Required information
- Distribution: Ubuntu
- Distribution version: 17.10
- The output of "lxc info":
ubuntu@conjure-up-full:~$ lxc info
config:
core.https_address: '[::]'
api_extensions:
- storage_zfs_remove_snapshots
- container_host_shutdown_timeout
- container_stop_priority
- container_syscall_filtering
- auth_pki
- container_last_used_at
- etag
- patch
- usb_devices
- https_allowed_credentials
- image_compression_algorithm
- directory_manipulation
- container_cpu_time
- storage_zfs_use_refquota
- storage_lvm_mount_options
- network
- profile_usedby
- container_push
- container_exec_recording
- certificate_update
- container_exec_signal_handling
- gpu_devices
- container_image_properties
- migration_progress
- id_map
- network_firewall_filtering
- network_routes
- storage
- file_delete
- file_append
- network_dhcp_expiry
- storage_lvm_vg_rename
- storage_lvm_thinpool_rename
- network_vlan
- image_create_aliases
- container_stateless_copy
- container_only_migration
- storage_zfs_clone_copy
- unix_device_rename
- storage_lvm_use_thinpool
- storage_rsync_bwlimit
- network_vxlan_interface
- storage_btrfs_mount_options
- entity_description
- image_force_refresh
- storage_lvm_lv_resizing
- id_map_base
- file_symlinks
- container_push_target
- network_vlan_physical
- storage_images_delete
- container_edit_metadata
- container_snapshot_stateful_migration
- storage_driver_ceph
- storage_ceph_user_name
- resource_limits
- storage_volatile_initial_source
- storage_ceph_force_osd_reuse
- storage_block_filesystem_btrfs
- resources
- kernel_limits
- storage_api_volume_rename
- macaroon_authentication
- network_sriov
- console
- restrict_devlxd
- migration_pre_copy
- infiniband
- maas_network
- devlxd_events
- proxy
- network_dhcp_gateway
- file_get_symlink
- network_leases
- unix_device_hotplug
- storage_api_local_volume_handling
- operation_description
- clustering
- event_lifecycle
- storage_api_remote_volume_handling
- nvidia_runtime
api_status: stable
api_version: "1.0"
auth: trusted
public: false
auth_methods:
- tls
environment:
addresses:
- 10.138.148.1:8443
- 10.101.0.1:8443
- 10.100.123.113:8443
architectures:
- x86_64
- i686
certificate: |
-----BEGIN CERTIFICATE-----
MIIFWzCCA0OgAwIBAgIQPRv0PZz7lgiTt+ZeuXYLBjANBgkqhkiG9w0BAQsFADA9
MRwwGgYDVQQKExNsaW51eGNvbnRhaW5lcnMub3JnMR0wGwYDVQQDDBRyb290QGNv
bmp1cmUtdXAtZnVsbDAeFw0xODAzMjcxOTA5MDRaFw0yODAzMjQxOTA5MDRaMD0x
HDAaBgNVBAoTE2xpbnV4Y29udGFpbmVycy5vcmcxHTAbBgNVBAMMFHJvb3RAY29u
anVyZS11cC1mdWxsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmcmM
NIyC0iNb4nvkoD7nFOZ07Qi5IFbCduHS0PDsu8QIop00aRFPrfsZ69f3nmMeQn8r
M50bzStzuMye0Y4ss3x5EYHhCjVAO4XM+Siijec4ZtFx+sPGgCYYYIrEi3oIt8SE
X2RyZZFXJlqYGI+FCm6IVFNQjipFJkkM6rSxks5MqXdczpc72qeJHAiVAz3B3VCQ
R4+rOeUa+I9o7ECvSmh3pKXfEhaS/PV8Q12GghTXyyMy1WZuBmyRHX2AzFHDG6yQ
dO0khxaAqxskTpLUiPL6jhnxD4MIY+9nTKMul+VUn1OfOoLiLEXRVfyPWBygsgGL
cffZUmul4M3WqTxHtCwa+9idsQPGptfeo0moChpNwYmVNR7FxI6J06WJpTLDXkFc
GxW3i82v9b/NhIw4BRpKaHYGvLv4h97GChgqCiBlANZeLf06TlkjQb+fv2I3mZ4M
HZVK+P8f0rQJ8JG7R7pauIrlaYXT5706MtbvFo6oHBTrjZwVUgpviJSYqYx5DICe
x6bbzy/VYELA7cATKF6RrcJSja3ftI/LemT0f7Xz/IB/xrkkliYYSJ1MvjvGcf9i
