Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LXD on Ubuntu-Core #3924

Closed
ddag opened this issue Oct 9, 2017 · 27 comments
Assignees

Comments

@ddag
Copy link

@ddag ddag commented Oct 9, 2017

I'm trying to run an Ubuntu-Core 16 container inside of 16.04 server. However, I get an "Unable to talk to LXD" error:

$ lxd --version
2.0.10
$ lxc list
+---------------+---------+------+------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+---------------+---------+------+------+------------+-----------+
| core1 | RUNNING | | | PERSISTENT | 0 |
+---------------+---------+------+------+------------+-----------+
$ lxc config set core1 security.nesting true
$ lxc exec core1 bash
root@core1:# snap install lxd
lxd 2.18 from 'canonical' installed
root@core1:
# lxd --version
2.18
root@core1:~# lxd init
error: Unable to talk to LXD: Get http://unix.socket/1.0: dial unix /var/snap/lxd/common/lxd/unix.socket: connect: no such file or directory

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 9, 2017

I'll take a look into this soon.

@stgraber stgraber self-assigned this Oct 9, 2017
@ddag

This comment has been minimized.

Copy link
Author

@ddag ddag commented Oct 9, 2017

There is something definitely wrong with the integration of lxd in core and the lxd daemon on the host. Reboot does not restart the container. A shutdown, then a lxc start does not work either. A lxc stop, then start does not work. The core container becomes inaccessible (need to delete and create a new one to get back into core again).

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

The problem is that Ubuntu Core auto-updates itself and in this case managed to auto-update itself into a broken state where it won't start again...

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

Right, so fixing that particular issue then gets me an updated core container which then runs LXD perfectly fine...

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

Pushing the fix to Jenkins and triggering a rebuild of the Ubuntu Core image should take care of that.
I also need to look at why our image is using such an old core snap...

@ddag

This comment has been minimized.

Copy link
Author

@ddag ddag commented Oct 10, 2017

When will the new image be available ? Yes, I also noticed that a "snap refresh" would keep prompting "Waiting for restart..." over and over, but if I did "snap refresh pc-kernel", it updated core and pc as well without the restart prompts.

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

Ok, so the problem is that the Ubuntu Core people haven't promoted a new image to stable since June... that means that the image is very very outdated and doesn't work well inside LXD until you run an initial "snap refresh" and reboot the container.

I just had a discussion with the team responsible for building the Ubuntu Core images about at least having daily images setup that we can pull from and then have the Ubuntu Core folks actually QA that stuff and promote images more often than every 6 months or so.

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

On my side all that I can do is fix our init wrapper script and rebuild the image with it. That won't make it up to date but it will at least make it work after refresh, at which point installing LXD should work as expected.

@ddag

This comment has been minimized.

Copy link
Author

@ddag ddag commented Oct 10, 2017

So, would this be an Ubuntu Core image from, say, your own repo ? How do I get it ?

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

It will be a new image on images:ubuntu-core/16 once the rebuild is done, the snaps inside it are still going to be just as outdated as the current one, the only change is that the init wrapper we have in the image will now properly cope with the latest core snap.

@ddag

This comment has been minimized.

Copy link
Author

@ddag ddag commented Oct 10, 2017

When will the new image be available ? I see the last image to be dated Oct 3rd it seems:

ubuntu-core | 16 | amd64 | default | 20171003_19:25 | NO | NO | YES
ubuntu-core | 16 | i386 | default | 20171003_19:01 | NO | NO | YES

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

It just got built by Jenkins, it needs to be signed and published, should happen within the next hour or so.

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

10-Oct-2017 4:15:08 PM is the timestamp to look for, once that's available on the image server, you should be good.

@ddag

This comment has been minimized.

Copy link
Author

@ddag ddag commented Oct 10, 2017

Thank you!

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

Image should be available now

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

Just created a new container here. The core snap is indeed unhappy upgrading, but you can interrupt it when it gets stuck and reboot the container which gets you back to something functional.

@ddag

This comment has been minimized.

Copy link
Author

@ddag ddag commented Oct 10, 2017

lxd init is not working...

$ lxc launch images:ubuntu-core/16 uc
Creating uc
Starting uc
$ lxc list
+------+---------+-------------------+------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+-------------------+------+------------+-----------+
| uc | RUNNING | 10.0.8.136 (eth0) | | PERSISTENT | 0 |
+------+---------+-------------------+------+------------+-----------+
$ lxc config set uc security.nesting true
$ lxc exec uc bash
root@uc:# snap list
Name Version Rev Developer Notes
core 16-2 1441 canonical -
pc 16.04-0.8 9 canonical -
pc-kernel 4.4.0-53-1 45 canonical -
root@uc:
# snap install lxd
lxd 2.18 from 'canonical' installed
root@uc:# lxd init
error: Unable to talk to LXD: Get http://unix.socket/1.0: dial unix /var/snap/lxd/common/lxd/unix.socket: connect: no such file or directory
root@uc:
# snap list
Name Version Rev Developer Notes
core 16-2.28.1 3017 canonical -
lxd 2.18 4482 canonical -
pc 16.04-0.8 9 canonical -
pc-kernel 4.4.0.96.101 84 canonical -
root@uc:~# lxd init
error: Unable to talk to LXD: Get http://unix.socket/1.0: dial unix /var/snap/lxd/common/lxd/unix.socket: connect: no such file or directory

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

You first must refresh the core snap.

