I check this post, and ArchLinux wiki but it doesn’t help.
My host system is Ubuntu 18.04 with systemd 237, lxd 3.0.3. I create a ArchLinux LXD container, and it could start, but with no IPv4 address, only IPv6 one.
This usually suggests systemd not being happy about something.
Try running systemctl --failed inside the container and look at lxc console --show-log if available too.
systemctl --failed inside the container outputs:
UNIT LOAD ACTIVE SUB DESCRIPTION
● sys-kernel-config.mount loaded failed failed Kernel Configuration File System
● systemd-logind.service loaded failed failed Login Service
● systemd-networkd.service loaded failed failed Network Service
● systemd-resolved.service loaded failed failed Network Name Resolution
● systemd-udevd.service loaded failed failed udev Kernel Device Manager
● systemd-journald-audit.socket loaded failed failed Journal Audit Socket
● systemd-networkd.socket loaded failed failed Network Service Netlink Socket
● systemd-udevd-control.socket loaded failed failed udev Control Socket
● systemd-udevd-kernel.socket loaded failed failed udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
9 loaded units listed.
And lxc console --show-log:
Console log:
systemd 243.162-2-arch running in system mode. (+PAM +AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
Detected virtualization lxc.
Detected architecture x86-64.
Welcome to Arch Linux!
[ OK ] Created slice system-getty.slice.
[ OK ] Created slice User and Session Slice.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[UNSUPP] Starting of Arbitrary Executable Fi…tem Automount Point not supported.
[ OK ] Reached target Local Encrypted Volumes.
[ OK ] Reached target Paths.
[ OK ] Reached target Remote File Systems.
[ OK ] Reached target Slices.
[ OK ] Reached target Swap.
[ OK ] Listening on Device-mapper event daemon FIFOs.
[ OK ] Listening on Process Core Dump Socket.
[ OK ] Listening on initctl Compatibility Named Pipe.
systemd-journald-audit.socket: Failed to create listening socket (audit 1): Operation not permitted
systemd-journald-audit.socket: Failed to listen on sockets: Operation not permitted
systemd-journald-audit.socket: Failed with result 'resources'.
[FAILED] Failed to listen on Journal Audit Socket.
See 'systemctl status systemd-journald-audit.socket' for details.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Listening on Journal Socket.
[ OK ] Listening on Network Service Netlink Socket.
[ OK ] Listening on udev Control Socket.
[ OK ] Listening on udev Kernel Socket.
Mounting Temporary Directory (/tmp)...
Failed to set devices.allow on /system.slice/systemd-journald.service: Operation not permitted
Starting Journal Service...
Mounting Kernel Configuration File System...
Starting Remount Root and Kernel File Systems...
Starting Apply Kernel Variables...
Starting udev Coldplug all Devices...
[ OK ] Mounted Temporary Directory (/tmp).
sys-kernel-config.mount: Mount process exited, code=exited, status=32/n/a
sys-kernel-config.mount: Failed with result 'exit-code'.
[FAILED] Failed to mount Kernel Configuration File System.
See 'systemctl status sys-kernel-config.mount' for details.
[ OK ] Started Remount Root and Kernel File Systems.
Starting Create Static Device Nodes in /dev...
[ OK ] Started Create Static Device Nodes in /dev.
[ OK ] Reached target Local File Systems (Pre).
[ OK ] Reached target Local File Systems.
Starting udev Kernel Device Manager...
systemd-udevd.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc/sys/kernel/domainname: Permission denied
[ OK ] Started udev Coldplug all Devices.
[ OK ] Started Journal Service.
Starting Flush Journal to Persistent Storage...
[ OK ] Started Apply Kernel Variables.
[FAILED] Failed to start udev Kernel Device Manager.
See 'systemctl status systemd-udevd.service' for details.
[ OK ] Stopped udev Kernel Device Manager.
Starting udev Kernel Device Manager...
[ OK ] Started Flush Journal to Persistent Storage.
Starting Create Volatile Files and Directories...
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown...
[FAILED] Failed to start udev Kernel Device Manager.
See 'systemctl status systemd-udevd.service' for details.
[ OK ] Stopped udev Kernel Device Manager.
