Welcome to the Linux Foundation Forum!

Lab 3.2

sergeizak
sergeizak Posts: 20
in LFS253 Class Forum

Hi, i am on the step that creates unprivileged container. After issuing following command

lxc-create -t download -n unpriv-cont-user

I am getting following error message

ERROR: Unable to fetch GPG key from keyserver
lxc-create: unpriv-cont-user: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: unpriv-cont-user: tools/lxc_create.c: main: 327 Failed to create container unpriv-cont-user

Comments

  • chrispokorni
    chrispokorni Posts: 2,340

    Hi @sergeizak,

    To troubleshoot tool-specific errors it is recommended to visit the official page of the tool, which may provide installation guides, FAQs, troubleshooting tips, and possibly forums.

    For the issue you are experiencing with the GPG key, there seems to be a workaround, posted in the LXC forum:
    https://discuss.linuxcontainers.org/t/lxc-error-unable-to-fetch-gpg-key-from-keyserver/5434

    Regards,
    -Chris

  • sergeizak
    sergeizak Posts: 20

    thanks Chris.. i got past the error by re-running prior steps in the lab and skipping host reboot

  • RachelChan
    RachelChan Posts: 7
    edited June 2020

    Hi @chrispokorni ,

    I'm on the step where you start the application on the container:

    student@ubuntu:~$ lxc-start -n unpriv-cont-user -d

    I am getting the following error message:
    lxc-start: unpriv-cont-user: lxccontainer.c: wait_on_daemonized_start: 842 Received container state "ABORTING" instead of "RUNNING"
    lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 330 The container failed to start
    lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 333 To get more details, run the container in foreground mode
    lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority option
    s

    I googled the issue and read through the following threads but the solutions are either personalized or incomplete:
    https://discuss.linuxcontainers.org/t/error-with-fresh-ubuntu-18-04-container/3185/5
    https://github.com/lxc/lxc/issues/3016
    https://github.com/lxc/lxd/issues/5606

  • chrispokorni
    chrispokorni Posts: 2,340

    Hi @RachelChan,

    Would you be able to provide a history of the prior commands, as it may provide clues to your issue.

    Also, check the /var/log/lxc/ directory for container logs. See whether anything is recorded in a log for this unpriv-cont-user container. You can also try parsing thru syslog with this command:

    cat /var/log/syslog | grep unpriv

    Can you also provide the output of cat /etc/os-release | grep VER of your Ubuntu host (not the lxc container).

    Regards,
    -Chris

  • RachelChan
    RachelChan Posts: 7
    edited July 2020

    The prior commands were:
    echo lxc.idmap = g 0 231072 65536 >>~/.config/lxc/default.conf
    cat ~/.config/lxc/default.conf
    sudo reboot
    lxc-create -t download -n unpriv-cont-user

    I don't see any log files in /var/log/lxc.

    cat /var/log/syslog | grep unpriv doesn't return anything

    The output of cat /etc/os-release | grep VER is:

  • chrispokorni
    chrispokorni Posts: 2,340

    What are the outputs of your cat /etc/subuid and cat /etc/subgid ?

    I have a feeling that you are not using the correct UID and GID when configuring LXC, and that's why containers are not started.

    Regards,
    -Chris

  • dhnijsure
    dhnijsure Posts: 4

    Hi I am encountering quite the same issue:
    lxc-start -n unpriv-cont-user -d
    lxc-start: unpriv-cont-user: lxccontainer.c: wait_on_daemonized_start: 842 Received container state "ABORTING" instead of "RUNNING"
    lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 330 The container failed to start
    lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 333 To get more details, run the container in foreground mode
    lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options

  • dhnijsure
    dhnijsure Posts: 4

    cat .config/lxc/default.conf
    lxc.net.0.type = veth
    lxc.net.0.link = lxcbr0
    lxc.net.0.flags = up
    lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
    lxc.idmap = u 0 1001 1002
    lxc.idmap = g 0 1001 1002

    uid & gid match and they are not the same as in the documentation...231072 65536

  • dhnijsure
    dhnijsure Posts: 4

    lxc-start -n unpriv-cont-user --logfile=junk1.log --logpriority DEBUG

    lxc-start unpriv-cont-user 20201005231613.604 ERROR network - network.c:lxc_create_network_unpriv_exec:2178 - lxc-user-nic failed to configure requested network: cmd/lxc_user_nic.c: 1296: main: Quota reached

  • chrispokorni
    chrispokorni Posts: 2,340

    Hi @dhnijsure,

    What is your machine type (local VM, cloud VM, bare-metal), size, OS?

    Regards,
    -Chris

  • dhnijsure
    dhnijsure Posts: 4

    Hi Chris...I am using GCP VM as advised in the lab guide please.

    Thanks...Dhanesh

  • luisviveropena
    luisviveropena Posts: 1,233

    Hi @dhnijsure ,

    What OS and version are you working with on the GCP vm?

    Regards,
    Luis.

