LAB 16

nicocerquera

This command:

lxc-create -n bucket -t download -- --keyserver hkp://keyserver.ubuntu.com

Does not work since it does not recognize --keyserver command,

What is the appropriate command to set here?

nicocerquera

ERROR: Failed to download https://hkp://keyserver.ubuntu.com//meta/1.0/index-system

lee42x

I'll look in to the command as it is in the manual. There is another format of the command:

set varable in the environment

export DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com"

check the variable is there

sudo echo $DOWNLOAD_KEYSERVER

create the container

sudo lxc-create -t download -n bucket

Regards Lee

nicocerquera

Thanks Lee that worked for creating the container.

Now, for starting it, I see the following error:

/etc/default$ sudo lxc-start -n bucket
lxc-start: bucket: lxccontainer.c: wait_on_daemonized_start: 877 Received container state "ABORTING" instead of "RUNNING"
lxc-start: bucket: tools/lxc_start.c: main: 306 The container failed to start
lxc-start: bucket: tools/lxc_start.c: main: 309 To get more details, run the container in foreground mode
lxc-start: bucket: tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options

What path should I pursue here?

nicocerquera

This is the state:
sudo lxc-ls -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
bucket STOPPED 0 - - - false
bucket1 STOPPED 0 - - - false

lee42x

I usually see these type of error when I misstype something,let me look into this.

lee42x

Problem duplicated. Adding the keyserver in the environment may be the issue.
Delete all the buckets.
Clear the environment variables ( log out and back in)
Rebuild the buckets with "lxc-create -n bucket -t download " .......yes we eliminated the keyserver.
When building the buckets select distro = fedora, Release = 37 and Architchure = amd64

Let me know how that works out, sorry about taking a wrong turn with the keyserver.

berkk

I have the same issue with first failing to create the container.

After using the command provided by you (no env vars set):
lxc-create -n bucket -t download
And parameters centos, Stream-9 and amd64 according to my vm os, it worked.

But trying to start does unfortunately not work:

xc-start -n bucket
lxc-start: bucket: lxccontainer.c: wait_on_daemonized_start: 877 Received container state "ABORTING" instead of "RUNNING"
lxc-start: bucket: tools/lxc_start.c: main: 306 The container failed to start
lxc-start: bucket: tools/lxc_start.c: main: 309 To get more details, run the container in foreground mode
lxc-start: bucket: tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options

Or with sudo:

sudo lxc-start -n bucket
lxc-start: bucket: tools/lxc_start.c: main: 266 No container config specified

Any tips on how to resolve the issue?

luisviveropena

Hi @berkk,

1.- What distro and version are you using?
2.- I did a test case on Ubuntu 20.04 and it worked. I had to use the following command to create the container:

lxc-create -n bucket1 -t download -- -d centos -r 8-Stream -a amd64

Then I started it with:

lxc-start -n bucket1

In you case, were you able to create the container or it failed?

And I configured the environment variables as suggested above.

I suggest to go through all the configuration, as it's a bit long and perhaps you forgot to execute a step.

Regards,
Luis.

berkk

Hi @luisviveropena

Thanks for your reply.
I am running CentOS Stream 9 on my VM.

I went back to the lab 16.1 instructions and verified all files. Also, I set the env variable DOWNLOAD_KEYSERVER as instructed above.

Lastly I executed exactly the same commands as you, but still get the same output as before when I want to start the container.

My current containers, which will not start:

lxc-ls -f
NAME    STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
bucket  STOPPED 0         -      -    -    true
bucket1 STOPPED 0         -      -    -    true

luisviveropena

Hi @berkk, did you stop the firewall?

Regards,
Luis.

lee42x

I went though the steps on a clean version of CentOS-9-Stream.
CentOS 9-Stream worked fine for me, but a couple little notes:
1. Do not set the keyserver variable, it is not needed for centos containers.
2. Verify the adapter virbr0 is available, you may have to start the virtnetworkd service. virtnetworkd is a replacement for libvirtd.
3. Delete all the problem containers and create new ones
4. If the container does not start, use the "-F" option like "sudo lxc-start -n bucket -F", It will generate some debug info that I would like to see.
5. I recorded my commands and can post them if required.
6. Unprivileged containers, initially do not use them, start the containers with root privileges or sudo. Once we get root owned containers running we can move on to unprivileged containers as an extra exercise.
7. Please note, we do not expect the unprivileged containers to function without extra steps, there are some permission issues to be addressed.

Please let me know which distribution you are using for the host system and which OS you are selecting for the container. Thanks Lee

berkk

Thanks very much, I got it to run. (Firewall was already stopped by me)

Following was probably missing before:

• libvirtd must be running (is not mentioned in lab instructions).
• To be able to start the container as root it must be installed as root. (did not test with sudo though)

Had some trouble with the loadbalancer thereafter, but got it to work by adding the ip (lxc-ls -f) of "bucket" to the hosts file with the name bucket. And then inside container bucket, I added the name "bucket" with 127.0.0.1 into the hosts file.

Best,
Beni

luisviveropena

Hi @berkk, I'm glad that you were able to solve it!

To be able to start the container as root it must be installed as root. (did not test with sudo though)

Oh, why you would like to run the container as root user? That could be dangerous in terms of security if the container is exploited. I didn't mention it, but I started it as non privileged user and it ran ok.

Many regards,
Luis.