openSUSE containers problem

GeorgiL

New Member
Jan 18, 2019
14
0
1
36
Greetings,

Is it me or both templates for openSUSE 42.3 and Leap 15.0 appear kind of broken - Leap 15.0 is fully inaccessible via console or ssh - console is literally empty just with marker for typing and Leap 42.3 does load a console, refuse root login, sometimes stuck while typing password, acting weird when typing. Both CTs can't be pinged. Even coppied the sshd_config from working CT to the leap 42.3's CT and didnt help.
 
Try creating your containers as "privileged" (unselect the 'unprivileged' option while creating in GUI).

There seems to be weird problems in openSUSE Leap 42.3 related to the network manager - wicked. I wasn't able to figure out what's causing this yet, but it seems like the network interface isn't starting properly in unprivileged containers. I'll try to figure out why and let you know here.
 
Coming from https://forum.proxmox.com/threads/f27-unprivileged-container-systemd-issues.46730/.

Leap 15.0 is fully inaccessible via console or ssh - console is literally empty just with marker for typing

Actually at least for openSUSE 15.0, launch it in the foreground as unprivileged, eg 'lxc-start -n <container-id> --foreground', you'll get this:

'
systemd 234 running in system mode. (+PAM -AUDIT +SELINUX -IMA +APPARMOR -SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN default-hierarchy=hybrid)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to openSUSE Leap 15.0!

Set hostname to <test>.
Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Failed to create /init.scope control group: Permission denied
Failed to allocate manager object: Permission denied
[!!!!!!] Failed to allocate manager object, freezing.
Freezing execution.'

This particular issue has been fixed both in systemd@236 and lxc. However, 15.0 ships with systemd@234 unfortunately. I've opened up an upstream bug report with openSUSE about backporting that fix here https://bugzilla.opensuse.org/show_bug.cgi?id=1130137.

Hey @oguz, has those changes at least in that LXC PR made its way into Proxmox 5.x?
 
Failed to create /init.scope control group: Permission denied
Failed to allocate manager object: Permission denied

you could try to enable nesting (CT's option tab's features entry)

Hey @oguz, has those changes at least in that LXC PR made its way into Proxmox 5.x?

for sure, that's old stuff (from mid 2017)
 
you could try to enable nesting (CT's option tab's features entry)

# cat /etc/pve/lxc/107.conf
arch: amd64
cores: 1
features: nesting=1
hostname: test
memory: 1024
net0: name=eth0,bridge=vmbr0,gw=10.0.4.1,hwaddr=7A:33:66:94:B3:1C,ip=10.0.4.30/24,type=veth
ostype: opensuse
rootfs: local-lvm:vm-107-disk-0,size=8G
swap: 512
unprivileged: 1

Unfortunately, that didn't work, though it was worth a try. Just in case AppArmor might have played a role:

Mar 22 04:19:30 pve2 kernel: [276897.267960] audit: type=1400 audit(1553242770.483:61): apparmor="STATUS" operation="profile_remove" profile="/usr/bin/lxc-start" name="lxc-107_</var/lib/lxc>" pid=26499 comm="apparmor_parser"
Mar 22 04:19:58 pve2 kernel: [276925.256361] audit: type=1400 audit(1553242798.200:62): apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-107_</var/lib/lxc>" pid=27061 comm="apparmor_parser"

Nothing useful.
 
I'm having another problem with openSUSE Leap 15.0 container which is NOT running as unprivileged. I wasn't sure if I should open a new thread, but since openSUSE containers seem to be problematic on proxmox, I'll continue with this thread. For whatever reason, every time I invoke 'zypper', memory usage balloons nearly exhausting a 1GiB pipe and doesn't get release immediately but over time. See upstream bug report https://bugzilla.opensuse.org/show_bug.cgi?id=1130161 for context. Top's output is confusing, the sum of all processes running, is relatively <20MB in memory usage? Yet, free -m indicates that over 600MB is currently in use, which matches the summary from the web interface. And does 10 million plus calls to lstat from zypper be the cause for this? Is there anything could be done via host side?
 
Try creating your containers as "privileged" (unselect the 'unprivileged' option while creating in GUI).

There seems to be weird problems in openSUSE Leap 42.3 related to the network manager - wicked. I wasn't able to figure out what's causing this yet, but it seems like the network interface isn't starting properly in unprivileged containers. I'll try to figure out why and let you know here.

Have you had the time to give this any troubleshooting?
 
Hi,

Have you had the time to give this any troubleshooting?
sorry, not really a priority. I'd be happy to help you troubleshoot it and come up with a fix though.
 
Have you had a chance to try this yet?

If yes and it was successful, can you post steps to install a working version of Leap?

Thanks

No not yet. Did a quick search and couldnt find a newer version of libzypp in the available repos. Didnt have the time to troubleshoot further.
Maybe after summer vacation.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!