tomp
September 30, 2022, 7:30am
5
So LXD 5.6 introduced this change:
committed 12:39PM - 26 Aug 22 UTC
And calls it during Create() and Mount() to ensure all initial datasets always e… xist
and are configured using current policy.
Also switches to Reverter in Create().
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Which initialises any missing datasets and sets up the pool’s top-level policy on mount (pool start up).
It sounds like because your pool didn’t have the matching policy of legacy (which disables the unnecessary auto mount of the top level dataset) that ZFS tried to unmount it and this seemed to causes issues (perhaps because you have running instances on that pool).
It may also be due to this snap/zfs issue:
opened 07:43PM - 05 Aug 20 UTC
<!--
Github issues are used for bug reports. For support questions, please use … [our forum](https://discuss.linuxcontainers.org).
Please fill the template below as it will greatly help us track down your issue and reproduce it on our side.
Feel free to remove anything which doesn't apply to you and add more information where it makes sense.
-->
# Required information
* Distribution: Ubuntu
* Distribution version: Focal
* The output of "lxc info" or if that fails:
```
config: {}
api_extensions:
- storage_zfs_remove_snapshots
- container_host_shutdown_timeout
- container_stop_priority
- container_syscall_filtering
- auth_pki
- container_last_used_at
- etag
- patch
- usb_devices
- https_allowed_credentials
- image_compression_algorithm
- directory_manipulation
- container_cpu_time
- storage_zfs_use_refquota
- storage_lvm_mount_options
- network
- profile_usedby
- container_push
- container_exec_recording
- certificate_update
- container_exec_signal_handling
- gpu_devices
- container_image_properties
- migration_progress
- id_map
- network_firewall_filtering
- network_routes
- storage
- file_delete
- file_append
- network_dhcp_expiry
- storage_lvm_vg_rename
- storage_lvm_thinpool_rename
- network_vlan
- image_create_aliases
- container_stateless_copy
- container_only_migration
- storage_zfs_clone_copy
- unix_device_rename
- storage_lvm_use_thinpool
- storage_rsync_bwlimit
- network_vxlan_interface
- storage_btrfs_mount_options
- entity_description
- image_force_refresh
- storage_lvm_lv_resizing
- id_map_base
- file_symlinks
- container_push_target
- network_vlan_physical
- storage_images_delete
- container_edit_metadata
- container_snapshot_stateful_migration
- storage_driver_ceph
- storage_ceph_user_name
- resource_limits
- storage_volatile_initial_source
- storage_ceph_force_osd_reuse
- storage_block_filesystem_btrfs
- resources
- kernel_limits
- storage_api_volume_rename
- macaroon_authentication
- network_sriov
- console
- restrict_devlxd
- migration_pre_copy
- infiniband
- maas_network
- devlxd_events
- proxy
- network_dhcp_gateway
- file_get_symlink
- network_leases
- unix_device_hotplug
- storage_api_local_volume_handling
- operation_description
- clustering
- event_lifecycle
- storage_api_remote_volume_handling
- nvidia_runtime
- container_mount_propagation
- container_backup
- devlxd_images
- container_local_cross_pool_handling
- proxy_unix
- proxy_udp
- clustering_join
- proxy_tcp_udp_multi_port_handling
