LXD 5.0 fails to build rocks on Ubuntu 22.04 #195
Comments
|
I have the same errors using lxd 5.11/stable 2023-03-06 14:54:30.168 :: 2023-03-06 13:54:29.785 fuse-overlayfs mountpoint='/root/overlay/overlay', args=('-olowerdir=/root/bundles/ubuntu-20.04/rootfs,upperdir=/root/overlay/packages,workdir=/root/overlay/work',)
2023-03-06 14:54:30.168 :: 2023-03-06 13:54:29.817 Failed to mount overlay on /root/overlay/overlay: Command '['fuse-overlayfs', '-olowerdir=/root/bundles/ubuntu-20.04/rootfs,upperdir=/root/overlay/packages,workdir=/root/overlay/work', '/root/overlay/overlay']' returned non-zero exit status 1.Only when using |
|
@tomponline can you help out with this? |
|
@sergiusens do you have reproducer steps (ideally not requiring rockcraft and just the problem commands it is calling, or if not then for someone who is not familiar with rockcraft?) Thanks |
I can't really give you steps without rockcraft, but with rockcraft: name: my-rock-name
base: ubuntu:22.04
version: '0.1'
summary: summary
description: description
license: Apache-2.0
platforms:
amd64:
parts:
my-part:
plugin: nil
overlay-packages:
- software-properties-commonThen, run I ran this commands using:
|
|
Thanks! Does it work with LXD 5.9/5.10? I'm trying to understand if this is a regression or a new bug? Thanks |
|
Also can you show me the |
|
And the output of |
|
It also fails with lxd 5.10, did not try with 5.9 and I can't install it anymore. Output of architecture: x86_64
config:
image.architecture: amd64
image.description: ubuntu 22.04 LTS amd64 (buildd release) (20220426)
image.label: buildd release
image.os: ubuntu
image.release: jammy
image.serial: "20220426"
image.type: tar.gz
image.version: "22.04"
raw.idmap: both 1000 0
security.syscalls.intercept.mknod: "true"
volatile.base_image: 5de93bcc5cddf2ede3e74f88c313deb056eab006dd131618a5d412dc4a5e5534
volatile.cloud-init.instance-id: 14e6eade-1ec8-4052-9d23-6261ea469bfd
volatile.eth0.hwaddr: 00:16:3e:34:df:d2
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":0,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":1000001,"Nsid":1,"Maprange":999999999},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":0,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":1000001,"Nsid":1,"Maprange":999999999}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":0,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":1000001,"Nsid":1,"Maprange":999999999},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":0,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":1000001,"Nsid":1,"Maprange":999999999}]'
volatile.last_state.idmap: '[]'
volatile.last_state.power: STOPPED
volatile.last_state.ready: "false"
volatile.uuid: a22997db-4890-44f1-a59e-7e50273972c4
devices:
eth0:
name: eth0
network: lxdbr1
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""Output of
Running the command manually works: root@rockcraft-my-rock-name-258206:~# /snap/rockcraft/633/usr/bin/fuse-overlayfs -olowerdir=/root/bundles/ubuntu-22.04/rootfs,upperdir=/root/overlay/packages,workdir=/root/overlay/work /root/overlay/overlay
root@rockcraft-my-rock-name-258206:~# mount | grep /root/overlay/overlay
fuse-overlayfs on /root/overlay/overlay type fuse.fuse-overlayfs (rw,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_other) |
|
Thanks. I'm wondering if its to do with this: https://discuss.linuxcontainers.org/t/linux-6-1-lts-confirmed-but-no-fix-for-mknod-yet/16436 Although the kernel versions don't match. Although:
|
|
Do you think this is the same issue as https://discuss.linuxcontainers.org/t/linux-6-1-lts-confirmed-but-no-fix-for-mknod-yet/16436 @mihalicyn ? |
|
Hello everyone,
|
|
Thanks! |
|
