Issue creating containers on 18.04

philthynz · August 17, 2018, 4:06pm

I am running LXD v 3.4, I set it up on 18.04 with:

snap install lxd
sudo lxd init
sudo adduser myuser lxd
newgrp lxd

Then trying to create a container with lxc launch ubuntu:18.04 ocs I get an error Error: Failed container creation: local error: tls: bad record MAC

Debug report:

BUG[08-17|18:02:02] Connecting to a local LXD over a Unix socket 
DBUG[08-17|18:02:02] Sending request to LXD                   etag= method=GET url=http://unix.socket/1.0
DBUG[08-17|18:02:02] Got response struct from LXD 
DBUG[08-17|18:02:02] 
	{
		"config": {},
		"api_extensions": [
			"storage_zfs_remove_snapshots",
			"container_host_shutdown_timeout",
			"container_stop_priority",
			"container_syscall_filtering",
			"auth_pki",
			"container_last_used_at",
			"etag",
			"patch",
			"usb_devices",
			"https_allowed_credentials",
			"image_compression_algorithm",
			"directory_manipulation",
			"container_cpu_time",
			"storage_zfs_use_refquota",
			"storage_lvm_mount_options",
			"network",
			"profile_usedby",
			"container_push",
			"container_exec_recording",
			"certificate_update",
			"container_exec_signal_handling",
			"gpu_devices",
			"container_image_properties",
			"migration_progress",
			"id_map",
			"network_firewall_filtering",
			"network_routes",
			"storage",
			"file_delete",
			"file_append",
			"network_dhcp_expiry",
			"storage_lvm_vg_rename",
			"storage_lvm_thinpool_rename",
			"network_vlan",
			"image_create_aliases",
			"container_stateless_copy",
			"container_only_migration",
			"storage_zfs_clone_copy",
			"unix_device_rename",
			"storage_lvm_use_thinpool",
			"storage_rsync_bwlimit",
			"network_vxlan_interface",
			"storage_btrfs_mount_options",
			"entity_description",
			"image_force_refresh",
			"storage_lvm_lv_resizing",
			"id_map_base",
			"file_symlinks",
			"container_push_target",
			"network_vlan_physical",
			"storage_images_delete",
			"container_edit_metadata",
			"container_snapshot_stateful_migration",
			"storage_driver_ceph",
			"storage_ceph_user_name",
			"resource_limits",
			"storage_volatile_initial_source",
			"storage_ceph_force_osd_reuse",
			"storage_block_filesystem_btrfs",
			"resources",
			"kernel_limits",
			"storage_api_volume_rename",
			"macaroon_authentication",
			"network_sriov",
			"console",
			"restrict_devlxd",
			"migration_pre_copy",
			"infiniband",
			"maas_network",
			"devlxd_events",
			"proxy",
			"network_dhcp_gateway",
			"file_get_symlink",
			"network_leases",
			"unix_device_hotplug",
