Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stopping a container brings down the host eth0 interface #5

Closed
rgl opened this issue Oct 8, 2023 · 4 comments
Closed

Stopping a container brings down the host eth0 interface #5

rgl opened this issue Oct 8, 2023 · 4 comments
Labels
bug Something isn't working

Comments

@rgl
Copy link

rgl commented Oct 8, 2023

Stopping a container brings down the host eth0 interface:

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:8f:68:65 brd ff:ff:ff:ff:ff:ff
    altname enp5s0
    inet 192.168.121.125/24 brd 192.168.121.255 scope global dynamic eth0
       valid_lft 3384sec preferred_lft 3384sec
    inet6 fe80::5054:ff:fe8f:6865/64 scope link 
       valid_lft forever preferred_lft forever
3: incusbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 00:16:3e:b3:a2:02 brd ff:ff:ff:ff:ff:ff
    inet 10.2.0.1/24 scope global incusbr0
       valid_lft forever preferred_lft forever

# incus launch images:debian/12 debian-ct
Creating debian-ct
Starting debian-ct                            

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:8f:68:65 brd ff:ff:ff:ff:ff:ff
    altname enp5s0
    inet 192.168.121.125/24 brd 192.168.121.255 scope global dynamic eth0
       valid_lft 3357sec preferred_lft 3357sec
    inet6 fe80::5054:ff:fe8f:6865/64 scope link 
       valid_lft forever preferred_lft forever
3: incusbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:b3:a2:02 brd ff:ff:ff:ff:ff:ff
    inet 10.2.0.1/24 scope global incusbr0
       valid_lft forever preferred_lft forever
5: vethc085fdca@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master incusbr0 state UP group default qlen 1000
    link/ether c6:48:85:2f:67:d5 brd ff:ff:ff:ff:ff:ff link-netnsid 0

# incus stop debian-ct

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 52:54:00:8f:68:65 brd ff:ff:ff:ff:ff:ff
    altname enp5s0
3: incusbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 00:16:3e:b3:a2:02 brd ff:ff:ff:ff:ff:ff
    inet 10.2.0.1/24 scope global incusbr0
       valid_lft forever preferred_lft forever

# journalctl
...
Oct 08 09:14:05 incus kernel: incusbr0: port 1(vethc085fdca) entered disabled state
Oct 08 09:14:05 incus kernel: veth0ed2f97b: renamed from physpu5wB2
Oct 08 09:14:05 incus (udev-worker)[13609]: Network interface NamePolicy= disabled on kernel command line.
Oct 08 09:14:05 incus kernel: device vethc085fdca left promiscuous mode
Oct 08 09:14:05 incus kernel: incusbr0: port 1(vethc085fdca) entered disabled state
Oct 08 09:14:05 incus systemd[1]: Stopping ifup@eth0.service - ifup for eth0...
Oct 08 09:14:05 incus dhclient[13642]: Killed old client process
Oct 08 09:14:05 incus ifdown[13642]: Killed old client process
Oct 08 09:14:05 incus audit[13652]: AVC apparmor="STATUS" operation="profile_remove" profile="unconfined" name="incus-debian-ct_</var/lib/incus>" pid=13652 comm="apparmor_parser"
Oct 08 09:14:05 incus kernel: audit: type=1400 audit(1696752845.948:19): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="incus-debian-ct_</var/lib/incus>" pid=13652 comm="apparmor_parser"
Oct 08 09:14:06 incus dhclient[13642]: Internet Systems Consortium DHCP Client 4.4.3-P1
Oct 08 09:14:06 incus ifdown[13642]: Internet Systems Consortium DHCP Client 4.4.3-P1
Oct 08 09:14:06 incus ifdown[13642]: Copyright 2004-2022 Internet Systems Consortium.
Oct 08 09:14:06 incus ifdown[13642]: All rights reserved.
Oct 08 09:14:06 incus ifdown[13642]: For info, please visit https://www.isc.org/software/dhcp/
Oct 08 09:14:06 incus dhclient[13642]: Copyright 2004-2022 Internet Systems Consortium.
Oct 08 09:14:06 incus dhclient[13642]: All rights reserved.
Oct 08 09:14:06 incus dhclient[13642]: For info, please visit https://www.isc.org/software/dhcp/
Oct 08 09:14:06 incus dhclient[13642]: 
Oct 08 09:14:06 incus dhclient[13642]: Listening on LPF/eth0/52:54:00:8f:68:65
Oct 08 09:14:06 incus ifdown[13642]: Listening on LPF/eth0/52:54:00:8f:68:65
Oct 08 09:14:06 incus ifdown[13642]: Sending on   LPF/eth0/52:54:00:8f:68:65
Oct 08 09:14:06 incus ifdown[13642]: Sending on   Socket/fallback
Oct 08 09:14:06 incus dhclient[13642]: Sending on   LPF/eth0/52:54:00:8f:68:65
Oct 08 09:14:06 incus dhclient[13642]: Sending on   Socket/fallback
Oct 08 09:14:06 incus dhclient[13642]: DHCPRELEASE of 192.168.121.125 on eth0 to 192.168.121.1 port 67
Oct 08 09:14:06 incus ifdown[13642]: DHCPRELEASE of 192.168.121.125 on eth0 to 192.168.121.1 port 67
Oct 08 09:14:06 incus systemd[1]: ifup@eth0.service: Deactivated successfully.
Oct 08 09:14:06 incus systemd[1]: Stopped ifup@eth0.service - ifup for eth0.

Incus is running in a Debian 12 (vagrant managed) virtual machine, and is configured as https://github.com/rgl/incus-playground/blob/main/provision-incus.sh#L71-L99.
@stgraber
Copy link
Member

stgraber commented Oct 8, 2023

That's interesting, any chance you could rename your host eth0 to some other name and see if the issue still happens? Or alternatively change the container's device to be named eth1.

I suspect it may be a liblxc or Incus bug where the action of bringing down the instance eth0 device somehow misses the namespace and hits the host.

@stgraber stgraber added the bug Something isn't working label Oct 8, 2023
@rgl
Copy link
Author

rgl commented Oct 8, 2023
edited
Loading

I forgot to mention, when using a virtual machine, it works fine; the host interface is not shutdown.

Renaming the host eth0 to the default enp5s0 worked (actually, I've removed net.ifnames=0 from the linux kernel command line); when stopping the container, it no longer shuts down the host enp5s0 network interface.

Configuring the incus default profile to eth1, didn't work, the host interface is still shutdown.

root@incus:~# incus config show debian-ct
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Debian bookworm amd64 (20231008_05:24)
  image.os: Debian
  image.release: bookworm
  image.serial: "20231008_05:24"
  image.type: squashfs
  image.variant: default
  volatile.base_image: 433ece944ac46aa97b763b76ee95966bc3ad92f751f0d37a381fc383285b0df1
  volatile.cloud-init.instance-id: b35c534c-02aa-4f64-8dfb-62d7421ae61c
  volatile.eth1.host_name: veth9e0b491c
  volatile.eth1.hwaddr: 00:16:3e:8b:dd:c8
  volatile.eth1.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 06f45f20-0e15-4c36-b886-e24b7cc21623
  volatile.uuid.generation: 06f45f20-0e15-4c36-b886-e24b7cc21623
devices: {}
ephemeral: false
profiles:
- default
stateful: false
description: ""

root@incus:~# incus exec debian-ct -- ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:8b:dd:c8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.2.0.94/24 metric 1024 brd 10.2.0.255 scope global dynamic eth0
       valid_lft 3526sec preferred_lft 3526sec
    inet6 fe80::216:3eff:fe8b:ddc8/64 scope link 
       valid_lft forever preferred_lft forever

root@incus:~# incus stop debian-ct
lost connection to the host at this point

@stgraber
Copy link
Member

stgraber commented Oct 9, 2023

@rgl would you mind filing this issue at https://github.com/lxc/incus/issues?

Unfortunately Github doesn't let me do cross-organization issue transfers so I can't just move it over to the incus repo :(

@rgl rgl mentioned this issue Oct 9, 2023
Closed
@rgl
Copy link
Author

rgl commented Oct 9, 2023

Done, I've created lxc/incus#146

@rgl rgl closed this as completed Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rgl @stgraber