touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #113215
[Bug 1509414] Re: pre-installed lxc in cloud image produces broken lxc (and later lxd) containers
I agree, the stage 2 fix for this issue concerns me with regard to
regressing current use cases.
As much as I'd like to get rid of the rest of this issue (any user of
10.0.4.0/24 behind a router looses connectivity to that subnet), we must
make sure we do not regress anyone who's been relying on "apt-get
install lxc" providing something that can immediately be used both by
root and for unprivileged users.
Serge: We may be able to provide a hook, added to
/usr/share/lxc/config/common.conf.d which will bring the bridge up
automatically at first lxc container start. Such a hook would
unfortunately need to be setuid so that it also works for unprivileged
users. We'd also need to make sure that the current lxc hooks are
sufficient from a timing point of view to do so (run before lxc checks
whether the requested bridge exists).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1509414
Title:
pre-installed lxc in cloud image produces broken lxc (and later lxd)
containers
Status in lxc package in Ubuntu:
Confirmed
Bug description:
[Problem]
The released wily image preinstalls lxc, which breaks the assumption that lxc's preinst packaging script makes:
It inspects the network to try to pick a 10.0.N.0 network that isn't
being used, with N starting at 3, so this appears to have picked
10.0.3.0 when it was installed on whatever system was generating the
image.
When a container is started, it will dhcp on eth0 and get 10.0.3.X as
expected. The problem comes when the lxc-net service that is already
installed in that container starts and configures *its* lxcbr0 with
10.0.3.X. The networking inside the container is broken at that
point.
This affects LXC containers, and should affect LXD containers but
doesn't currently, as the metadata used for lxd images is still
pointing to a beta2 release (bug 1509390).
The easiest way to reproduce this is to use the ubuntu-cloud lxc
template on a wily host.
[Test Case]
1.) Verify expectation for each image
- -disk1.img cloud image, check for file
- -root.tar.xz image (used by lxd) and check for file
- -root.tar.gz image (used by lxc)
For each of those images, verify:
a.) A cloud image should not have /etc/default/lxc-net
b.) lxd should be installed (dpkg-query --show | grep lxd)
2.) Start instance from updated image and start instance in lxc inside
launch instance on openstack or kvm or other
verify lxcbr0 bridge exists
lxc-create -t ubuntu-cloud -n bugcheck -- --release=wily --stream=daily
# wait until lxc-ls --fancy shows 'running'
lxc-attach -n bugcheck wget http://ubuntu.com
3.) Start instance from updated image and start instance in lxd inside
launch instance on openstack or kvm or other
verify lxcbr0 bridge exists
lxd import-images ubuntu wily
lxc launch ubuntu
# wait some amount
lxc attach bugcheck wget http://ubuntu.com
[Regression Potentional]
The highest chance for fallout is a change in the /16 network that is chosen conflicting with some existing service.
[Other Info]
Default apt install of lxc has always picked some 10.0.X.0/16 network to use for its lxcbr0 bridge. That network (often 10.0.3.0/16) would then be unreachable from the host. The same behavior occurs with libvirt-bin and many other such services.
We are moving that logic to happen the first time that 'lxc-net'
service starts.
This means first boot for a cloud instance rather than cloud-image
build time.
[Work around]
To patch / fix an existing cloud image to make lxc and lxd guests start simply change the config of /etc/default/lxc-net to have something other than 10.0.3.0.
sudo sed -i '/^LXC.*10[.]0[.][0-9][.]/s/10.0.[0-9]./10.0.4./g' /etc/default/lxc-net &&
sudo service lxc-net stop &&
sudo service lxc-net start
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1509414/+subscriptions
Follow ups
References