			"storage_api_local_volume_handling",
			"operation_description",
			"clustering",
			"event_lifecycle",
			"storage_api_remote_volume_handling",
			"nvidia_runtime",
			"container_mount_propagation",
			"container_backup",
			"devlxd_images",
			"container_local_cross_pool_handling",
			"proxy_unix",
			"proxy_udp",
			"clustering_join",
			"proxy_tcp_udp_multi_port_handling",
			"network_state",
			"proxy_unix_dac_properties",
			"container_protection_delete",
			"unix_priv_drop",
			"pprof_http",
			"proxy_haproxy_protocol",
			"network_hwaddr",
			"proxy_nat",
			"network_nat_order",
			"container_full",
			"candid_authentication"
		],
		"api_status": "stable",
		"api_version": "1.0",
		"auth": "trusted",
		"public": false,
		"auth_methods": [
			"tls"
		],
		"environment": {
			"addresses": [],
			"architectures": [
				"x86_64",
				"i686"
			],
			"certificate": "-----BEGIN CERTIFICATE-----\nMIIFUzCCAzugAwIBAgIRAK2dQT/J+GsQ75dmY7h7zhwwDQYJKoZIhvcNAQELBQAw\nNjEcMBoGA1UEChMTbGludXhjb250YWluZXJzLm9yZzEWMBQGA1UEAwwNcm9vdEBs\nYWJzLTMzNjAeFw0xODA4MTcxNTIyMzhaFw0yODA4MTQxNTIyMzhaMDYxHDAaBgNV\nBAoTE2xpbnV4Y29udGFpbmVycy5vcmcxFjAUBgNVBAMMDXJvb3RAbGFicy0zMzYw\nggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDoITc2QSMUZXNp3d0rIzuX\nlVWjISdeaICRp/GytgTvfgWQVR53nc3D7deoGrii6yXso/oIbMwSWdAGM9jyATkW\nSd10nsfZT6UiixTHhgcGW0qu0pUv6S+ALib5rwWlBbag5nFOybvfmR8pWe6wHgS+\nCmRe3A74H+++j4OnNW5lXdxUo6b27aUmQz3EGekGvAP96JVLhTsHyb/RxGKMQLnN\nWyePYpzey8D9NIrj6VsQtT9QJcPBIDVdGjViCJIuT48uIn+7Ut39b2oxafhUViag\noW76WHV20xYTG7iSiLLpmKErF4cqXbcAChdv42HwcGwEn0s3E1R2gYie5gjeyLwS\nYOjgkqvjbl/Cuj8b3ltBb+NWp0H3Zm+CpsGExpIF5Ga+YSMNGwad5b5yHvyZ2ASM\ns//LhrbxdIUeQoOXd2L0yj90QCjf/EGxToz3iiQ2EBod6jXemP9/339QtgqoWnsR\nf0SMneAd4SsiIEhSquQHwuzO9TZgH009te6ljE4MgkcVAYg1KB8hKcmlGkJqRDm/\nIM172qn0Yjs86SeZxojOs9hX9g8aX5frLeg99uMHqiVBKm+I0Izcmya/csZkm8oX\nUNCNYLY7rYc+Tp9DjSu6I8q9I9z4nrh1OeTzOnr4M5fOxS65cbcvWBlYbaFGEm8E\nFnodQBIX+juwtMQLmV8CrwIDAQABo1wwWjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0l\nBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAlBgNVHREEHjAcgghsYWJzLTMz\nNocEwKgChIcEwKh6AYcEwKgDpzANBgkqhkiG9w0BAQsFAAOCAgEA4UV5Pr98yivD\n6t1cnl6zsXHRcH7uR5D+pDoFWYK+SHXrh9RfwKhS/85Hgij8ttEahtUwv0z/cIG8\nrkQtrJn5zm7tKiYv6ez1UrDIb4guKI1zg5F/PI51fF5cBdWyh3TR8rD/Nmgor9NL\nBmbkrrHYUo+wwMovRs0/kNknosdK4utI0vzM97uVi+FhworKHyLzElVoS5V/lHVt\nH9L/r5oJdmjgGSH1ADH3yQ/dH76IlbpsQ1Zs0HifMEGYkSzJyddhx1sxTXFr3Bif\nDDcT32yXiM/0G8Mqro54M/PBevioEn+zAv0o00ns1YUfyfX1zIADqlTbR7otNi5G\nvF64NaRzdMdK30FGY3GxXuwm92VNsAuyIT+LTZEj8eFhJweuIYtK65vqsIzKcGlh\n11j6jpsziK6KjtiMjo7PByq0xGksDRk/Q0GyrVS3uokDFva/+CIKFLdyIDglJafc\nazdtABwNYJ/UzDx97ZMRYBe57CpGDQ33uK2AXTHVjZlxo+/Nq+XqJcM3UlL6XG9X\nKEspP3T0iBiR7kq4tTYXnonZzZ3Y0u5eO79XPwPwW5r20sxDEcRjZQ4vasLXFvvD\nztm3doPkhxVC8svb0WqE3gLeaG+uDvc3IPhRvdU+T3JGS5Rd11UQnw3Llr1g8Woi\nTIG2NhH9MHNL4LafiuNEmpqiQebZSUo=\n-----END CERTIFICATE-----\n",