Starting udev Kernel Device Manager...
[ OK ] Started Update UTMP about System Boot/Shutdown.
[FAILED] Failed to start udev Kernel Device Manager.
See 'systemctl status systemd-udevd.service' for details.
[ OK ] Stopped udev Kernel Device Manager.
Starting udev Kernel Device Manager...
[FAILED] Failed to start udev Kernel Device Manager.
See 'systemctl status systemd-udevd.service' for details.
[ OK ] Stopped udev Kernel Device Manager.
Starting udev Kernel Device Manager...
[FAILED] Failed to start udev Kernel Device Manager.
See 'systemctl status systemd-udevd.service' for details.
[ OK ] Stopped udev Kernel Device Manager.
[FAILED] Failed to start udev Kernel Device Manager.
See 'systemctl status systemd-udevd.service' for details.
[ OK ] Reached target System Initialization.
[ OK ] Started Daily rotation of log files.
[ OK ] Started Daily man-db regeneration.
[ OK ] Started Daily verification of password and group files.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
[ OK ] Started D-Bus System Message Bus.
Starting Login Service...
Starting Network Service...
[FAILED] Failed to start Network Service.
See 'systemctl status systemd-networkd.service' for details.
[ OK ] Stopped Network Service.
Starting Network Service...
[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.
[ OK ] Stopped Login Service.
Starting Login Service...
[FAILED] Failed to start Network Service.
See 'systemctl status systemd-networkd.service' for details.
[ OK ] Stopped Network Service.
Starting Network Service...
[FAILED] Failed to start Network Service.
See 'systemctl status systemd-networkd.service' for details.
[ OK ] Stopped Network Service.
Starting Network Service...
[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.
[ OK ] Stopped Login Service.
Starting Login Service...
[FAILED] Failed to start Network Service.
See 'systemctl status systemd-networkd.service' for details.
[ OK ] Stopped Network Service.
Starting Network Service...
[FAILED] Failed to start Network Service.
See 'systemctl status systemd-networkd.service' for details.
[ OK ] Stopped Network Service.
[FAILED] Failed to start Network Service.
See 'systemctl status systemd-networkd.service' for details.
Starting Network Name Resolution...
[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.
[ OK ] Stopped Login Service.
Starting Login Service...
[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.
[ OK ] Stopped Login Service.
Starting Login Service...
[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.
[ OK ] Stopped Login Service.
[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.
[FAILED] Failed to start Network Name Resolution.
See 'systemctl status systemd-resolved.service' for details.
[ OK ] Stopped Network Name Resolution.
Starting Network Name Resolution...
[FAILED] Failed to start Network Name Resolution.
See 'systemctl status systemd-resolved.service' for details.
[ OK ] Stopped Network Name Resolution.
Starting Network Name Resolution...
[FAILED] Failed to start Network Name Resolution.
See 'systemctl status systemd-resolved.service' for details.
[ OK ] Stopped Network Name Resolution.
Starting Network Name Resolution...
[FAILED] Failed to start Network Name Resolution.
See 'systemctl status systemd-resolved.service' for details.
[ OK ] Stopped Network Name Resolution.
Starting Network Name Resolution...
[FAILED] Failed to start Network Name Resolution.
See 'systemctl status systemd-resolved.service' for details.
[ OK ] Stopped Network Name Resolution.
[FAILED] Failed to start Network Name Resolution.
See 'systemctl status systemd-resolved.service' for details.
[ OK ] Reached target Network.
[ OK ] Reached target Host and Network Name Lookups.
Starting Permit User Sessions...
[ OK ] Started Permit User Sessions.
[ OK ] Started Console Getty.
[ OK ] Reached target Login Prompts.
[ OK ] Reached target Multi-User System.
[ OK ] Reached target Graphical Interface.
