LFS253 Lab 3.2

benjakh

when i run
[email protected]:~$ lxc-create --template download --name unpriv-cont-user

Out put is:
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: unpriv-cont-user: lxccontainer.c: create_run_template: 1616 Failed to create container from template
lxc-create: unpriv-cont-user: tools/lxc_create.c: main: 319 Failed to create container unpriv-cont-user

can someone offer some hingts on where i went wrong

benjakh

found this thread: https://forum.linuxfoundation.org/discussion/857326/lxc-create-fails-to-create-container

So I ran:
setfacl -m u:100000:x ~/.local

then ran the command
sudo sudo lxc-create -t download --name unpriv-cont-user -- -d ubuntu -r xenial -a amd64
output:
lxc-create: unpriv-cont-user: tools/lxc_create.c: main: 266 Container already exists

so then i went on with the lab and ran:
sudo lxc-start -n unpriv-cont-user -d
output:
lxc-start: unpriv-cont-user: lxccontainer.c: do_lxcapi_start: 897 Ongoing container creation detected
lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 308 The container failed to start
lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options

chrispokorni

Hi @benjakh,

Instructions to set the access control list can be found in the lab exercise as well. The lab guide includes additional notes about optional keyserver usage, and an alternative create command. However, what causes most issues are the actual uid and gid used in commands.
To validate that we have all correct values set, please provide the output of the following commands:

$ id

$ cat /etc/subuid

$ cat /etc/subgid

$ cat /etc/lxc/lxc-usernet

$ ls -la ~/.config/lxc/default.conf

$ cat ~/.config/lxc/default.conf

$ getfacl ~/.local

Regards,
-Chris

benjakh

$id
uid=1000(benja) gid=1000(benja) groups=1000(benja),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lxd)

$ cat /etc/subuid
benja:100000:65536

$ cat /etc/subgid
$: command not found

$ cat /etc/subgid
benja:100000:65536
[email protected]:~/LFSplayground$ cat /etc/lxc/lxc-usernet

USERNAME TYPE BRIDGE COUNT

benja veth lxcbr0 10

$ ls -la ~/.config/lxc/default.conf
-rw-rw-r-- 1 benja benja 162 Apr 20 00:51 /home/benja/.config/lxc/default.conf

$ cat ~/.config/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lsc.idmap = u 0 231072 65536
lsc.idmap = g 0 231072 65536

$ getfacl ~/.local
getfacl: Removing leading '/' from absolute path names

file: home/benja/.local

owner: root

group: root

user::rwx
user:100000:--x
user:231072:--x
group::r-x
mask::r-x
other::r-x********

chrispokorni

Thank you for the detailed output, @benjakh.

As suspected, there are inconsistencies in the UID and GID values used to configure the system. Please revisit all the post lxc installation steps in the lab guide, steps that configure the system and ensure that the proper UID and GID values are used. Reading carefully exercise descriptions should help in picking the correct values for your environment. After all, there seems to be only one set of UID and GID on your system, so the task should be pretty straight forward.

I would also recommend ensuring that no typos are included in the default.conf file, as it seems to be the case in the output above.

Regards,
-Chris

benjakh

Thanks for taking the time to answer my question

benjakh

Thanks again, after reviewing the instructions, i am able to see where i mess up

dmwpepper

I have another error with this lab related to the keyserver. When I run:

lxc-create --name unpriv-cont-user --template download --keyserver keyserver.ubuntu.com

I get:

lxc-create: unrecognized option '--keyserver'

chrispokorni

Hi @dmwpepper,

An additional double-dash is expected:

lxc-create --name unpriv-cont-user --template download -- --keyserver keyserver.ubuntu.com

Regards,
-Chris

gfevans

Im having an issue with this lab as well at the same or similar point Whenever i try to start the unpriv-cont-user i get an error running it in the foreground for more logs i got the following

[email protected]:~$ lxc-start -n unpriv-cont-user -F
lxc-start: unpriv-cont-user: network.c: lxc_create_network_unpriv_exec: 2976 lxc-user-nic failed to configure requested network: cmd/lxc_user_nic.c: 1206: main: Quota reached
lxc-start: unpriv-cont-user: start.c: lxc_spawn: 1843 Failed to create the network
lxc-start: unpriv-cont-user: start.c: __lxc_start: 2074 Failed to spawn container "unpriv-cont-user"
lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 306 The container failed to start
lxc-start: unpriv-cont-user: tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options

checking the cat's listed earlier in this thread i dont see any typos or mistakes with my uid or gid

[email protected]:~$ id
uid=1001(student) gid=1002(student) groups=1002(student),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),118(netdev),119(lxd),1000(ubuntu),1001(google-sudoers)
[email protected]:~$ cat /etc/subuid
ubuntu:100000:65536
student:165536:65536
[email protected]:~$ cat /etc/subgid
ubuntu:100000:65536
student:165536:65536
[email protected]:~$ cat /etc/lxc/lxc-usernet
# USERNAME TYPE BRIDGE COUNT
student vethc lxcbr0 10
[email protected]:~$ ls -la ~/.config/lxc/default.conf
-rw-rw-r-- 1 student student 162 May 10 17:27 /home/student/.config/lxc/default.conf
[email protected]:~$ cat ~/.config/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 165536 65536
lxc.idmap = g 0 165536 65536
[email protected]:~$ getfacl ~/.local
getfacl: Removing leading '/' from absolute path names
# file: home/student/.local
# owner: student
# group: student
user::rwx
user:165536:--x
group::r-x
mask::r-x
other::r-x

chrispokorni

Hi @gfevans,

I would recommend fixing the typo in /etc/lxc/lxc-usernet and then try again.

Regards,
-Chris