- network_state
- proxy_unix_dac_properties
- container_protection_delete
- unix_priv_drop
- pprof_http
- proxy_haproxy_protocol
- network_hwaddr
- proxy_nat
- network_nat_order
- container_full
- candid_authentication
- backup_compression
- candid_config
- nvidia_runtime_config
- storage_api_volume_snapshots
- storage_unmapped
- projects
- candid_config_key
- network_vxlan_ttl
- container_incremental_copy
- usb_optional_vendorid
- snapshot_scheduling
- container_copy_project
- clustering_server_address
- clustering_image_replication
- container_protection_shift
- snapshot_expiry
- container_backup_override_pool
- snapshot_expiry_creation
- network_leases_location
- resources_cpu_socket
- resources_gpu
- resources_numa
- kernel_features
- id_map_current
- event_location
- storage_api_remote_volume_snapshots
- network_nat_address
- container_nic_routes
- rbac
- cluster_internal_copy
- seccomp_notify
- lxc_features
- container_nic_ipvlan
- network_vlan_sriov
- storage_cephfs
- container_nic_ipfilter
- resources_v2
- container_exec_user_group_cwd
- container_syscall_intercept
- container_disk_shift
- storage_shifted
- resources_infiniband
- daemon_storage
- instances
- image_types
- resources_disk_sata
- clustering_roles
- images_expiry
- resources_network_firmware
- backup_compression_algorithm
- ceph_data_pool_name
- container_syscall_intercept_mount
- compression_squashfs
- container_raw_mount
- container_nic_routed
- container_syscall_intercept_mount_fuse
- container_disk_ceph
- virtual-machines
- image_profiles
- clustering_architecture
- resources_disk_id
- storage_lvm_stripes
- vm_boot_priority
- unix_hotplug_devices
- api_filtering
- instance_nic_network
- clustering_sizing
- firewall_driver
- projects_limits
- container_syscall_intercept_hugetlbfs
- limits_hugepages
- container_nic_routed_gateway
- projects_restrictions
- custom_volume_snapshot_expiry
- volume_snapshot_scheduling
- trust_ca_certificates
- snapshot_disk_usage
- clustering_edit_roles
- container_nic_routed_host_address
- container_nic_ipvlan_gateway
- resources_usb_pci
- resources_cpu_threads_numa
- resources_cpu_core_die
- api_os
- resources_system
- usedby_consistency
api_status: stable
api_version: "1.0"
auth: trusted
public: false
auth_methods:
- tls
environment:
addresses: []
architectures:
- x86_64
- i686
certificate: |
-----BEGIN CERTIFICATE-----
MIIFPjCCAyagAwIBAgIRAO0feJeGdoQakUfi0zaZEqAwDQYJKoZIhvcNAQELBQAw
MzEcMBoGA1UEChMTbGludXhjb250YWluZXJzLm9yZzETMBEGA1UEAwwKcm9vdEB0
dW1teTAeFw0xOTA0MjcxNDQ4MzJaFw0yOTA0MjQxNDQ4MzJaMDMxHDAaBgNVBAoT
E2xpbnV4Y29udGFpbmVycy5vcmcxEzARBgNVBAMMCnJvb3RAdHVtbXkwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC11IOxuOtOzsGjz2jn8cDnTBZ3xrsF
N6CS5jIZQA6S101Hj+TsyNvAOn3Lp5wFzq2+v79VbbKpnKjCZkOpY+sLkZoHphl5
GPOBaGZgEK3ySlRIuSiaQH+yZl6ExYgLctyo8BtoxsZyJJrSt+YNHql2rQoDxdBG
7MlvmJ6v5pJfLQc2QDHP2k/UJLVpdqFFw0D3f+t6yjh8vjXm9tBUuAs/RJHGwwca
ex1dcEdkIDISsO5GenvOm5L04GIh+x3nAOdVY2NLaxOPXvpEhX13b4Rp4nKokld6
0VD7uKP5e0Q2soztGBhNPHetEMSs34zR4V7GOxIOz4UsQ2+bifo7nSnBuED1uHNc
Mjb0m7QmMLFQjhvF+BG0Ja4cB5gP/3fVF41NgDJqhyDoKeW3rDNziD+Bz3MJcDFu
ISe5kFMBotDqas8IWGpGUJsM9iKcQFk76rSkExTRA6EHmEiBCxF6K8wRg0dLfg3f
96E++8hOyaptb7kRxNzCl3sjXet4A24V4th+d3IQzVZ/BvvnWWUiTbkMzoU90ZDg