			"certificate_fingerprint": "2143e2fc0d9ed831a80576c3edfb1b1bf50bc66650e49badb3ffe78eb209f66d",
			"driver": "lxc",
			"driver_version": "3.0.2",
			"kernel": "Linux",
			"kernel_architecture": "x86_64",
			"kernel_version": "4.15.0-32-generic",
			"server": "lxd",
			"server_pid": 27686,
			"server_version": "3.4",
			"storage": "zfs",
			"storage_version": "0.7.5-1ubuntu15",
			"server_clustered": false,
			"server_name": "labs-336"
		}
	} 
Creating ocs
DBUG[08-17|18:02:02] Connecting to a remote simplestreams server 
DBUG[08-17|18:02:02] Connected to the websocket 
DBUG[08-17|18:02:02] Sending request to LXD                   etag= method=POST url=http://unix.socket/1.0/containers
DBUG[08-17|18:02:02] 
	{
		"architecture": "",
		"config": {},
		"devices": {},
		"ephemeral": false,
		"profiles": null,
		"stateful": false,
		"description": "",
		"name": "ocs",
		"source": {
			"type": "image",
			"certificate": "",
			"alias": "18.04",
			"server": "https://cloud-images.ubuntu.com/releases",
			"protocol": "simplestreams",
			"mode": "pull"
		},
		"instance_type": ""
	} 
DBUG[08-17|18:02:02] Got operation from LXD 
DBUG[08-17|18:02:02] 
	{
		"id": "093c33b8-1766-4f5a-a477-f37d51dea503",
		"class": "task",
		"description": "Creating container",
		"created_at": "2018-08-17T18:02:02.538439792+02:00",
		"updated_at": "2018-08-17T18:02:02.538439792+02:00",
		"status": "Running",
		"status_code": 103,
		"resources": {
			"containers": [
				"/1.0/containers/ocs"
			]
		},
		"metadata": null,
		"may_cancel": false,
		"err": ""
	} 
DBUG[08-17|18:02:02] Sending request to LXD                   etag= method=GET url=http://unix.socket/1.0/operations/093c33b8-1766-4f5a-a477-f37d51dea503
DBUG[08-17|18:02:02] Got response struct from LXD 
DBUG[08-17|18:02:02] 
	{
		"id": "093c33b8-1766-4f5a-a477-f37d51dea503",
		"class": "task",
		"description": "Creating container",
		"created_at": "2018-08-17T18:02:02.538439792+02:00",
		"updated_at": "2018-08-17T18:02:02.538439792+02:00",
		"status": "Running",
		"status_code": 103,
		"resources": {
			"containers": [
				"/1.0/containers/ocs"
			]
		},
		"metadata": null,
		"may_cancel": false,
		"err": ""
	} 
Error: Failed container creation: local error: tls: bad record MAC

