.9.

Docker version 1.13.1, build 0be3e21/1.13.1
docker-compose version 1.18.0, build 8dd22a9

My docker-compose.yml is as follows (I'm only showing parts of the file):

version: '3'
services:
  fc-1:
    image: fc
    cpuset: '0,2,4,6,8,10'
    container_name: 'fc-1'
    restart: 'unless-stopped'
    network_mode: 'host'
    volumes:
      - /etc/fc:/etc/fc
    environment:
      ...
  fc-2:
    image: fc
    cpuset: '1,3,5,7,9,11'
    container_name: 'fc-2'
    restart: 'unless-stopped'
    network_mode: 'host'
    volumes:
      - /etc/fc:/etc/fc
    environment:
      ...

There are 2 problems.

First, when I run docker-compose up, I get the following error:

ERROR: The Compose file './docker-compose.yml' is invalid because:
Unsupported config option for services.fc-1: 'cpuset'
Unsupported config option for services.fc-2: 'cpuset'

If I comment out the cpuset lines, I still cannot run it as I would get the error

runtime/cgo: pthread_create failed: Operation not permitted
SIGABRT: abort

Is this because my docker and docker-compose are too old? Would newer versions of docker still work with RHEL7? Is there any work around?

I read that I could run the container with --security-opt seccomp=unconfined, but where do I put this in the docker-compose.yml file?

ETA: I found, though using the Composerize website, that the correct way to run the container with --security-opt seccomp=unconfined, is the following:

services:
    fc-1:
        image: fc-1
        security_opt:
            - seccomp=unconfined

And to solve the cpuset issue, was to use a lower version (2 instead of 3), like @David Maze said.

Solution

  • Compose files version 2 and 3 support different sets of options. You've declared version: '3' (so version 3.0); version 3's options are more oriented towards Docker Swarm, and don't include cpuset:. Version 2 is more oriented towards single-host operation and more directly reproduces more docker run options, including cpuset:.

    If you want cpuset: to work, then you need to declare your file to use version 2 of the Compose file format

    version: '2.4' # <-- change
services:
  fc-1:
    cpuset: '0,2,4,6,8,10'

    (In practice this isn't an option you should need often. The Linux kernel does a good job of assigning processes to CPU cores and there's usually not a benefit to trying to override it.)

    If you're able to upgrade to version 2 of the Compose tool, that uses a newer "Compose Specification" format which completely ignores version:, but includes the options from both the version 2 and 3 file formats with some further additions (more specifically, including cpuset:). I tend to write version: '4.x' in files that require its functionality. If that upgrade is possible for you then it probably would also solve this problem.