mysql installation in lxc container failed

L

lk777

Member
Oct 27, 2021
37
2
13
This is my first attempt to install mysql server in Proxmox lxc container.
Never experienced this kind of problem with lxc/lxd containers on ubuntu server host.

Code: 
arch: amd64
cores: 2
cpulimit: 2
features: mount=nfs;cifs,nesting=1
hostname: ubuntu-lxc-1
memory: 4096
net0: name=eth0,bridge=vmbr0,gw=10.10.5.1,hwaddr=2E:CF:14:D0:60:19,ip=10.10.5.91/24,type=veth
onboot: 1
ostype: ubuntu
rootfs: zfsa:subvol-200-disk-1,mountoptions=noatime,size=10G,acl=0
swap: 512
lxc.apparmor.profile=unconfined

Even 'lxc.apparmor.profile=unconfined' doesn't help

This is a privileged container.

The error message:

Code: 
apparmor_parser: Unable to replace "/usr/sbin/mysqld".  Permission denied; attempted to load a profile while confined?

Tried the following to no avail:

Code: 
sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld


This is my lxd container configuration on Ubuntu 20.04 which works with no issues:

Code: 
architecture: x86_64
config:
  boot.autostart: "true"
  image.architecture: amd64
  image.description: ubuntu 20.04 LTS amd64 (
  image.label: release
  image.os: ubuntu
  image.release: xenial
  image.version: "20.04"
  limits.cpu: "2"
  limits.memory: 8GB
  limits.memory.swap: "true"
  raw.lxc: |-
    lxc.cgroup.devices.allow = c 116:* rw
    lxc.cgroup.devices.allow = c 166:* rw
    lxc.apparmor.profile=unconfined
  security.nesting: "true"
  security.privileged: "true"
  volatile.base_image: 58f90cbf68927c3fc43e6ee1386446a04f3d8068c1a75a291339cb2be01dec08
  volatile.eth0.host_name: veth2606d870
  volatile.eth0.hwaddr: 00:16:3e:1b:02:06
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.current: '[]'
  volatile.idmap.next: '[]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 1d7f3e07-3902-4a15-913e-a4a42199b7ff
devices:
  eth0:
    ipv4.address: 10.0.3.11
    nictype: bridged
    parent: srvbr0
    type: nic
  vol-btrfs-1:
    path: /mnt/data-volume
    pool: btrfs-pool-dev-1
    source: vol-btrfs-1
    type: disk
ephemeral: false
profiles:
- default
stateful: false



Any ideas?
 
Code: 
root@pve-1:~# pveversion -v
proxmox-ve: 7.1-1 (running kernel: 5.15.30-1-pve)
pve-manager: 7.1-12 (running version: 7.1-12/b3c09de3)
pve-kernel-5.15: 7.1-14
pve-kernel-helper: 7.1-14
pve-kernel-5.13: 7.1-9
pve-kernel-5.15.30-1-pve: 5.15.30-1
pve-kernel-5.15.19-2-pve: 5.15.19-3
pve-kernel-5.15.5-1-pve: 5.15.5-1
pve-kernel-5.13.19-6-pve: 5.13.19-15
pve-kernel-5.13.19-1-pve: 5.13.19-3
ceph-fuse: 15.2.15-pve1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.22-pve2
libproxmox-acme-perl: 1.4.1
libproxmox-backup-qemu0: 1.2.0-1
libpve-access-control: 7.1-7
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.1-5
libpve-guest-common-perl: 4.1-1
libpve-http-server-perl: 4.1-1
libpve-storage-perl: 7.1-1
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.11-1
lxcfs: 4.0.11-pve1
novnc-pve: 1.3.0-2
proxmox-backup-client: 2.1.5-1
proxmox-backup-file-restore: 2.1.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.4-7
pve-cluster: 7.1-3
pve-container: 4.1-4
pve-docs: 7.1-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.3-6
pve-ha-manager: 3.3-3
pve-i18n: 2.6-2
pve-qemu-kvm: 6.1.1-2
pve-xtermjs: 4.16.0-1
qemu-server: 7.1-4
smartmontools: 7.2-1
spiceterm: 3.2-2
swtpm: 0.7.1~bpo11+1
vncterm: 1.7-1
zfsutils-linux: 2.1.4-pve1

This container is based on the template created by importing a lxc container from Ubuntu 20.04 host.