Arch Linux 4.15.0-66-generic (console)
archlinux login:
And my default profile:
config:
boot.autostart: "true"
boot.autostart.delay: ""
boot.host_shutdown_timeout: ""
limits.cpu: "36"
nvidia.runtime: "true"
description: Default LXD profile
devices:
eth0:
name: eth0
nictype: macvlan
parent: eno2
type: nic
gpu:
type: gpu
matlab:
path: /usr/local/MATLAB
source: /usr/local/MATLAB
type: disk
root:
path: /
pool: default
size: 1TB
type: disk
name: default
This is macvlan, which means that the container gets its IP address from the LAN, if there is a DHCP server there. And, in addition, if you are using a virtualization platform this may not work straight away because the virtualization platform may block the DHCP reply reaching the container.
But other container with the same profile works OK. I have another container using the same profile as this one but with Ubuntu 18.04, and Ubuntu inside container get both IPv4 address and IPv6 address.
I tried with LXD 3.18 (snap) and it worked for me,
$ lxc launch images:archlinux --profile default --profile macvlan myarch
Creating myarch
Starting myarch
$ lxc list myarch
+--------+---------+--------------------+------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+--------+---------+--------------------+------+------------+-----------+
| myarch | RUNNING | 192.168.1.9 (eth0) | | PERSISTENT | 0 |
+--------+---------+--------------------+------+------------+-----------+
Therefore, it is not an issue with the Arch container image not requesting a DHCP lease from your LAN’s DHCP server.
What does Arch use for networking these days?
$ lxc shell myarch
[root@myarch ~]# networkctl
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
26 eth0 ether routable configured
2 links listed.
[root@myarch ~]#
It’s systemd-networkd. You would need to run tcpdump on the host to watch for BOOTP packets, and at the same time restart systemd-networkd in the container (i.e. requests for a fresh DHCP lease).
$ sudo tcpdump port bootpc or port bootps
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp6s4, link-type EN10MB (Ethernet), capture size 262144 bytes
15:50:18.026566 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:16:3e:41:ae:42 (oui Unknown), length 287
15:50:18.203211 IP Server.Home.bootps > 192.168.1.3.bootpc: BOOTP/DHCP, Reply, length 274
15:50:18.203512 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:16:3e:41:ae:42 (oui Unknown), length 299
15:50:18.381254 IP Server.Home.bootps > 192.168.1.3.bootpc: BOOTP/DHCP, Reply, length 274
and in the container
[root@myarch ~]# systemctl restart systemd-networkd
[root@myarch ~]#
The above output is that it works for me.
In the host, sudo tcpdump port bootpc -vv
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 262144 bytes
and in the container, systemctl restart systemd-networkd:
Failed to add /run/systemd/ask-password to directory watch: inotify watch limit reached
Job for systemd-networkd.service failed because the control process exited with error code.
See "systemctl status systemd-networkd.service" and "journalctl -xe" for details.
and systemctl status systemd-networkd:
● systemd-networkd.service - Network Service
Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2019-11-23 14:11:59 UTC; 2min 34s ago
Docs: man:systemd-networkd.service(8)
Process: 199 ExecStart=/usr/lib/systemd/systemd-networkd (code=exited, status=226/NAMESPACE)
Main PID: 199 (code=exited, status=226/NAMESPACE)
Nov 23 14:11:59 archlinux systemd[1]: systemd-networkd.service: Service has no hold-off time (RestartSec=0), scheduling restart.
Nov 23 14:11:59 archlinux systemd[1]: systemd-networkd.service: Scheduled restart job, restart counter is at 5.
Nov 23 14:11:59 archlinux systemd[1]: Stopped Network Service.
Nov 23 14:11:59 archlinux systemd[1]: systemd-networkd.service: Start request repeated too quickly.
Nov 23 14:11:59 archlinux systemd[1]: systemd-networkd.service: Failed with result 'exit-code'.
Nov 23 14:11:59 archlinux systemd[1]: Failed to start Network Service.
Here is my systemd-network config file:
[Match]
Name=eth*
[Network]
# the default is this
# DHCP=ipv4
# and I modify to this
DHCP=yes
networkctl:
WARNING: systemd-networkd is not running, output will be incomplete.
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback n/a unmanaged
68 eth0 ether n/a unmanaged
Your host did not pick the correct network interface by default, therefore specify it.
See https://lxd.readthedocs.io/en/latest/production-setup/ on how to relax the limit.