Anyone seen this before? Just a quick google doesn’t show anything relating to lxd.

stgraber · August 17, 2018, 4:17pm

That’s a first…

Can you show the content of /var/snap/lxd/common/lxd/logs/lxd.log?

philthynz · August 17, 2018, 4:31pm

Sure,

$ cat /var/snap/lxd/common/lxd/logs/lxd.log
cat: /var/snap/lxd/common/lxd/logs/lxd.log: Permission denied
$ sudo cat /var/snap/lxd/common/lxd/logs/lxd.log
[sudo] password for myuser: 
lvl=info msg="LXD 3.4 is starting in normal mode" path=/var/snap/lxd/common/lxd t=2018-08-17T17:22:37+0200
lvl=info msg="Kernel uid/gid map:" t=2018-08-17T17:22:37+0200
lvl=info msg=" - u 0 0 4294967295" t=2018-08-17T17:22:37+0200
lvl=info msg=" - g 0 0 4294967295" t=2018-08-17T17:22:37+0200
lvl=info msg="Configured LXD uid/gid map:" t=2018-08-17T17:22:37+0200
lvl=info msg=" - u 0 1000000 1000000000" t=2018-08-17T17:22:37+0200
lvl=info msg=" - g 0 1000000 1000000000" t=2018-08-17T17:22:37+0200
lvl=warn msg="CGroup memory swap accounting is disabled, swap limits will be ignored." t=2018-08-17T17:22:37+0200
lvl=info msg="Initializing local database" t=2018-08-17T17:22:37+0200
lvl=info msg="Initializing database gateway" t=2018-08-17T17:22:38+0200
address= id=1 lvl=info msg="Start database node" t=2018-08-17T17:22:38+0200
lvl=info msg="Raft: Initial configuration (index=1): [{Suffrage:Voter ID:1 Address:0}]" t=2018-08-17T17:22:38+0200
lvl=info msg="Dqlite: starting event loop" t=2018-08-17T17:22:38+0200
lvl=info msg="Raft: Node at 0 [Leader] entering Leader state" t=2018-08-17T17:22:38+0200
lvl=info msg="LXD isn't socket activated" t=2018-08-17T17:22:38+0200
lvl=info msg="Starting /dev/lxd handler:" t=2018-08-17T17:22:38+0200
lvl=info msg=" - binding devlxd socket" socket=/var/snap/lxd/common/lxd/devlxd/sock t=2018-08-17T17:22:38+0200
lvl=info msg="REST API daemon:" t=2018-08-17T17:22:38+0200
lvl=info msg=" - binding Unix socket" socket=/var/snap/lxd/common/lxd/unix.socket t=2018-08-17T17:22:38+0200
lvl=info msg="Initializing global database" t=2018-08-17T17:22:38+0200
lvl=info msg="Dqlite: handling new connection (fd=20)" t=2018-08-17T17:22:38+0200
lvl=info msg="Dqlite: connected address=0 attempt=0" t=2018-08-17T17:22:38+0200
lvl=info msg="Initializing storage pools" t=2018-08-17T17:22:38+0200
lvl=info msg="Initializing networks" t=2018-08-17T17:22:38+0200
lvl=info msg="Pruning leftover image files" t=2018-08-17T17:22:38+0200
lvl=info msg="Done pruning leftover image files" t=2018-08-17T17:22:38+0200
lvl=info msg="Loading configuration" t=2018-08-17T17:22:38+0200
lvl=info msg="Connected to MAAS controller" t=2018-08-17T17:22:38+0200
lvl=info msg="Pruning expired images" t=2018-08-17T17:22:38+0200
lvl=info msg="Done pruning expired images" t=2018-08-17T17:22:38+0200
lvl=info msg="Updating instance types" t=2018-08-17T17:22:38+0200
lvl=info msg="Expiring log files" t=2018-08-17T17:22:38+0200
lvl=info msg="Updating images" t=2018-08-17T17:22:38+0200
lvl=info msg="Done updating images" t=2018-08-17T17:22:38+0200
lvl=info msg="Done expiring log files" t=2018-08-17T17:22:38+0200
lvl=info msg="Done updating instance types" t=2018-08-17T17:22:40+0200
lvl=info msg="Creating ZFS storage pool \"default\"" t=2018-08-17T17:23:51+0200
lvl=info msg="Created ZFS storage pool \"default\"" t=2018-08-17T17:23:52+0200
