I cannot start containers on btrfs with the same error mentioned here
I have tried on arch linux and alpine.
Thanks for your help
What error do you get when you start the instance?
Hmm sorry I believe the issues arenβt the same.
this is the archlinux issue
Name: lxd-ide
Status: STOPPED
Type: container
Architecture: x86_64
Created: 2021/11/24 15:05 AEDT
Last Used: 2021/11/24 20:40 AEDT
Log:
lxc lxd-ide 20211124094005.831 ERROR conf - conf.c:lxc_map_ids:3654 - newuidmap failed to write mapping "": newuidmap 2830 0 1000000 1000000000
lxc lxd-ide 20211124094005.831 ERROR start - start.c:lxc_spawn:1790 - Failed to set up id mapping.
lxc lxd-ide 20211124094005.831 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:867 - Received container state "ABORTING" instead of "RUNNING"
lxc lxd-ide 20211124094005.831 ERROR start - start.c:__lxc_start:2073 - Failed to spawn container "lxd-ide"
lxc lxd-ide 20211124094005.831 WARN start - start.c:lxc_abort:1038 - No such process - Failed to send SIGKILL via pidfd 17 for process 2830
lxc 20211124094010.857 ERROR af_unix - af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20211124094010.858 ERROR commands - commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors
this is the alpinelinux issue
Name: alps
Status: STOPPED
Type: container
Architecture: x86_64
Created: 2021/11/16 20:01 AEDT
Last Used: 2021/11/16 20:16 AEDT
Log:
lxc alps 20211116091608.731 ERROR conf - conf.c:lxc_map_ids:3654 - newuidmap failed to write mapping "newuidmap: uid range [0-1000000000) -> [1000000-1001000000) not allowed": newuidmap 3735 0 1000000 1000000000
lxc alps 20211116091608.731 ERROR start - start.c:lxc_spawn:1785 - Failed to set up id mapping.
lxc alps 20211116091608.731 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:867 - Received container state "ABORTING" instead of "RUNNING"
lxc alps 20211116091608.731 ERROR start - start.c:__lxc_start:2068 - Failed to spawn container "alps"
lxc alps 20211116091608.731 WARN start - start.c:lxc_abort:1038 - No such process - Failed to send SIGKILL via pidfd 43 for process 3735
lxc 20211116091613.774 ERROR af_unix - af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20211116091613.774 ERROR commands - commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors
lxc 20211116091757.676 TRACE commands - commands.c:lxc_cmd:509 - Connection refused - Command "get_state" failed to connect command socket
lxc 20211116091757.751 TRACE commands - commands.c:lxc_cmd:509 - Connection refused - Command "get_state" failed to connect command socket
lxc 20211116091820.921 TRACE commands - commands.c:lxc_cmd:509 - Connection refused - Command "get_state" failed to connect command socket
The alpine issue is that your /etc/subuid and /etc/subgid files donβt contain the values youβre trying to use for your containerβs idmap. You can fix those files or remove the newuidmap tool so that LXC manages idmaps directly.
The arch linux issue looks like youβre trying to use an empty idmap.
Ahh I see
I updated my /etc/sub[gu]id to match the alpine install
ββββββββ¬ββββββββ
β File: /etc/subgid
ββββββββΌββββββββ
1 β root:100000:65536
ββββββββ΄ββββββββ
ββββββββ¬ββββββββ
β File: /etc/subuid
ββββββββΌββββββββ
1 β root:100000:65536
ββββββββ΄ββββββββ
lxc info --show-log lxd-ide
``` Name: lxd-ide Status: STOPPED Type: container Architecture: x86_64 Created: 2021/11/24 15:05 AEDT Last Used: 2021/11/24 20:53 AEDTLog:
lxc lxd-ide 20211124095332.250 ERROR conf - conf.c:lxc_map_ids:3654 - newuidmap failed to write mapping βnewuidmap: uid range [0-1000000000) β [1000000-1001000000) not allowedβ: newuidmap 8791 0 1000000 1000000000
lxc lxd-ide 20211124095332.250 ERROR start - start.c:lxc_spawn:1790 - Failed to set up id mapping.
lxc lxd-ide 20211124095332.250 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:867 - Received container state βABORTINGβ instead of βRUNNINGβ
lxc lxd-ide 20211124095332.250 ERROR start - start.c:__lxc_start:2073 - Failed to spawn container βlxd-ideβ
lxc lxd-ide 20211124095332.250 WARN start - start.c:lxc_abort:1038 - No such process - Failed to send SIGKILL via pidfd 17 for process 8791
lxc 20211124095337.288 ERROR af_unix - af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20211124095337.288 ERROR commands - commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors
</details>
If I use a default install of lxd without modifying the sub[gu]ids should it work? I hadnβt touched anything on my arch install before just now, so I donβt know why it would be empty.
Please can you show the lxc config show <instance> --expanded
for each.
for archlinux:
lxc config show lxd-ide --expanded
architecture: x86_64
config:
image.architecture: amd64
image.description: Debian bullseye amd64 (20211123_05:24)
image.os: Debian
image.release: bullseye
image.serial: "20211123_05:24"
image.type: squashfs
image.variant: default
volatile.base_image: 8054e116e0c707476b67d2c6a10186d708b219da94371c4297edff26167b163e
volatile.eth0.host_name: veth80143ce1
volatile.eth0.hwaddr: 00:16:3e:cc:5f:8d
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[]'
volatile.last_state.power: STOPPED
volatile.uuid: 89724dee-5228-47ce-b508-a54361716cdb
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
my ubuntu server install, which uses the snap version, is currently working (and updated to 4.20, inline with both alpine and arch), and the containers can launch on btrfs. ID mapping is working on a shared btrfs disk. I canβt check the alpine install because that would require me to restart the Ubuntu server.
You need to allow a larger range, as your containerβs have a Maprange
entry up to:
And youβre only allowing up to 65536
On the snap package, it doesnβt use the hostβs newuidmap tool and so isnβt beholden to the restrictions set in /etc/subuid and /etc/subgid.
This is why I also suggested removing the newuidmap tool entirely.
how can I remove it? by simply deleting the /etc/sub[gu]id ? I think that left me with an empty id mapping.
No, the newuidtool command, not the /etc/subuid and /etc/subgid files.
Other tools might depend on new{g,u}idmap
. You should simply add a large enough map for root
and lxd
in /etc/sub{g,u}id
. Usually:
lxd:100000:1000000000
root:100000:1000000000
in both /etc/subuid
and /etc/subgid
should suffice.
I needed to add one more zero in the first group in your answer.
Thanks so much for all your help