After setting:
sysctl -w fs.inotify.max_queued_events = 1048576
sysctl -w fs.inotify.max_user_instances = 1048576
sysctl -w fs.inotify.max_user_watches = 1048576
in the host, and tcpdump port bootpc -i eno2 gives me:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno2, link-type EN10MB (Ethernet), capture size 262144 bytes
09:54:33.466739 IP 172.21.17.148.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from c8:d3:ff:40:cb:b9 (oui Unknown), length 300
09:55:48.479853 IP 172.21.17.148.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from c8:d3:ff:40:cb:b9 (oui Unknown), length 300
09:56:04.176795 IP 172.21.17.133.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from f4:8e:38:9c:b7:c9 (oui Unknown), length 300
But I don’t have any LXD container with IP 172.21.17.148 or 172.21.17.133. I also check my virtual machine on the host, no one with these IPs.
In the arch container:
● systemd-networkd.service - Network Service
Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2019-11-24 01:54:43 UTC; 8min ago
Docs: man:systemd-networkd.service(8)
Process: 155 ExecStart=/usr/lib/systemd/systemd-networkd (code=exited, status=226/NAMESPACE)
Main PID: 155 (code=exited, status=226/NAMESPACE)
Nov 24 01:54:43 archlinux-new systemd[1]: systemd-networkd.service: Service has no hold-off time (RestartSec=0), scheduling restart.
Nov 24 01:54:43 archlinux-new systemd[1]: systemd-networkd.service: Scheduled restart job, restart counter is at 5.
Nov 24 01:54:43 archlinux-new systemd[1]: Stopped Network Service.
Nov 24 01:54:43 archlinux-new systemd[1]: systemd-networkd.service: Start request repeated too quickly.
Nov 24 01:54:43 archlinux-new systemd[1]: systemd-networkd.service: Failed with result 'exit-code'.
Nov 24 01:54:43 archlinux-new systemd[1]: Failed to start Network Service.
After setting security.nesting=true, it works great now. I double check by create a new container, it really works. This post helps me. But I don’t know what’s happening.
These MAC addresses are from a HP device and a Dell device. Therefore, they are not container MAC addresses (starting with 00:16:3e:...). Which means that you did not see a client request.
I cannot think of a reason why security.nesting=true would be of significance here.
Does macvlan work on a non-Arch container? By testing, you will be able to get a hint as to whether it is the container image at fault, or something else.
Verify that you have restarted your computer so that the sysctl changes are activated (or run sysctl -p).
OK, let’s start from scratch. I could not restart the host now, so I run sysctl -p, and here is the output of sysctl -a|grep inotify:
fs.inotify.max_queued_events = 1048576
fs.inotify.max_user_instances = 1048576
fs.inotify.max_user_watches = 1048576
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.docker0.stable_secret"
sysctl: reading key "net.ipv6.conf.eno1.stable_secret"
sysctl: reading key "net.ipv6.conf.eno2.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
sysctl: reading key "net.ipv6.conf.macvtap0.stable_secret"
sysctl: reading key "net.ipv6.conf.macvtap1.stable_secret"
sysctl: reading key "net.ipv6.conf.virbr0.stable_secret"
sysctl: reading key "net.ipv6.conf.virbr0-nic.stable_secret"
sysctl: reading key "net.ipv6.conf.vnet0.stable_secret"
user.max_inotify_instances = 1048576
user.max_inotify_watches = 1048576
I create a new profile, lxc profile show demo:
config: {}
description: ""
devices:
eth0:
name: eth0
nictype: macvlan
parent: eno2
type: nic
root:
path: /
pool: default
size: 1TB
type: disk
name: demo
used_by:
- /1.0/containers/archlinux-demo
- /1.0/containers/ubuntu-demo
and create a Ubuntu 18.04 container, a ArchLinux container using the same profile.