2/96URcL0uHlpE6Heiq9QCFjPTvSFU4Be83h/qZliBHoBAQiUtJ3XZRwpHmm6Ku0
p1kCs1IdQJLXub7LP5P3d34f8WaH3ODWW1dwF1kCAwEAAaNXMFUwDgYDVR0PAQH/
BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwIAYDVR0R
BBkwF4IPY29uanVyZS11cC1mdWxshwQKZHtxMA0GCSqGSIb3DQEBCwUAA4ICAQCT
+zB6B0rvn50uBwuMGN5usYnZqXgM4pt1+1m82WjEzDrnaGpFeL69ZynXs+YPuuJ+
9sDmLYwhZ9oTh4fc5H36oT1HS8uZ/q9QC1mzUp/BF/V1l65PoJUm8uxpK2DJYwdn
eImQ0DmKVja2jW6c6g5VHERymZV+ak5UNrk4jUu3kJxxcEfml4f+zUx/qY2p+MoU
IwaW/XywlL2Wl/7R4Ipv6/IVwR3pm0SKQsxtUVHAy3USC4vKc379+abS4EwF/5Uw
o0pPVgiv9ceRKvI9ChtAWnfZUb28w6zf2TyPC2+KCVJcXzYwmMF3y6275m8gbnKd
Ft5AOSKzw4/wHVrAdegf+3EcS+QLeMIJcd7ny1Ta7iUyShfuZrYqxml8ln7QZBkj
yxQILo0hp1qQktjCFDOPXGSibgDDzRnB8PkBqoejaZYEedfLArHlBXlZ5v8M4oJh
kbFLt+GN6Bv6Dv4k3EUnpK7rW3mpEpDZPmAOdxLrLfehPBovERN5iUeReRz5fj6l
d4TKdZQnKaBEyVK/A50Rz5QeVs+QLXhHMkrByIVnjBi9tMy7mNDKqCpP5mQ/aJyu
5kuigh+R37ePV4t34CteQdc6lcml/swf4SI9/wp1icOZTM69mVd7syS5cor5Ra4Y
HoB7GwkNhxDn8eipvc9JI+tHGvNRkfcBYsJhX/ymIQ==
-----END CERTIFICATE-----
certificate_fingerprint: 37ad2f7fb0776cbbd8f6acbaa264fa21bc5e0311f69bb35e7801768c674217bb
driver: lxc
driver_version: 3.0.0
kernel: Linux
kernel_architecture: x86_64
kernel_version: 4.13.0-37-generic
server: lxd
server_pid: 5082
server_version: 3.0.0
storage: dir
storage_version: "1"
server_clustered: false
server_name: conjure-up-full
ubuntu@conjure-up-full:~$
Issue description
I'm using nested containers.
Physical machine: ubuntu 17.10, running lxd 3.0.0 (stable snap).
Within a nested container (security.nesting=true), I run several lxds created with conjure-up.
They've been running fine until today:
ubuntu@conjure-up-full:~$ lxc start juju-61f4fa-0
Error: Failed to load raw.lxc
Try `lxc info --show-log juju-61f4fa-0` for more info
ubuntu@conjure-up-full:~$ lxc info --show-log juju-61f4fa-0
Name: juju-61f4fa-0
Remote: unix://
Architecture: x86_64
Created: 2018/03/27 19:14 UTC
Status: Stopped
Type: persistent
Profiles: default, juju-conjure-openstack-novalx-91b
Log:
lxc 20180403092910.637 WARN lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc 20180403092910.637 WARN lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc 20180403092911.492 WARN lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc 20180403092911.492 WARN lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc 20180403100455.470 ERROR lxc_confile - confile.c:parse_line:2340 - Unknown configuration key "lxc.aa_profile"
lxc 20180403100455.471 ERROR lxc_parse - parse.c:lxc_file_for_each_line_mmap:102 - Failed to parse config: lxc.aa_profile=unconfined
lxc 20180403100626.398 ERROR lxc_confile - confile.c:parse_line:2340 - Unknown configuration key "lxc.aa_profile"
lxc 20180403100626.398 ERROR lxc_parse - parse.c:lxc_file_for_each_line_mmap:102 - Failed to parse config: lxc.aa_profile=unconfined
lxc 20180403100626.439 ERROR lxc_confile - confile.c:parse_line:2340 - Unknown configuration key "lxc.aa_profile"
lxc 20180403100626.440 ERROR lxc_parse - parse.c:lxc_file_for_each_line_mmap:102 - Failed to parse config: lxc.aa_profile=unconfined
lxc 20180403100724.336 ERROR lxc_confile - confile.c:parse_line:2340 - Unknown configuration key "lxc.aa_profile"