  • cristianharbatovschi
    cristianharbatovschi Posts: 2
    edited February 2021

    I resolved the below error by using the correct username when configuring lxc-usernet file.
    In the documentation the line is to add the "student" string, but in practice my username was not "student". By checking the logfile resulted, noticed the problem came from the networking part and figured out the user name issue in the lxc-usernet file.

    lxc-start: unpriv-cont-user: lxccontainer.c: wait_on_daemonized_start: 842 Received container state "ABORTING" instead of "RUNNING"
    lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 330 The container failed to start
    lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 333 To get more details, run the container in foreground mode
    lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority

    Logging was performed with:
    lxc-start -n unpriv-cont-user --logfile=junk1.log --logpriority DEBUG
    (thanks dhnijsure )

  • RaulSouza
    RaulSouza Posts: 6

    @sergeizak said:
    Hi, i am on the step that creates unprivileged container. After issuing following command

    lxc-create -t download -n unpriv-cont-user

    I am getting following error message

    ERROR: Unable to fetch GPG key from keyserver
    lxc-create: unpriv-cont-user: lxccontainer.c: create_run_template: 1617 Failed to create container from template
    lxc-create: unpriv-cont-user: tools/lxc_create.c: main: 327 Failed to create container unpriv-cont-user

    Hi everyone stuck on this error. The following is the command that worked for me. The only difference I've noticed is the two extra dashes (--) after the container's name (plus, of course the address of the keyserver).

    [lxc-create -t download -n unpriv-cont-user -- --keyserver hkp://keyserver.ubuntu.com]

    Hope it'll save you some research time. = )

  • RaulSouza
    RaulSouza Posts: 6

    Hello,

    the next step is giving me the error bellow.

    student@ubuntu:~$ sudo lxc-start -n priv-cont -d
lxc-start: priv-cont: tools/lxc_start.c: main: 268 No container config specified

    Did anyone face this issue?

  • RaulSouza
    RaulSouza Posts: 6

    @RaulSouza said:
    Hello,

    the next step is giving me the error bellow.

    student@ubuntu:~$ sudo lxc-start -n priv-cont -d
lxc-start: priv-cont: tools/lxc_start.c: main: 268 No container config specified

    Did anyone face this issue?

    After some search, found a suggestion to add the parameter [-f] to specify the config file at [https://stackoverflow.com/questions/62594865/lxc-startno-container-config-specified]

    however, after trying that, i'm facing the error bellow.

    student@ubuntu:~$ sudo lxc-start -n priv-cont -d -f /home/student/.config/lxc/default.conf --logfile=junk1.log --logpriority DEBUG
lxc-start: priv-cont: lxccontainer.c: wait_on_daemonized_start: 859 Received container state "ABORTING" instead of "RUNNING"
lxc-start: priv-cont: tools/lxc_start.c: main: 308 The container failed to start
lxc-start: priv-cont: tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: priv-cont: tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options

    attached is the log file created during the execution. Please, could anyone have a look at that? Thanks in advance.

    also tried to create the default.conf file under /root with root permissions, same behavior

    Thank you very much.

  • RaulSouza
    RaulSouza Posts: 6

    @RaulSouza said:

    @RaulSouza said:
    Hello,

    the next step is giving me the error bellow.

    student@ubuntu:~$ sudo lxc-start -n priv-cont -d
lxc-start: priv-cont: tools/lxc_start.c: main: 268 No container config specified

    Did anyone face this issue?

    After some search, found a suggestion to add the parameter [-f] to specify the config file at [https://stackoverflow.com/questions/62594865/lxc-startno-container-config-specified]

    however, after trying that, i'm facing the error bellow.

    student@ubuntu:~$ sudo lxc-start -n priv-cont -d -f /home/student/.config/lxc/default.conf --logfile=junk1.log --logpriority DEBUG
lxc-start: priv-cont: lxccontainer.c: wait_on_daemonized_start: 859 Received container state "ABORTING" instead of "RUNNING"
lxc-start: priv-cont: tools/lxc_start.c: main: 308 The container failed to start
lxc-start: priv-cont: tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: priv-cont: tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options

    attached is the log file created during the execution. Please, could anyone have a look at that? Thanks in advance.

    also tried to create the default.conf file under /root with root permissions, same behavior

    Thank you very much.

    Hi again.

    Reviewed steps, and realized I've created the privileged container with wrong name. :s

    after recreate with the command:
    [student@ubuntu:~$ sudo lxc-create -t download -n priv-cont -- --keyserver hkp://keyserver.ubuntu.com]

    the container start ran fine.
    [student@ubuntu:~$ sudo lxc-start -n priv-cont -d]

  • chrispokorni
    chrispokorni Posts: 2,340

    Hi @RaulSouza,

    Can you provide the contents of the following files?

    /etc/subuid

    /etc/subgid

    /etc/lxc/lxc-usernet

    ~/.config/lxc/default.conf

    And what permissions are set on the ~/.config/lxc/default.conf file?

    Regards,
    -Chris

  • RaulSouza
    RaulSouza Posts: 6

    Hi Chris,

    Thanks for the feedback, already found the mistake (was a typo). Anyways, here it is the requested.

    Regards,
    Raul.

    student@ubuntu:~$ cat /etc/subuid
ubuntu:100000:65536
student:165536:65536

student@ubuntu:~$ cat /etc/subgid
ubuntu:100000:65536
student:165536:65536

student@ubuntu:~$ cat /etc/lxc/lxc-usernet
# USERNAME TYPE BRIDGE COUNT
student veth lxcbr0 10

student@ubuntu:~$ cat ~/.config/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 165536 65536
lxc.idmap = g 0 165536 65536

student@ubuntu:~$ ll ~/.config/lxc/default.conf
-rw-rw-r-- 1 student student 162 Oct  3 22:23 /home/student/.config/lxc/default.conf

Categories

Upcoming Training