use cri-o to run pod and container when `cgroup_manager=systemd`

When you switch the cgroup manager to systemd in /etc/crio/crio.conf, you have to modify the pod yaml/json to give the cgroup_parent a slice instead.So in your sandbox_config.json change

"linux": {        "cgroup_parent": "/Burstable/pod_123-456",

to something like this

"linux": {        "cgroup_parent": "podabc.slice",

Try re-creating your pod and it should start up fine now.

I have found a successful demo in crictl.md.

I think it may be the linux cgroup config in sandbox_config.json above is not suitable for systemd.

$ cat pod-config.json{    "metadata": {        "name": "nginx-sandbox",        "namespace": "default",        "attempt": 1,        "uid": "hdishd83djaidwnduwk28bcsb"    },    "log_directory": "/tmp",    "linux": {    }}$ cat container-config.json{  "metadata": {      "name": "busybox"  },  "image":{      "image": "busybox"  },  "command": [      "top"  ],  "log_path":"busybox/0.log",  "linux": {  }}

However, I still don't know how to config the linux.* in sandbox_config.json for systemd.

One thing I've had to do is set my cgroup-manager for crictl to systemd:in crictl.yaml:

runtime-endpoint: unix:///var/run/crio/crio.sockcgroup-manager: systemd

As I understand it, you don't need to specify a cgroup in the pod config (you can, but it's not required). CRI-O and crictl just have to be asking for the same cgroup hierarchy