lxc 20180403100724.337 ERROR lxc_parse - parse.c:lxc_file_for_each_line_mmap:102 - Failed to parse config: lxc.aa_profile=unconfined
lxc 20180403100957.259 ERROR lxc_confile - confile.c:parse_line:2340 - Unknown configuration key "lxc.aa_profile"
lxc 20180403100957.264 ERROR lxc_parse - parse.c:lxc_file_for_each_line_mmap:102 - Failed to parse config: lxc.aa_profile=unconfined
lxc 20180403150512.856 ERROR lxc_confile - confile.c:parse_line:2340 - Unknown configuration key "lxc.aa_profile"
lxc 20180403150512.856 ERROR lxc_parse - parse.c:lxc_file_for_each_line_mmap:102 - Failed to parse config: lxc.aa_profile=unconfined
lxc 20180403151725.548 ERROR lxc_confile - confile.c:parse_line:2340 - Unknown configuration key "lxc.aa_profile"
lxc 20180403151725.548 ERROR lxc_parse - parse.c:lxc_file_for_each_line_mmap:102 - Failed to parse config: lxc.aa_profile=unconfined
lxc 20180403155828.171 ERROR lxc_confile - confile.c:parse_line:2340 - Unknown configuration key "lxc.aa_profile"
lxc 20180403155828.171 ERROR lxc_parse - parse.c:lxc_file_for_each_line_mmap:102 - Failed to parse config: lxc.aa_profile=unconfined
lxc 20180403160106.716 ERROR lxc_confile - confile.c:parse_line:2354 - Unknown configuration key "lxc.aa_profile"
lxc 20180403160106.717 ERROR lxc_parse - parse.c:lxc_file_for_each_line_mmap:102 - Failed to parse config: lxc.aa_profile=unconfined
lxc 20180403160114.695 ERROR lxc_confile - confile.c:parse_line:2354 - Unknown configuration key "lxc.aa_profile"
lxc 20180403160114.695 ERROR lxc_parse - parse.c:lxc_file_for_each_line_mmap:102 - Failed to parse config: lxc.aa_profile=unconfined
Here is the profile used by this containers:
ubuntu@conjure-up-full:~$ lxc profile show juju-conjure-openstack-novalx-91b
config:
boot.autostart: "true"
linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables,netlink_diag
raw.lxc: |
lxc.aa_profile=unconfined
lxc.mount.auto=sys:rw
security.nesting: "true"
security.privileged: "true"
description: ""
devices:
eth0:
nictype: bridged
parent: lxdbr0
type: nic
eth1:
nictype: bridged
parent: conjureup0
type: nic
root:
path: /
pool: default
type: disk
name: juju-conjure-openstack-novalx-91b
used_by:
- /1.0/containers/juju-61f4fa-0
- /1.0/containers/juju-61f4fa-1
- /1.0/containers/juju-61f4fa-10
- /1.0/containers/juju-61f4fa-11
- /1.0/containers/juju-61f4fa-12
- /1.0/containers/juju-61f4fa-13
- /1.0/containers/juju-61f4fa-14
- /1.0/containers/juju-61f4fa-15
- /1.0/containers/juju-61f4fa-2
- /1.0/containers/juju-61f4fa-3
- /1.0/containers/juju-61f4fa-4
- /1.0/containers/juju-61f4fa-5
- /1.0/containers/juju-61f4fa-6
- /1.0/containers/juju-61f4fa-7
- /1.0/containers/juju-61f4fa-8
- /1.0/containers/juju-61f4fa-9
ubuntu@conjure-up-full:~$
I tested with the --edge lxd snap, and got the same result.
Steps to reproduce
$ lxc profile create test
$ lxc profile set test raw.lxc lxc.aa_profile=unconfined
$ lxc launch -p test ubuntu:xenial test
Creating test
Error: Failed container creation:
- https://cloud-images.ubuntu.com/releases: Failed to load raw.lxc
According to http://manpages.ubuntu.com/manpages/xenial/en/man5/lxc.container.conf.5.html, the above setting should work ?