This container is Ubuntu 20.04
 
oguz said:
how did you export/import the container?

could you try using our templates [0] instead? installing mysql should normally work just fine...

[0]: https://pve.proxmox.com/pve-docs/pv...ong_pveam_strong_proxmox_ve_appliance_manager
Click to expand...
I have just tried ubuntu-20.04-standard_20.04-1_amd64.tar.gz (proxmox template) with the same results.
Code: 
Warning: Unable to start the server.
apparmor_parser: Unable to replace "/usr/sbin/mysqld".  Permission denied; attempted to load a profile while confined?

And just for the test purposes I have successfully installed Postgresql. What is wrong with mysql?
 
Last edited:
lk777 said:
I have just tried ubuntu-20.04-standard_20.04-1_amd64.tar.gz (proxmox template) with the same results.
Click to expand...
installing & starting mysql-server on ubuntu 20.04 works fine here with an unprivileged container and "nesting" option enabled (using our template).

could you please check?

what i did:
1. create ubuntu 20.04 container with official template, enable "nesting" (default on GUI) and choose "unprivileged" (also default in GUI)
2. enter container and upgrade packages apt update && apt dist-upgrade -y
3. exit and reboot container
4. enter container and install mysql apt install mysql-server
5. systemctl start mysql
6. verify that it works: ss -antlp | grep 3306
 
There are no any created apparmor profiles for postgresql, but for mysql it creates usr.sbin.mysqld and can't handle it after all.
 
oguz said:
installing & starting mysql-server on ubuntu 20.04 works fine here with an unprivileged container and "nesting" option enabled (using our template).

could you please check?

what i did:
1. create ubuntu 20.04 container with official template, enable "nesting" (default on GUI) and choose "unprivileged" (also default in GUI)
2. enter container and upgrade packages apt update && apt dist-upgrade -y
3. exit and reboot container
4. enter container and install mysql apt install mysql-server
5. systemctl start mysql
6. verify that it works: ss -antlp | grep 3306
Click to expand...
That is interesting. It didn't work for me either. It doesn't complain now about apparmor and it enforces /usr/sbin/mysqld:
Code: 
root@ubuntu-lxc-3:~# aa-status
apparmor module is loaded.
12 profiles are loaded.
12 profiles are in enforce mode.
   /usr/bin/man
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/sbin/mysqld
   /usr/sbin/tcpdump
   /{,usr/}sbin/dhclient
   lsb_release
   man_filter
   man_groff
   nvidia_modprobe
   nvidia_modprobe//kmod
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
 
lk777 said:
It doesn't complain now about apparmor and it enforces /usr/sbin/mysqld:
Click to expand...
does it work like that?

if yes please mark the thread as [SOLVED] ;)
 
Yes, that is right and mysql-server still doesn't work for me. But maybe it is time for me to move on from mysql, at least on Proxmox lxc containers.

But @oguz states that it works.
 
And mariadb now works in my imported privileged container with the disabled 'usr.sbin.mysqld' apparmor profile.
I am not a DBA and can't tell you what is the difference between MySQL and MariaDB, they just look similar to me.
 
ness1602 said:
Yes, i also have that problem with ubuntu 20.04, so i just installed it on debian.
Click to expand...
" ... MySQL is not available in the official package repository of Debian 10. But, MariaDB is available..." So maybe this is a sign ...
 
lk777 said:
Yes, that is right and mysql-server still doesn't work for me. But maybe it is time for me to move on from mysql, at least on Proxmox lxc containers.

But @oguz states that it works.
Click to expand...
if you follow the instructions i wrote in my previous post it should work as described :)

make sure your container is unprivileged and has nesting enabled.
 