+----------------+---------+----------------------+----------------------------------------------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+----------------+---------+----------------------+----------------------------------------------+------------+-----------+
| archlinux-demo | RUNNING | | 2001:xxxxxxxx:9003 (eth0) | PERSISTENT | 0 |
+----------------+---------+----------------------+----------------------------------------------+------------+-----------+
| ubuntu-demo | RUNNING | 172.21.17.149 (eth0) | 2001:xxxxxx::1 (eth0) | PERSISTENT | 0 |
| | | | 2001:xxxxx:2d20 (eth0) | | |
+----------------+---------+----------------------+----------------------------------------------+------------+-----------+
And after lxc config set archlinux-demo security.nesting true and restart the container:
+----------------+---------+----------------------+----------------------------------------------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+----------------+---------+----------------------+----------------------------------------------+------------+-----------+
| archlinux-demo | RUNNING | 172.21.17.245 (eth0) | 2001:xxxxxxxx:9003 (eth0) | PERSISTENT | 0 |
+----------------+---------+----------------------+----------------------------------------------+------------+-----------+
and,
$ sudo tcpdump port bootpc -i eno2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno2, link-type EN10MB (Ethernet), capture size 262144 bytes
10:30:07.053000 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:16:3e:f3:95:03 (oui Unknown), length 295
10:30:08.052531 IP _gateway.bootps > 172.21.17.245.bootpc: BOOTP/DHCP, Reply, length 300
10:30:08.052709 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:16:3e:f3:95:03 (oui Unknown), length 307
10:30:08.055940 IP _gateway.bootps > 172.21.17.245.bootpc: BOOTP/DHCP, Reply, length 300
10:30:14.399079 IP 172.21.17.2.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 4c:cc:6a:c1:a3:3a (oui Unknown), length 300
The fingerprint of the Ubuntu image is: 497517d8a733, and ArchLinux: e01af40fc635.
Hi!
The 172.21... range of IP addresses are from a private non-routable range. It is not common to see these in LANs. Are you sure there is no virtualization platform there? HyperV, VirtualBox, VMWare, etc?
The tcpdump output shows that your container sent the request and got back a DHCP lease.
If the container does not actually receive the lease, then this could be due to filtering from a virtualization environment.
I’m pretty sure that there is no virtualization except the LXD we’re using. The host system is Ubuntu installed in a workstation. These devices are in school network, the 172 IPs is set up by school. The whole network in school could be regard as LAN.
For testing, can you set the host’s eno2 interface to promisc mode and try again?
This should be sudo ifconfig eno2 promisc. You can disable when you are done with sudo ifconfig eno2 -promisc.
Alternatively, there could be some iptables rules on the host. Use the following to view them.
iptables -L
iptables -t nat -L
iptables rules:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
and
$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !localhost/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
RETURN all -- 192.168.122.0/24 base-address.mcast.net/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Try again means restart the container?
After setting eno2 to promisc=on:
ip link show eno2
3: eno2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether ac:1f:6b:a1:0c:b3 brd ff:ff:ff:ff:ff:ff
and set security.nesting=false:
$ lxc list archlinux-demo
+----------------+---------+------+----------------------------------------------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+----------------+---------+------+----------------------------------------------+------------+-----------+
| archlinux-demo | RUNNING | | 2001:xxxx:9003 (eth0) | PERSISTENT | 0 |
+----------------+---------+------+----------------------------------------------+------------+-----------+
Still no IPv4 address.
And still failed to start systemd-networkd:
● systemd-networkd.service - Network Service
Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2019-11-25 09:04:38 UTC; 1min 1s ago
Docs: man:systemd-networkd.service(8)
Process: 106 ExecStart=/usr/lib/systemd/systemd-networkd (code=exited, status=226/NAMESPACE)
Main PID: 106 (code=exited, status=226/NAMESPACE)
Nov 25 09:04:38 archlinux-demo systemd[1]: systemd-networkd.service: Service has no hold-off time (RestartSec=0), scheduling restart.
Nov 25 09:04:38 archlinux-demo systemd[1]: systemd-networkd.service: Scheduled restart job, restart counter is at 5.
Nov 25 09:04:38 archlinux-demo systemd[1]: Stopped Network Service.
Nov 25 09:04:38 archlinux-demo systemd[1]: systemd-networkd.service: Start request repeated too quickly.
Nov 25 09:04:38 archlinux-demo systemd[1]: systemd-networkd.service: Failed with result 'exit-code'.
Nov 25 09:04:38 archlinux-demo systemd[1]: Failed to start Network Service.
Can you show us an equivalent trace when DHCP isn’t working please.