Information to attach
- [ ] Any relevant kernel output (
dmesg) - [X] Container log (
lxc info NAME --show-log) - [ ] Container configuration (
lxc config show NAME --expanded) - [ ] Main daemon log (at /var/log/lxd/lxd.log or /var/snap/lxd/common/lxd/logs/lxd.log)
- [ ] Output of the client with --debug
- [ ] Output of the daemon with --debug (alternatively output of
lxc monitorwhile reproducing the issue)
sajoupa
All 4 comments
Starting with the release of LXC 2.1 we have renamed a bunch of configuration keys and marked their old versions as deprecated. LXC 3.0 has removed support for the legacy configuration keys that's why your config is failing. The list of new and old counterparts is:
Legacy Key | New Key | Comments
-------------------------------------|-------------------------------|---------
lxc.aa_profile | lxc.apparmor.profile |
lxc.aa_allow_incomplete | lxc.apparmor.allow_incomplete |
lxc.console | lxc.console.path |
lxc.devttydir | lxc.tty.dir |
lxc.haltsignal | lxc.signal.halt |
lxc.id_map | lxc.idmap |
lxc.init_cmd | lxc.init.cmd |
lxc.init_gid | lxc.init.gid |
lxc.init_uid | lxc.init.uid |
lxc.kmsg | - | removed
lxc.limit | lxc.prlimit |
lxc.logfile | lxc.log.file |
lxc.loglevel | lxc.log.level |
lxc.mount | lxc.mount.fstab |
lxc.network | lxc.net |
lxc.network. | lxc.net.[i]. |
lxc.network.flags | lxc.net.[i].flags |
lxc.network.hwaddr | lxc.net.[i].hwaddr |
lxc.network.ipv4 | lxc.net.[i].ipv4.address |
lxc.network.ipv4.gateway | lxc.net.[i].ipv4.gateway |
lxc.network.ipv6 | lxc.net.[i].ipv6.address |
lxc.network.ipv6.gateway | lxc.net.[i].ipv6.gateway |
lxc.network.link | lxc.net.[i].link |
lxc.network.macvlan.mode | lxc.net.[i].macvlan.mode |
lxc.network.mtu | lxc.net.[i].mtu |
lxc.network.name | lxc.net.[i].name |
lxc.network.script.down | lxc.net.[i].script.down |
lxc.network.script.up | lxc.net.[i].script.up |
lxc.network.type | lxc.net.[i].type |
lxc.network.veth.pair | lxc.net.[i].veth.pair |
lxc.network.vlan.id | lxc.net.[i].vlan.id |
lxc.pivotdir | - | removed
lxc.pts | lxc.pty.max |
lxc.rebootsignal | lxc.signal.reboot |
lxc.rootfs | lxc.rootfs.path |
lxc.se_context | lxc.selinux.context |
lxc.seccomp | lxc.seccomp.profile |
lxc.stopsignal | lxc.signal.stop |
lxc.syslog | lxc.log.syslog |
lxc.tty | lxc.tty.max |
lxc.utsname | lxc.uts.name |
brauner
on 3 Apr 2018
👍13
Hi there, may I ask how to fix this "issue"? It seems I have the same problem.
Of course, your post explained this issue clearly "config is failing" but I cannot figure it out how to fix this?
My config is set by default. Since current LXC is 3.0, do I have to manually re-config manually? If so, how to do that?
I'm sorry to ask such these naive questions. I'm a college student who just starts learning OpenStack.
If you can point it out with any hints(like where I should go), it will be appreciated a lot! Thank you!
--update--
I searched old news for LXC 2.1, and found that I might use "lxc-update-config", but it said "lxc-update-config: command not found"
-----More background info ------
OS: Ubuntu 16.04LTS.
How/Where I start: basically, follow the link here: https://www.ubuntu.com/download/cloud/try-openstack.
Past progress: Install OpenStack without configuring anything a half month ago.
zetelight
on 19 Apr 2018
@zetelight You can change the config of a container with:
lxc config set $container_name raw.lxc "lxc.apparmor.profile=unconfined'"
or for a profile:
lxc profile set $profile_name raw.lxc lxc.apparmor.profile=unconfined
I don't have a conjure-up novalxd deployment to test right now, but ISTR that I updated the profile, not each container individually.
sajoupa
on 19 Apr 2018
👍1
@sajoupa Thank you so much!
It works for me now.
Since I am not sure that I have set up any "profile", I update them for each container individually,
Again, thanks for your help!
zetelight
on 19 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings
Related issues
simos
路
3Comments
teknopaul
路
5Comments
rrva
路
5Comments
killua-eu
路
3Comments
spacekookie
路
3Comments
Most helpful comment
Starting with the release of LXC 2.1 we have renamed a bunch of configuration keys and marked their old versions as deprecated. LXC 3.0 has removed support for the legacy configuration keys that's why your config is failing. The list of new and old counterparts is: