Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alpine Template not working #43

Closed
midirhee12 opened this issue Nov 10, 2021 · 5 comments · Fixed by #46
Closed

Alpine Template not working #43

midirhee12 opened this issue Nov 10, 2021 · 5 comments · Fixed by #46

Comments

@midirhee12
Copy link

Firstly, all other attempted templates work just fine.

Required information

  • Distribution: Debian 11: Bullseye (nearly fresh install)

LXC Outputs

  • lxc-start --version: 4.0.6
  • lxc-checkconfig:
LXC version 4.0.6
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-5.10.0-9-amd64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 


Cgroup v2 mount points: 
/sys/fs/cgroup

Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup namespace: required
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: 

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

General System Outputs

  • uname -a: Linux <hostname> 5.10.0-9-amd64 lxc/lxc#1 SMP Debian 5.10.70-1 (2021-09-30) x86_64 GNU/Linux
  • cat /proc/self/cgroup: 0::/user.slice/user-1000.slice/session-1.scope
  • cat /proc/1/mounts:
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
udev /dev devtmpfs rw,nosuid,relatime,size=8137956k,nr_inodes=2034489,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,nodev,noexec,relatime,size=1637504k,mode=755 0 0
/dev/sda2 / ext4 rw,relatime,errors=remount-ro 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0
cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime 0 0
pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0
efivarfs /sys/firmware/efi/efivars efivarfs rw,nosuid,nodev,noexec,relatime 0 0
none /sys/fs/bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12720 0 0
mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0
tracefs /sys/kernel/tracing tracefs rw,nosuid,nodev,noexec,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,nosuid,nodev,noexec,relatime 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,relatime,pagesize=2M 0 0
configfs /sys/kernel/config configfs rw,nosuid,nodev,noexec,relatime 0 0
fusectl /sys/fs/fuse/connections fusectl rw,nosuid,nodev,noexec,relatime 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/sda5 /tmp ext4 rw,relatime 0 0
/dev/sda3 /var ext4 rw,relatime 0 0
/dev/sda6 /home ext4 rw,relatime 0 0
/dev/loop1 /snap/core/11993 squashfs ro,nodev,relatime 0 0
/dev/loop2 /snap/core20/1169 squashfs ro,nodev,relatime 0 0
lxcfs /var/lib/lxcfs fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
tmpfs /run/snapd/ns tmpfs rw,nosuid,nodev,noexec,relatime,size=1637504k,mode=755 0 0
tmpfs /run/user/1000 tmpfs rw,nosuid,nodev,relatime,size=1637500k,nr_inodes=409375,mode=700,uid=1000,gid=1000 0 0

Steps to reproduce

Running sudo lxc-create -t alpine -n test1 will output:

Obtaining an exclusive lock... done

==> Fetching and/or verifying APK keys
alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub: OK
alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub: OK
alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub: OK
alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub: OK
alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub: OK
alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub: OK
alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub: OK
alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub: OK
Obtaining an exclusive lock... done

==> Installing Alpine Linux in /var/lib/lxc/test1/rootfs
(1/20) Installing musl (1.2.2-r3)
(2/20) Installing busybox (1.33.1-r3)
Executing busybox-1.33.1-r3.post-install
(3/20) Installing alpine-baselayout (3.2.0-r16)
Executing alpine-baselayout-3.2.0-r16.pre-install
Executing alpine-baselayout-3.2.0-r16.post-install
(4/20) Installing ifupdown-ng (0.11.3-r0)
(5/20) Installing openrc (0.43.3-r2)
Executing openrc-0.43.3-r2.post-install
(6/20) Installing alpine-conf (3.12.0-r0)
(7/20) Installing libcrypto1.1 (1.1.1l-r0)
(8/20) Installing libssl1.1 (1.1.1l-r0)
(9/20) Installing ca-certificates-bundle (20191127-r5)
(10/20) Installing libretls (3.3.3p1-r2)
(11/20) Installing ssl_client (1.33.1-r3)
(12/20) Installing zlib (1.2.11-r3)
(13/20) Installing apk-tools (2.12.7-r0)
(14/20) Installing busybox-suid (1.33.1-r3)
(15/20) Installing busybox-initscripts (3.3-r1)
Executing busybox-initscripts-3.3-r1.post-install
(16/20) Installing scanelf (1.3.2-r0)
(17/20) Installing musl-utils (1.2.2-r3)
(18/20) Installing libc-utils (0.7.2-r3)
(19/20) Installing alpine-keys (2.4-r0)
(20/20) Installing alpine-base (3.14.2-r0)
Executing busybox-1.33.1-r3.trigger
OK: 9 MiB in 20 packages
mknod: dev/zero: File exists
lxc-create: test1: lxccontainer.c: create_run_template: 1616 Failed to create container from template
lxc-create: test1: tools/lxc_create.c: main: 319 Failed to create container test1

Also, possibly related with nearly identical error: lxc/lxc#609 (yes, I know this is necromancy, but the error message makes me question its relationship)
@stgraber stgraber transferred this issue from lxc/lxc Nov 10, 2021
@midirhee12
Copy link
Author

midirhee12 commented Nov 11, 2021
edited

@stgraber Is no one working on these? It seems like all issues are just being left open and no one is progressing them. Very little response in this repo.

@midirhee12
Copy link
Author

It seems as if the issue is here: https://github.com/lxc/lxc-templates/blob/master/templates/lxc-alpine.in#L216

@stgraber
Copy link
Member

As far as upstream is concerned, lxc-templates is no longer part of LXC proper and so no longer covered by our release process, LTS, ... That's because we've now been using distrobuilder for quite a few years with its images being available through the lxc-download template or using lxc-local for consumption of locally generated images.

We do still review and merge pull requests on this repo though and usually make a release tarball for it as well as for python3-lxc whenever we tag a major release.

@midirhee12
Copy link
Author

Got it. Thanks. I'll make a pull request if I have any further work. But I'll probably use the existing upstream methods instead.

4oo4 added a commit to 4oo4/lxc-templates that referenced this issue Jun 8, 2022
@4oo4
Fix lxc#43 - let lxc config create character devices
262ac8f 
Creating lxc containers will error out when trying to create character devices with "file exists". This does not appear to be necessary for most of them since they get created when you actually start the container.
@4oo4 4oo4 mentioned this issue Jun 8, 2022
Merged
@4oo4
Copy link
Contributor

4oo4 commented Jun 8, 2022
edited

@cvoges12 I'm not an expert with lxc and don't know why the build template did mknod for all those character devices, but you can remove most of them and the container will build OK. When you start the container I believe that's what creates character devices, I verified they were all there. I have built many alpine containers (but none recently) and for some reason that worked OK on all of them until now.

Then there was a separate issue of new apk keys being introduced in alpine 3.15 that aren't listed in the template (and also you had to go to a different URL to grab them), and that is fixed now too.

4oo4 added a commit to 4oo4/lxc-templates that referenced this issue Jun 8, 2022
@4oo4
Update alpine keys URI - fix package verification
2163a7e 
Alpine started using https://git.alpinelinux.org/aports/plain/main/alpine-keys/ to publish their apk keys as of 3.15, so using the old URI will give errors about signature verification since a required key is missing

Remove old key

Fix lxc#43 - let lxc config create character devices

Creating lxc containers will error out when trying to create character devices with "file exists". This does not appear to be necessary for most of them since they get created when you actually start the container.

Signed-off-by: 4oo4 <4oo4@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix alpine lxc build 4oo4/lxc-templates
3 participants
@stgraber @4oo4 @midirhee12