cssmCoAPZ8FBfXd48AyOaJ+YxqakdoqiJGyedEwQjWFfTlMwSpva1C7Bj7LHyR2+
vbmFwc4iJEVX3tniWKk6sWcoHBIxCq1kxf0jNssavjDKZjbOa0KgTygcpCtMU3GW
oUeIX8fkQyXgJQIDAQABo00wSzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAWBgNVHREEDzANggV0dW1teYcEwKigTDAN
BgkqhkiG9w0BAQsFAAOCAgEAZlewGkZBaEGumo4teqNg/Z981ey5ZqmXmiznAAIl
Fnv0Mlbg73wnqeIKeAOz+9eJiQ9vmXzbag3KLuuWR6DWL9EnST8VkOqeIh78NQIX
bSag2QpSlT5RaOHhDrHHSwlFBuzycJCVvMU9TuUvA/sSzgP/lIuu/T/v0gdwriCt
ofSLz7YyqpDIOUbCgqWOMFXMkhZqLJPo2Se609qHcqhS1tUATW62nhF4Ly9GXTu7
HlrPqw1a2/BGyrGSRSn6AWcVV+6nCJfdekv0Ed2nc6QVPaK2lAMmDofc289MGrAa
BGlttdRzS0zuNg3GKySS6+xbryGvAXDBL39iZMMAog9T55t2fB8RM1BeYcyhJVM5
WORk1IQlzBx0bXz0Xtkr6nYLfg/IDswyyDbkT1yGLHZjcz70u2MU5tbChmOyAbVu
tCE3QVCLj/+KHIlE+Z5YIZ17LKcUTI6jiViESOSRm6Qvi0XkQcaK06JRaH6neXi0
ACq5NJ2UjSOhk60TQj18I493/ooFR3nN5M8OPyVLEXruEOsjw5E6BBqBt70H4/9V
F2PqMhhCvrzdd9faC4PKPcHRKMzhMyd3+0NffT2Z8l3dElSmN5dyv4Ig3sLD3uTj
4vRTMt8lrfmfeIXlwk+i9RslYsYmGGETi8R85FrTbMLv6SpDbRLQ74rarbU4nnFi
ZpA=
-----END CERTIFICATE-----
certificate_fingerprint: ae0ef773c385ab2d7e14642aea1ec8aae8728be9b5862240b045de9b45b740b4
driver: lxc
driver_version: 4.0.3
firewall: xtables
kernel: Linux
kernel_architecture: x86_64
kernel_features:
netnsid_getifaddrs: "true"
seccomp_listener: "true"
seccomp_listener_continue: "true"
shiftfs: "false"
uevent_injection: "true"
unpriv_fscaps: "true"
kernel_version: 5.4.0-40-generic
lxc_features:
cgroup2: "true"
mount_injection_file: "true"
network_gateway_device_route: "true"
network_ipvlan: "true"
network_l2proxy: "true"
network_phys_macvlan_mtu: "true"
network_veth_router: "true"
pidfd: "true"
seccomp_allow_deny_syntax: "true"
seccomp_notify: "true"
os_name: Ubuntu
os_version: "20.04"
project: default
server: lxd
server_clustered: false
server_name: tummy
server_pid: 1215389
server_version: 4.0.2
storage: zfs
storage_version: 0.8.3-1ubuntu12
```
# Issue description
This issue already happened a couple of months ago. At that time restarting the server fixed it.
No it's back.
# Steps to reproduce
I have no reproducer, just the failing environment.
```
# lxc snapshot feb sssss
Error: Create instance snapshot (mount source): Failed to run: zfs mount tank/lxd/containers/feb: cannot mount 'tank/lxd/containers/feb': filesystem already mounted
```
# Information to attach
I see no more relevant information. It just started to happen.
Let me know if I can help more.
In that sometimes after a snap refresh the mount tables inside the snap namespace can get out of sync with the host and this can confuse the ZFS tool run inside the snap to think something is/isn’t mounted when it infact is.
In these situations I would suggest rebooting the host to allow the snap mount table to be brought into sync.
I have tested various scenarios on mount the ZFS datasets in different orders, and it does appear you can get ZFS mounts confused if you, say, start a container, and then mount the zfs pool’s top level dataset and then try and stop the container and the container’s path no longer is available in the host’s mount namespace as its been over mounted.
So in general I would say you have done the correct thing by bringing all of your ZFS pool datasets into legacy mode (so there is no mounting except that done explicitly by LXD).