[lxc-users] sshd-keygen fails during container boot

Serge Hallyn serge.hallyn at ubuntu.com
Wed Dec 9 18:18:52 UTC 2015


Quoting Peter Steele (pwsteele at gmail.com):
> On 12/09/2015 09:43 AM, Serge Hallyn wrote:
> >And "the systemd errors" is the ssh-keygen ones only?  Or is there
> >more?
> Various services are being impacted, for example, I saw these errors
> in a run yesterday:
> 
> Dec  7 13:52:00 pws-vm-00 systemd: Failed at step CGROUP spawning
> /usr/bin/kmod: No such file or directory
> Dec  7 13:52:00 pws-vm-00 systemd: Mounted Huge Pages File System.
> Dec  7 13:52:00 pws-vm-00 systemd: kmod-static-nodes.service: main
> process exited, code=exited, status=219/CGROUP
> Dec  7 13:52:00 pws-vm-00 systemd: Failed to start Create list of
> required static device nodes for the current kernel.
> Dec  7 13:52:00 pws-vm-00 systemd: Unit kmod-static-nodes.service
> entered failed state.

This is the kind of thing I'd expect when using cgmanager or lxcfs,
but not with straight lxc+cgfs.

Can you show what /sys/fs/cgroup tree and /proc/1/cgroup looks like in a
working container?

> Dec  7 13:52:01 pws-vm-00 systemd: Failed at step CGROUP spawning
> /etc/rc.d/init.d/jexec: No such file or directory
> Dec  7 13:52:01 pws-vm-00 systemd: jexec.service: control process
> exited, code=exited status=219
> Dec  7 13:52:01 pws-vm-00 systemd: Failed to start LSB: Supports the
> direct execution of binary formats..
> Dec  7 13:52:01 pws-vm-00 systemd: Unit jexec.service entered failed state.
> 
> At least a half dozen different services have failed in the various
> tests I've done, and the set is always different from run to run.
> >And you do, or do not, also get these with containers created
> >through the download template?
> >
> Most of my tests have been with my custom containers of course since
> we need the additional tools and files that make up our management
> software. I did a test though where I blew away the containers that
> were created by my install framework and replaced them all with the
> generic CentOS download template. I was unable to reproduce the
> systemd errors with this simple container. I then installed the
> additional OS modules and other third party packages that we use in
> our software on top of this basic container and the systemd errors
> returned. I'm going to break this process down a bit more to see if
> I can identify what additions to the base container cause systemd to
> fail.

Interesting.

I suppose just looking at the 'capsh --print' output difference for the
bounding set between the custom containers spawned by lxc and libvirt-lxc could
be enlightening.


More information about the lxc-users mailing list