Container with CentOS 8.3 not start network device

M

Marian.Veverka

Member
Jun 3, 2020
17
0
6
52
Hello,
I have container with CentOS 8.3 and network device eth0 not start after boot, but command ifup eth0 works.

cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.102.51
NETMASK=255.255.255.0
GATEWAY=192.168.102.1
IPV6INIT=yes
DHCPV6C=yes

Have somebody same issues?
 
hi,

can you please post the container configuration? pct config CTID and pveversion -v outputs?
 
Code: 
root@node12:~# pct config 151
arch: amd64
cores: 2
cpulimit: 2
cpuunits: 1000
hostname: mas1.sandbox1.xxx...
memory: 4096
nameserver: 192.168.102.10 192.168.102.68
net0: name=eth0,bridge=vmbr102,firewall=1,gw=192.168.102.1,hwaddr=6A:0B:2B:BF:35:51,ip=192.168.102.51/24,ip6=dhcp,type=veth
onboot: 1
ostype: centos
rootfs: NAS:151/vm-151-disk-0.raw,size=30G
searchdomain: xxx...
swap: 2048
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.mount.auto: proc:rw sys:rw

Code: 
root@node12:~# pveversion -v
proxmox-ve: 6.3-1 (running kernel: 5.4.78-2-pve)
pve-manager: 6.3-3 (running version: 6.3-3/eee5f901)
pve-kernel-5.4: 6.3-3
pve-kernel-helper: 6.3-3
pve-kernel-5.4.78-2-pve: 5.4.78-2
ceph-fuse: 12.2.11+dfsg1-2.1+b1
corosync: 3.0.4-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.16-pve1
libproxmox-acme-perl: 1.0.7
libproxmox-backup-qemu0: 1.0.2-1
libpve-access-control: 6.1-3
libpve-apiclient-perl: 3.1-3
libpve-common-perl: 6.3-2
libpve-guest-common-perl: 3.1-3
libpve-http-server-perl: 3.1-1
libpve-storage-perl: 6.3-3
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.3-1
lxcfs: 4.0.3-pve3
novnc-pve: 1.1.0-1
proxmox-backup-client: 1.0.6-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.4-3
pve-cluster: 6.2-1
pve-container: 3.3-2
pve-docs: 6.3-1
pve-edk2-firmware: 2.20200531-1
pve-firewall: 4.1-3
pve-firmware: 3.1-3
pve-ha-manager: 3.1-1
pve-i18n: 2.2-2
pve-qemu-kvm: 5.1.0-7
pve-xtermjs: 4.7.0-3
qemu-server: 6.3-2
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-2
zfsutils-linux: 0.8.5-pve1
root@node12:~#
 
Last edited:
could you try setting the ip6 to static? (you can also leave it empty)
 
container network settings are managed by PVE. can you try setting it on the GUI?
 
We tryed to change network settings (IPv6: Static) in Proxmox GUI and network device after start still not starting.

cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.102.51
NETMASK=255.255.255.0
GATEWAY=192.168.102.1
 
can you please try without the

Code: 
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.mount.auto: proc:rw sys:rw

in your configuration?
 
LXC containers in proxmox have apparmor enforced on them.

these lines in your case can be also a security risk, because they disable (unconfine) the apparmor profile, and mount proc and sys of the host with rw (read-write) permissions.

removing the lines puts our default apparmor configuration back into effect, which has more restrictions for security reasons.

so you have to decide considering your environment if this is an acceptable risk for you. you might also want to look into the nesting [0] option which would also serve similar purpose (to allow docker in lxc for example)

nesting=<boolean> (default = 0)
Allow nesting. Best used with unprivileged containers with additional id mapping. Note that this will expose procfs and sysfs contents of the host to the guest.
Click to expand...


[0]: https://pve.proxmox.com/wiki/Linux_Container#pct_options
[1]: https://pve.proxmox.com/wiki/Linux_Container#_security_considerations
 
Unfortunatelly with this settings we cannot run dockers on this containers.
When we tried create docker, response is "Error response from daemon: using mount program fuse-overlayfs: fuse: device not found, try 'modprobe fuse' first"
 
Last edited:
Marian.Veverka said:
Unfortunatelly with this settings we cannot run dockers on this containers.
Click to expand...
did you enable nesting?

Marian.Veverka said:
"Error response from daemon: using mount program fuse-overlayfs: fuse: device not found, try 'modprobe fuse' first"
Click to expand...
it should normally work without this, but if you're having problems you can try activating the FUSE option for the container (Container -> Options -> Features)
 
Hello,

Our configuration
Proxmox Virtual Environment 6.3-3
CT: CentOS Linux release 8.3.2011

For running docker in CT i need configuration in /etc/pve/lxc/198.conf:

lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.mount.auto: proc:rw sys:rw

When I delete this settings, then docker doesnt run but eth0 correct start
When I add this settings, then docker run start correct, but eth0 dont start. I must use ifup eth0

Fuse enable: does not help
Nesting: does not help
IPv6 Static: does not help

Now I have temporary solution bash in crontab:
#!/usr/bin/bash
TCP_IP=`/sbin/ip ad sh | grep "192.168.102" | awk '{print $2}'`
DATE="$(date +'%Y-%m-%d-%H:%M')"
LOG=/opt/log_start_eth01.log

if [ "$TCP_IP" != '' ]; then
# ETH01 je OK
echo "ETH01 je OK"
else
echo "INFO $DATE - Start eth01" >> $LOG
/sbin/ifup eth0
fi

it doesn't solve my problem

Best regards

Radek
 

Attachments

  • docker_err.log
    11.1 KB · Views: 4
Radomir Franek said:
For running docker in CT i need configuration in /etc/pve/lxc/198.conf:

lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.mount.auto: proc:rw sys:rw
Click to expand...
this is not necessary, activating the nesting option should be enough for running docker. can you try removing these lines and instead adding:
Code: 
features: nesting=1

and restarting the container?
 
Thanks,

now is docker started, but container still have error

start eth: OK
docker process: OK
install docker container: OK
start container:
[root@test1 docker]# docker start db8bc9825765
Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: failed to write "c 10:200 rwm": write /sys/fs/cgroup/devices/docker/db8bc982576535498fd5430b080cf41a348cbf9b77d49cd36e91af8f62bb4cf2/devices.allow: operation not permitted: unknown
Error: failed to start containers: db8bc9825765

My conf
root@node11:~# cat /etc/pve/lxc/198.conf
arch: amd64
cores: 1
cpulimit: 1
cpuunits: 1000
features: nesting=1
hostname: test.lab
memory: 512
nameserver: 192.168.102.10
net0: name=eth0,bridge=vmbr102,firewall=1,gw=192.168.102.1,hwaddr=6a:0b:2b:bf:35:a8,ip=192.168.102.198/24,ip6=dhcp,type=veth
onboot: 0
ostype: centos
rootfs: NAS:198/vm-198-disk-0.raw,size=40G
searchdomain: lab
swap: 512

Radek
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back