[lxc-devel] Ubuntu container failure on Fedora...

Michael H. Warfield mhw at WittsEnd.com
Tue Nov 12 15:22:47 UTC 2013 

On Tue, 2013-11-12 at 09:59 -0500, Stéphane Graber wrote: 
> On Tue, Nov 12, 2013 at 08:31:03AM -0500, Michael H. Warfield wrote:
> > Ok all...
> > 
> > Seems like this just started happening in the last few weeks and I'm not
> > sure when...  But...  My newly created Ubuntu containers are failing to
> > start on my Fedora hosts because of a mount problem.  So...
> > 
> > What's this, what does it do, and is this really required?
> > 
> > [root at hydra mhw]# lxc-create -n Ubuntu -t ubuntu -- --release raring
> > lxc_container: No such file or directory - Failed to make / rslave to run template
> > lxc_container: Continuing...
> > Checking cache download in /var/cache/lxc/raring/rootfs-amd64 ... 
> > Copy /var/cache/lxc/raring/rootfs-amd64 to /var/lib/lxc/Ubuntu/rootfs ... 
> > Copying rootfs to /var/lib/lxc/Ubuntu/rootfs ...
> > Generating locales...
> >   en_US.UTF-8... up-to-date
> > Generation complete.
> > Creating SSH2 RSA key; this may take some time ...
> > Creating SSH2 DSA key; this may take some time ...
> > Creating SSH2 ECDSA key; this may take some time ...
> > 
> > ##
> > # The default user is 'ubuntu' with password 'ubuntu'!
> > # Use the 'sudo' command to run tasks as root in the container.
> > ##
> > 
> > [root at hydra mhw]# lxc-start -n Ubuntu
> > lxc-start: No such file or directory - failed to mount '/sys/fs/fuse/connections' on '/usr/lib64/lxc/rootfs/sys/fs/fuse/connections'
> > lxc-start: failed to setup the mounts for 'Ubuntu'
> > lxc-start: failed to setup the container
> > lxc-start: invalid sequence number 1. expected 2
> > lxc-start: failed to spawn 'Ubuntu'
> > [root at hydra mhw]# 
> > 
> > Now...  If I remove this line from /var/lib/lxc/Ubuntu/fstab, then
> > things seem to all work.  The container boots and seems to function.
> > 
> > /sys/fs/fuse/connections sys/fs/fuse/connections none bind 0 0
> > 
> > What breaks in Ubuntu if I do this?  Why is ANY "fuse" fs being included
> > in a container?  Are any hosts expected to have a requirement for user
> > space file system?  Ok...  Maybe an overlayfs I can understand, but...
> > 
> > Regards,
> > Mike
> > -- 
> > Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
> >    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
> >    NIC whois: MHW9          | An optimist believes we live in the best of all
> >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> > 

> Hi,

> fuse is allowed in Ubuntu containers because we consider it safe to use
> (as in, no worse than running as a user on the host). It's needed for at
> least sshfs and I believe some other workloads that some of our users
> are running (we allowed fused as a result of several bug reports).

The problem there is when the host has not fired up that fuse.  I don't
seen any way that we're auto starting it (obviously - since it fails).
I'm also not sure if that situation also arises for a kernel based, load
on demand, fs.  That may need some thought and consideration.

> It sounds like the line could however be changed to:
> /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0

Ok...  Owner of the Ubuntu template needs to make that change.  I'll
test but, a change should be considered either way...

> Which would make LXC ignore the mount failure and should make the
> container work again for you.

That would be a good thing and points how why it is incumbent on all of
us to test multiple distro containers on multiple distro hosts.  I think
I have the Fedora hosts covered (plus a couple of others).

Much appreciated.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131112/0fb3e37b/attachment.pgp>

More information about the lxc-devel mailing list