alias=18.04 image=bbb592c417b69ff8eac82df58ceeace2b4f58c09339e7ffc019a5069928648da lvl=info msg="Downloading image" operation=ca2481a5-9d12-4db0-a24c-5eb0fa23ce14 server=https://cloud-images.ubuntu.com/releases t=2018-08-17T17:32:27+0200 trigger=/1.0/operations/ca2481a5-9d12-4db0-a24c-5eb0fa23ce14
alias=18.04 image=bbb592c417b69ff8eac82df58ceeace2b4f58c09339e7ffc019a5069928648da lvl=info msg="Downloading image" operation=3fb889f9-2f9f-4d0d-aaf8-c2130a7564f1 server=https://cloud-images.ubuntu.com/releases t=2018-08-17T17:34:44+0200 trigger=/1.0/operations/3fb889f9-2f9f-4d0d-aaf8-c2130a7564f1
alias=bionic image=bbb592c417b69ff8eac82df58ceeace2b4f58c09339e7ffc019a5069928648da lvl=info msg="Downloading image" operation=2044746d-a1ba-4110-8923-f03e065741b6 server=https://cloud-images.ubuntu.com/releases t=2018-08-17T17:37:46+0200 trigger=/1.0/operations/2044746d-a1ba-4110-8923-f03e065741b6
alias=18.04 image=bbb592c417b69ff8eac82df58ceeace2b4f58c09339e7ffc019a5069928648da lvl=info msg="Downloading image" operation=d280cb11-1553-4fd3-872e-f8b651800b17 server=https://cloud-images.ubuntu.com/releases t=2018-08-17T17:40:44+0200 trigger=/1.0/operations/d280cb11-1553-4fd3-872e-f8b651800b17
alias=18.04 image=bbb592c417b69ff8eac82df58ceeace2b4f58c09339e7ffc019a5069928648da lvl=info msg="Downloading image" operation=b5146906-8c54-4187-ab40-eb65bef479ca server=https://cloud-images.ubuntu.com/releases t=2018-08-17T17:44:14+0200 trigger=/1.0/operations/b5146906-8c54-4187-ab40-eb65bef479ca
alias=18.04 image=bbb592c417b69ff8eac82df58ceeace2b4f58c09339e7ffc019a5069928648da lvl=info msg="Downloading image" operation=047d675c-78d3-4153-805c-6709fd140ba0 server=https://cloud-images.ubuntu.com/releases t=2018-08-17T17:58:26+0200 trigger=/1.0/operations/047d675c-78d3-4153-805c-6709fd140ba0
alias=18.04 image=bbb592c417b69ff8eac82df58ceeace2b4f58c09339e7ffc019a5069928648da lvl=info msg="Downloading image" operation=093c33b8-1766-4f5a-a477-f37d51dea503 server=https://cloud-images.ubuntu.com/releases t=2018-08-17T18:02:02+0200 trigger=/1.0/operations/093c33b8-1766-4f5a-a477-f37d51dea503

Strange I didn’t have access to that log file without sudo. This could all be permsions related.

stgraber · August 17, 2018, 4:34pm

Hmm, so LXD itself seems fine. The permission problem is normal, we don’t allow unprivileged users to go read that log file.

Can you run snap refresh lxd to ensure you’ve got the latest build (as I pushed a fix for some potentially related issues not long ago).

philthynz · August 17, 2018, 5:09pm

Thanks. I will try on Monday.

stgraber

Stéphane Graber
Maintainer

August 17
Hmm, so LXD itself seems fine. The permission problem is normal, we don’t allow unprivileged users to go read that log file.

Can you run snap refresh lxd to ensure you’ve got the latest build (as I pushed a fix for some potentially related issues not long ago).

philthynz · August 22, 2018, 10:00am

Yes, seems to be working after running that, thanks

JohnWest · January 19, 2020, 1:05am

Hello, I do also have the problem, that I no longer can download an image:

Error: Failed container creation: local error: tls: bad record MAC

It worked before but now always this error comes.

I have installed LXD directly on my Ubuntu 18.04 computer. Even when I want to create a new container within a container, it brings the same error on that container.

I am stuck - can anyone help me?