LXC version 2 migration to version 3 issue : Failed to load config

omellina · December 19, 2018, 9:28am

Hello,

I migrated versions 2 to 3 of lxc with the official Debian test package without error when installing the new
Lxc version 3 package. During the installation, I replied do not keep the current configuration file and to replace the configuration file with the new lxc3 maintainer version, because I wanted a complete and clean LXC 3 version, without having some parts of old configuration.

The current version
> lxc-info --version

    3.0.3

lxc-checkconfig is fine.
> lxc-checkconfig

    Kernel configuration not found at /proc/config.gz; searching...
    Kernel configuration found at /boot/config-4.18.0-3-amd64
    --- Namespaces ---
    Namespaces: enabled
    Utsname namespace: enabled
    Ipc namespace: enabled
    Pid namespace: enabled
    User namespace: enabled
    Network namespace: enabled

    --- Control groups ---
    Cgroups: enabled

    Cgroup v1 mount points:
    /sys/fs/cgroup/systemd
    /sys/fs/cgroup/freezer
    /sys/fs/cgroup/net_cls,net_prio
    /sys/fs/cgroup/memory
    /sys/fs/cgroup/cpu,cpuacct
    /sys/fs/cgroup/devices
    /sys/fs/cgroup/perf_event
    /sys/fs/cgroup/cpuset
    /sys/fs/cgroup/pids
    /sys/fs/cgroup/blkio

    Cgroup v2 mount points:
    /sys/fs/cgroup/unified

    Cgroup v1 clone_children flag: enabled
    Cgroup device: enabled
    Cgroup sched: enabled
    Cgroup cpu account: enabled
    Cgroup memory controller: enabled
    Cgroup cpuset: enabled

    --- Misc ---
    Veth pair device: enabled, not loaded
    Macvlan: enabled, not loaded
    Vlan: enabled, not loaded
    Bridges: enabled, loaded
    Advanced netfilter: enabled, loaded
    CONFIG_NF_NAT_IPV4: enabled, loaded
    CONFIG_NF_NAT_IPV6: enabled, not loaded
    CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
    CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
    CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, loaded
    CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
    FUSE (for use with lxcfs): enabled, loaded

    --- Checkpoint/Restore ---
    checkpoint restore: enabled
    CONFIG_FHANDLE: enabled
    CONFIG_EVENTFD: enabled
    CONFIG_EPOLL: enabled
    CONFIG_UNIX_DIAG: enabled
    CONFIG_INET_DIAG: enabled
    CONFIG_PACKET_DIAG: enabled
    CONFIG_NETLINK_DIAG: enabled
    File capabilities:

    Note : Before booting a new kernel, you can check its configuration
    usage : CONFIG=/path/to/config /bin/lxc-checkconfig

My issue is about the container config file
> lxc-ls

    Failed to load config for centos
    Failed to load config for debian
    Failed to load config for ubuntu

lxc-info complain default config file is not in the ritght place
> lxc-info centos

    Failed to load config for centos
    Failure to retrieve information on /home/olivier/.local/share/lxc:centos

If I want to create new container, I get some error.
> lxc-create -t download -n test

    lxc-create: test: confile.c: parse_line: 2262 Unknown configuration key "lxc.id_map"                                                       
    lxc-create: test: parse.c: lxc_file_for_each_line_mmap: 142 Failed to parse config file "/home/olivier/.config/lxc/default.conf" at line "lxc.id_map = u 0 100000 65536"
    lxc-create: test: conf.c: chown_mapped_root: 3126 No uid mapping for container root                                                        
    lxc-create: test: lxccontainer.c: do_storage_create: 1288 Error chowning "/home/olivier/.local/share/lxc/test/rootfs" to container root    
    lxc-create: test: conf.c: suggest_default_idmap: 4738 You must either run as root, or define uid mappings                                  
    lxc-create: test: conf.c: suggest_default_idmap: 4739 To pass uid mappings to lxc-create, you could create                                 
    lxc-create: test: conf.c: suggest_default_idmap: 4740 ~/.config/lxc/default.conf:                                                          
    lxc-create: test: conf.c: suggest_default_idmap: 4741 lxc.include = /etc/lxc/default.conf                                                  
    lxc-create: test: conf.c: suggest_default_idmap: 4742 lxc.idmap = u 0 100000 65536                                                         
    lxc-create: test: conf.c: suggest_default_idmap: 4743 lxc.idmap = g 0 100000 65536                                                         
    lxc-create: test: lxccontainer.c: do_lxcapi_create: 1869 Failed to create (none) storage for test                                          
    lxc-create: test: tools/lxc_create.c: main: 327 Failed to create container test

How can fix this issue in a clean way ?

Thanks for your help.

stgraber · December 19, 2018, 2:51pm

Did you run lxc-update-config for your containers?

omellina · December 20, 2018, 9:14am

Hello,

I did the lxc-update-config command for all my unprivileged containers.

    lxc-update-config -c /home/olivier/.local/share/lxc/ubuntu/config
    lxc-update-config -c /home/olivier/.local/share/lxc/centos/config
    lxc-update-config -c /home/olivier/.local/share/lxc/debian/config
    lxc-update-config -c /home/olivier/.config/lxc/default.conf

I reload sysctlI, restarted the service, I get always the same output

    sudo sysctl --system
    sudo systemctl restart lxc.service

    lxc-ls
    Failed to load config for centos
    Failed to load config for debian
    Failed to load config for ubuntu

Did I forget something ?

Thanks

omellina · December 20, 2018, 1:25pm

Hello,

For some more investigations.
Global unprivileged container default configuration

 cat ~/.config/lxc/default.conf 
 #lxc.include = /etc/lxc/default.conf

## Subuids and subgids mapping
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536

## "Secure" mounting
lxc.mount.auto = proc:mixed sys:ro cgroup:mixed

## Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
#lxc.net.0.hwaddr = 00:FF:xx:xx:xx:xx

For exemple, centos container config file

cat ~/.local/share/lxc/centos/config                                                                                                
# Template used to create this container: /usr/share/lxc/templates/lxc-download                                                            
# Parameters passed to the template:
# Template script checksum (SHA-1): d01222f98a39ac660ba791657d5b1168eba582fb                                                               
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


## Subuids and subgids mapping

## "Secure" mounting

## Network configuration

# Distribution configuration
lxc.include = /usr/share/lxc/config/centos.common.conf
lxc.include = /usr/share/lxc/config/centos.userns.conf
lxc.arch = x86_64

# Container specific configuration
#lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
lxc.rootfs.path = /home/olivier/.local/share/lxc/centos/rootfs
lxc.uts.name = centos

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
#lxc.net.0.hwaddr = 00:FF:xx:xx:xx:xx

User identifier and group identifier

cat /etc/subuid
olivier:100000:65536

cat /etc/subgid                                                                                                                   
olivier:100000:65536

I don’t know why the update config file script lxc-update-config does not work.
Where can have a look to troubleshoot the issue ?

Thanks

stgraber · December 20, 2018, 6:02pm

Can you try:

lxc-start -n centos -o debug -l debug

Then show the content of the centos file?