Lxc image copy fails when image is private

lxd

(Aljoscha Vollmerhaus) #1

Hi everyone,

I’ve got a problem that seems to be similar to this one: Lxc copy image fails, but copying containers just works fine?

It seems to have been fixed here: https://github.com/lxc/lxd/pull/3616
The fix should already have landed, on the server side I’ve tried LXD 3.6 and 3.0.3.
On the client I’ve had 3.5 and 3.7.

However:

lxc image copy --alias footest templxdtest.example.com:footest local:
Error: Failed remote image download:

Publishing the image with “–public” fixes this.


(Stéphane Graber) #2

What does lxc remote list show you?

The --debug output for that lxc image copy may also be useful.


(Aljoscha Vollmerhaus) #3

Thanks for taking the time to look at this :smiley:

Unfortunately I can’t post the logs here because they contain more http links than I’m allowed to post as new user.
So I’ve created two pastebins. I’ve made an effort to anonymize IPs and hostnames in the output.

Here is “lxc remote ls”: https://pastebin.com/4Gi3Mkmk
And here comes the debug output for “lxc image copy --debug”: https://pastebin.com/kFVs9T7S


(Stéphane Graber) #4

Hmm, so I’m not sure why the secret appears to no longer be valid by the time LXD attempts to transfer using the right address, but one way to avoid this issue would be to set core.https_address to a specific address on your source server, ideally, an address that all other LXD servers will be able to reach.

This will avoid the current guessing game where the client has to tell the target server about all the potential IPs of the source image server so that it can try to figure out which one will work.


(Aljoscha Vollmerhaus) #5

Sorry for taking so long to respond, I’ve been away for the holidays.

I’ve tried setting core.https_address to the public IPv4 address of the machine, this is reachable by all my other LXD servers. It didn’t work.
Here is the debug log, I’ve replaced some IPs, hostnames and stuff: https://pastebin.com/6DUdZ6wh