I've tested it oguz on latest PVE,and it still doesn't work even with nesting ,and apparmor profile for mysql disabled
 
ness1602 said:
I've tested it oguz on latest PVE,and it still doesn't work even with nesting ,and apparmor profile for mysql disabled
Click to expand...
could you post your container configuration file? pct config CTID (replace CTID with yours)
 
oguz said:
if you follow the instructions i wrote in my previous post it should work as described :)

make sure your container is unprivileged and has nesting enabled.
Click to expand...
I have followed your instructions and it doesn't work:
Code: 
root@ubuntu-lxc-3:~# systemctl status mysql
* mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2022-04-07 12:00:25 UTC; 1s ago
    Process: 782 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
    Process: 790 ExecStart=/usr/sbin/mysqld (code=exited, status=1/FAILURE)
   Main PID: 790 (code=exited, status=1/FAILURE)
     Status: "Server startup in progress"
        CPU: 296ms

Apr 07 12:00:25 ubuntu-lxc-3 systemd[1]: mysql.service: Scheduled restart job, restart counter is at 5.
Apr 07 12:00:25 ubuntu-lxc-3 systemd[1]: Stopped MySQL Community Server.
Apr 07 12:00:25 ubuntu-lxc-3 systemd[1]: mysql.service: Start request repeated too quickly.
Apr 07 12:00:25 ubuntu-lxc-3 systemd[1]: mysql.service: Failed with result 'exit-code'.
Apr 07 12:00:25 ubuntu-lxc-3 systemd[1]: Failed to start MySQL Community Server.

Code: 
2022-04-07T11:39:38.578418Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2022-04-07T11:39:38.613006Z 1 [ERROR] [MY-012963] [InnoDB] Log file ./ib_logfile1 is of different size 0 bytes than other log files 17825792 bytes!
2022-04-07T11:39:38.613069Z 1 [ERROR] [MY-012930] [InnoDB] Plugin initialization aborted with error Generic error.
2022-04-07T11:39:39.105605Z 1 [ERROR] [MY-010334] [Server] Failed to initialize DD Storage Engine
2022-04-07T11:39:39.105731Z 0 [ERROR] [MY-010020] [Server] Data Dictionary initialization failed.
2022-04-07T11:39:39.105827Z 0 [ERROR] [MY-010119] [Server] Aborting
2022-04-07T11:39:39.106262Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.28-0ubuntu0.20.04.3)  (Ubuntu).
 
lk777 said:
I have followed your instructions and it doesn't work:
Click to expand...
Code: 
root@pve:~# pct enter 137
root@test-mysql:~# systemctl status mysql
● mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-04-07 12:08:30 UTC; 1min 47s ago
    Process: 121 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
   Main PID: 136 (mysqld)
     Status: "Server is operational"
      Tasks: 37 (limit: 19116)
     Memory: 436.7M
        CPU: 1.144s
     CGroup: /system.slice/mysql.service
             └─136 /usr/sbin/mysqld

Apr 07 12:08:28 test-mysql systemd[1]: Starting MySQL Community Server...
Apr 07 12:08:30 test-mysql systemd[1]: Started MySQL Community Server.
root@test-mysql:~# ss -antlp | grep 3306
LISTEN    0         70               127.0.0.1:33060            0.0.0.0:*        users:(("mysqld",pid=136,fd=22))                                               
LISTEN    0         151              127.0.0.1:3306             0.0.0.0:*        users:(("mysqld",pid=136,fd=24))

works here. could you post your container configuration?

here's mine:
Code: 
root@pve:~# pct config 137
arch: amd64
cores: 1
features: nesting=1
hostname: test-mysql
memory: 2048
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=C2:79:27:6F:E8:5D,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local:137/vm-137-disk-0.raw,size=8G
swap: 2048
unprivileged: 1

and my package versions:
Code: 
root@pve:~# pveversion -v 
proxmox-ve: 7.1-1 (running kernel: 5.15.30-1-pve)
pve-manager: 7.1-12 (running version: 7.1-12/b3c09de3)
... SNIP ...
lvm2: 2.03.11-2.1
lxc-pve: 4.0.12-1
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-2
proxmox-backup-client: 2.1.5-1
proxmox-backup-file-restore: 2.1.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.4-7
pve-cluster: 7.1-3
pve-container: 4.1-4
... SNIP ...

are you using unified cgroups by chance? what do you get from cat /proc/cmdline?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back