I've played a bit with fuse-overlayfs in a plain jammy container and in the container created by Rockcraft, and the results are different. If I just launch a jammy container with lxc 5.11 and run fuse-overlayfs, it works: However, if I enter the rockcraft container ( Running it through strace shows: @mr-cal, what are the container creation parameters currently being used in Rockcraft? |
|
Can we see |
|
Here they are:
|
|
Looks like there is some custom Id mapping going on which could be worth investigating. Also are you using the same base image? The configs suggest not. |
|
It's not the same base image, but Id mapping is likely the cause given that kernel overlayfs doesn't work with idmapped mounts. Has something been changed in lxd 5 to enforce the same behavior? |
|
Idmapped mounts is the default if possible (not supported on zfs, cephfs or tmpfs currently AFAIK). |
|
Could you try it in a zfs storage pool and see if that works, that would prove idmapped mounts is the issue. |
|
Its not changed recently to my knowledge though. |
|
I set |
|
@cmatsuoka please, show This |
I use a ZFS storage pool Result of - config:
size: 500GiB
source: /var/snap/lxd/common/lxd/disks/lxd.img
zfs.pool_name: lxd
description: ""
name: lxd
driver: zfs
status: Created
locations:
- none |
|
OK so its not idmapped mounts then thats causing the issue. |
|
@mihalicyn is correct, /dev/fuse and all other files in /dev are not device nodes and have no permissions set: In contrast the test container has device nodes: |
|
This is running on 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64 x86_64. |
|
The only suspicious difference between this containers is the image format. In the "good" case we see squashfs, but in the "bad" we see |
|
Hello!
The failure does not occur with LXD 5.9. I've reproduced it with 5.0, 5.10, and 5.11. In the rockcraft spread tests, we install LXD 5.9 using a bug in the snap store: snap install lxd --channel=latest/stable
snap refresh lxd --channel=5.9/stable
We set two parameters:
In the spread tests, we run |
|
Thanks! Are you able to explain the difference in the base image being used from #195 (comment) ? |
|
Because if we can identify the cause of that we may be able to isolate to that based on #195 (comment) comment. |
Rockcraft uses the jammy/core22 image from https://cloud-images.ubuntu.com/buildd/releases/, (the Claudio created the other container from https://cloud-images.ubuntu.com/releases (the I rebuilt rockcraft + craft-providers and tried both images. Using LXD 5.11, I can reproduce the original error using either image. I think Claudio is going to manually create an instance from the same buildd image that Rockcraft uses and check the device nodes. |
|
Sounds good thanks |
|
@cmatsuoka, I can't reproduce your example with missing device nodes with rockcraft. Using LXD 5.11 and rockcraft latest/edge, I see device nodes as expected: root@rockcraft-my-rock-name-27145908:~# ls -l /dev
total 0
crw--w---- 1 root tty 136, 0 Mar 8 18:07 console
lrwxrwxrwx 1 root root 11 Mar 8 18:07 core -> /proc/kcore
lrwxrwxrwx 1 root root 13 Mar 8 18:07 fd -> /proc/self/fd
crw-rw-rw- 1 nobody nogroup 1, 7 Mar 8 14:14 full
crw-rw-rw- 1 nobody nogroup 10, 229 Mar 8 17:54 fuse
lrwxrwxrwx 1 root root 12 Mar 8 18:07 initctl -> /run/initctl
lrwxrwxrwx 1 root root 28 Mar 8 18:07 log -> /run/systemd/journal/dev-log
drwxr-xr-x 2 nobody nogroup 60 Mar 8 15:14 lxd
drwxrwxrwt 2 nobody nogroup 40 Mar 8 14:14 mqueue
drwxr-xr-x 2 root root 60 Mar 8 18:07 net
crw-rw-rw- 1 nobody nogroup 1, 3 Mar 8 14:14 null
crw-rw-rw- 1 root root 5, 2 Mar 8 18:07 ptmx
drwxr-xr-x 2 root root 0 Mar 8 18:07 pts
crw-rw-rw- 1 nobody nogroup 1, 8 Mar 8 14:14 random
drwxrwxrwt 2 root root 40 Mar 8 18:07 shm