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

LXD won't work with snapd 2.23 which is what's in the current image...

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

Things aren't reliable at all with that image... going to switch the image to the edge channel for core, that's certainly not ideal but it will at least get us a much more recent core snap.

@ddag

This comment has been minimized.

Copy link
Author

@ddag ddag commented Oct 10, 2017

Yes, lxd init seems to still have issues:

$ lxc exec uc bash
root@uc:# snap list
Name Version Rev Developer Notes
core 16-2 1441 canonical -
lxd 2.18 4482 canonical -
pc 16.04-0.8 9 canonical -
pc-kernel 4.4.0-53-1 45 canonical -
root@uc:
# exit
exit
$ lxc config set uc security.nesting true
$ lxc exec uc bash
root@uc:# lxd init
error: Unable to talk to LXD: Get http://unix.socket/1.0: dial unix /var/snap/lxd/common/lxd/unix.socket: connect: no such file or directory
root@uc:
# lxd init
error: Unable to talk to LXD: Get http://unix.socket/1.0: dial unix /var/snap/lxd/common/lxd/unix.socket: connect: no such file or directory
root@uc:# snap refresh
2017-10-10T18:02:32Z INFO Waiting for restart...
[/] Setup snap "core" (3017) security profiles (phase 2)^C
root@uc:
# reboot
$ lxc list
+------+---------+-------------------+------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+-------------------+------+------------+-----------+
| uc | RUNNING | 10.0.8.133 (eth0) | | PERSISTENT | 0 |
+------+---------+-------------------+------+------------+-----------+
$ lxc exec uc bash
root@uc:# snap list
Name Version Rev Developer Notes
core 16-2.28.1 3017 canonical core
lxd 2.18 4482 canonical -
pc 16.04-0.8 9 canonical gadget
pc-kernel 4.4.0-53-1 45 canonical kernel
root@uc:
# lxd init
error: Unable to talk to LXD: Get http://unix.socket/1.0: dial unix /var/snap/lxd/common/lxd/unix.socket: connect: no such file or directory
root@uc:~# lxd init
Do you want to configure a new storage pool (yes/no) [default=yes]?
Name of the new storage pool [default=default]:
Name of the storage backend to use (dir, btrfs) [default=btrfs]:
Create a new BTRFS pool (yes/no) [default=yes]?
Would you like to use an existing block device (yes/no) [default=no]?
Size in GB of the new loop device (1GB minimum) [default=15GB]:

We detected that you are running inside an unprivileged container.
This means that unless you manually configured your host otherwise,
you will not have enough uid and gid to allocate to your containers.

LXD can re-use your container's own allocation to avoid the problem.
Doing so makes your nested containers slightly less safe as they could
in theory attack their parent container and gain more privileges than
they otherwise would.

Would you like to have your containers share their parent's allocation (yes/no) [default=yes]?
Would you like LXD to be available over the network (yes/no) [default=no]?
Would you like stale cached images to be updated automatically (yes/no) [default=yes]?
Would you like to create a new network bridge (yes/no) [default=yes]?
What should the new bridge be called [default=lxdbr0]?
What IPv4 address should be used (CIDR subnet notation, “auto” or “none”) [default=auto]?
What IPv6 address should be used (CIDR subnet notation, “auto” or “none”) [default=auto]?
error: failed to prepare loop device: bad file descriptor
root@uc:~# lxc launch ubuntu:16.04 c1
Creating c1
**error: Failed container creation:

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

Try selecting "dir" as your backend. I've recently pushed a fix for this particular issue which will be in LXD 2.19 (btrfs won't be allowed inside a container unless the container is on btrfs itself).

@ddag

This comment has been minimized.

Copy link
Author

@ddag ddag commented Oct 10, 2017

Just tried from scratch again and got this:

root@uc:# snap list
Name Version Rev Developer Notes
core 16-2.28.1 3017 canonical core
pc 16.04-0.8 9 canonical gadget
pc-kernel 4.4.0.96.101 84 canonical kernel
root@uc:
# snap install lxd
2017-10-10T18:47:01Z INFO snap "lxd" has bad plugs or slots: lxd (lxd slots are reserved for the core snap)
error: cannot perform the following tasks:

  • Make snap "lxd" (4482) available to the system (symlink /snap/core/current/usr/lib/snapd/complete.sh /usr/share/bash-completion/completions/lxd.lxc: function not implemented)
@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

Yeah, that one is a lxd bug, I'm looking at adding a workaround for it now

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

building a new image with a workaround in place, with that, you should be able to install lxd.
refreshing the core snap is still likely to hang but that's a snapd issue so it's outside of my control.

@stgraber

This comment has been minimized.

Copy link
Member

@stgraber stgraber commented Oct 10, 2017

Image got published, closing this.

@stgraber stgraber closed this Oct 10, 2017
@ddag

This comment has been minimized.

Copy link
Author

@ddag ddag commented Oct 10, 2017

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.