lrwxrwxrwx 1 root root 15 Mar 8 18:07 stderr -> /proc/self/fd/2
lrwxrwxrwx 1 root root 15 Mar 8 18:07 stdin -> /proc/self/fd/0
lrwxrwxrwx 1 root root 15 Mar 8 18:07 stdout -> /proc/self/fd/1
crw-rw-rw- 1 nobody nogroup 5, 0 Mar 8 18:04 tty
crw-rw-rw- 1 nobody nogroup 1, 9 Mar 8 14:14 urandom
crw-rw-rw- 1 nobody nogroup 1, 5 Mar 8 14:14 zero |
|
This is interesting. Have you entered the instance using |
|
So here's the simplest way to reproduce the problem:
This is what happens here: Rockcraft rbind-mounts |
|
I think it's related to lxc/lxc#4229 change. Container rootfs became shared mount, it means that when you doing I can suggest to use |
|
Thanks @mihalicyn I was thinking last night that this might be something to do with the changes that @brauner added for the mount tunnel and was going to dig out this same PR in liblxc. |
Address shared mount issues affecting /dev mount in chroots. This is a result of lxc/lxc#4229 (container rootfs became a shared mount, meaning that unmounts propagates through the shared group and original mounts are unmounted too). See canonical/rockcraft#195 for details. Signed-off-by: Claudio Matsuoka <[email protected]>
|
This seems to have fixed the issue, thank you. I'll update craft-parts and close this issue when the fix lands on Rockcraft. |
|
Result of running Rockcraft after changing the mount to rprivate: |
|
Thanks @mihalicyn ! :) |
|
Not at all! Always glad to help! ;-) |
Address shared mount issues affecting /dev mount in chroots. This is a result of lxc/lxc#4229 (container rootfs became a shared mount, meaning that unmounts propagates through the shared group and original mounts are unmounted too). See canonical/rockcraft#195 for details. Signed-off-by: Claudio Matsuoka <[email protected]>
Craft-parts 1.18.4 makes the /dev rbind mount private, fixing chroot and overlayfs mounts when using lxd 5.11. Fixes canonical#195. Signed-off-by: Claudio Matsuoka <[email protected]>
Lxd was pinned down to version 5.9 to work around the overlayfs issue reported in canonical#195. With this fix, this should no longer be necessary. Signed-off-by: Claudio Matsuoka <[email protected]>
Craft-parts 1.18.4 makes the /dev rbind mount private, fixing chroot and overlayfs mounts when using lxd 5.11. Fixes #195. Signed-off-by: Claudio Matsuoka <[email protected]>
Lxd was pinned down to version 5.9 to work around the overlayfs issue reported in #195. With this fix, this should no longer be necessary. Signed-off-by: Claudio Matsuoka <[email protected]>
Craft-parts 1.18.4 makes the /dev rbind mount private, fixing chroot and overlayfs mounts when using lxd 5.11. Fixes canonical#195. Signed-off-by: Claudio Matsuoka <[email protected]>
Lxd was pinned down to version 5.9 to work around the overlayfs issue reported in canonical#195. With this fix, this should no longer be necessary. Signed-off-by: Claudio Matsuoka <[email protected]>
When using LXD 5.0 on 22.04,
rockcraft packwill fail to build. Throwing the following error:2023-02-14 17:59:07.565 :: 2023-02-14 23:59:06.997 fuse-overlayfs mountpoint='/root/overlay/overlay', args=('-olowerdir=/root/bundles/ubuntu-20.04/rootfs,upperdir=/root/overlay/packages,workdir=/root/overlay/work',) 2023-02-14 17:59:07.565 :: 2023-02-14 23:59:07.020 Failed to mount overlay on /root/overlay/overlay: Command '['fuse-overlayfs', '-olowerdir=/root/bundles/ubuntu-20.04/rootfs,upperdir=/root/overlay/packages,workdir=/root/overlay/work', '/root/overlay/overlay']' returned non-zero exit status 1.The current workaround is to upgrade LXD to 5.9 stable.
Run this:
sudo snap install lxd --channel=5.9/stableInstead of this:
sudo snap install lxd --channel=5.0/stableThe text was updated successfully, but these errors were encountered: