Fedora containers won't work, which makes upgrading impossible

L

loomsen

Member
Nov 4, 2015
8
0
21
Hi guys.

After upgrading a couple of testing servers to PVE 4, I noticed nearly none of my production containers will work on PVE 4. Most of them are systemd based. So what are your future plans about this? Do I have to find some other solution? Do I have to keep my PVE 3 servers for an unforseeable amount of time? Will this ever work?

It really is not an option to resetup all our production systems, as you might be able to imagine. And as converting to LXC doesn't work due to those systemd issues, we're kinda screwed here.

Regards
 
Last edited:
Re: Upgrade impossible, what's next?

Hi Dietmar.

I tried converting a Fedora 20 template to lxc, it's telling me unsupported redhat release. I tried fiddling with lxc settings as described on the arch linux wiki, but the container won't start.

screen:root@px14:~$ pct start 203
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 346 To get more details, run the container in foreground mode.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.

And:

screen:root@px14:~$ lxc-start -F -f /etc/pve/lxc/203.conf --name osm2
lxc-start: conf.c: setup_rootfs: 1268 Permission denied - Failed to make / rslave
lxc-start: conf.c: do_rootfs_setup: 3687 failed to setup rootfs for 'osm2'
lxc-start: conf.c: lxc_setup: 3769 Error setting up rootfs mount after spawn
lxc-start: start.c: do_start: 702 failed to setup the container
lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 2
lxc-start: start.c: __lxc_start: 1172 failed to spawn 'osm2'
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
 
Last edited:
Re: Upgrade impossible, what's next?

loomsen said:
I tried converting a Fedora 20 template to lxc, it's telling me unsupported redhat release. I tried fiddling with lxc settings as described on the arch linux wiki, but the container won't start.
Click to expand...

We currently do not support Fedora containers. At the moment we have Debian, Ubuntu, ArchLinux and CentOS.
 
Re: Upgrade impossible, what's next?

Well, that's exactly my question. Are there any plans to do so in the future? Is it foreseeable that this will work at some time soon? Cause this is pretty vital for our roadmap...

*edit*
Or, let's put this differently. I tried a centos 7 container, not your template, but a custom template. It works fine. It uses the same systemd version as F20 does (systemd-208)
What's the vital difference between those two that would make the one work, but not the other?
 
Last edited:
Re: Upgrade impossible, what's next?

loomsen said:
Well, that's exactly my question. Are there any plans to do so in the future? Is it foreseeable that this will work at some time soon? Cause this is pretty vital for our roadmap...
Click to expand...

I guess it is not difficult to implement Fedora support, because we already have most functionality. So I would accept patches ...
 
Re: Upgrade impossible, what's next?

Cool. Could you point me in the right direction please. I tried fiddling with /usr/share/perl5/PVE/LXC.pm but adding fedora to the regex in line 1065 wasn't enough. Do I need to create some templates or configs for fedora?
 
Re: Upgrade impossible, what's next?

Great, that did the trick.

I changed the regex in line 21 of PVE/LXC/Setup/Redhat.pm to read:

if ($release =~ m/release\s+(\d+\.?\d+)(\.\d+)?/) {

(just added a ? to the dot)

and also the next line to allow for Fedora version numbers:

if ($1 >= 6 && $1 < 25) {

and the container starts fine. ostype in the config is centos, but there shouldn't be any troubles. We will test this with our fedora systems, and let you know about how we get along next week or so. Maybe you could include this simple patch in the sources then. Thank you again for the pointer.
 
Re: Upgrade impossible, what's next?

Hi folks.

So, a couple of things we found. There would be two ways of implementing this.
a) write a separate class for fedora (which is exactly the same as the redhat class, really, except for the version regex. see above)
a.2) add this class to LXC/Setup.pm
a.3) change the regex in /usr/share/perl5/PVE/LXC.pm +1048 to include fedora
b) just change the regex in the Redhat.pm class to match Fedora version strings, so Fedora containers would have ostype centos.

Both methods work for us.

A little thing we noticed, though, in order to allow for namespace creation inside the container (for systemd PrivateTmp for example) the container needs to be started with:
lxc.aa_profile: unconfined

Otherwise we get:
Failed at step NAMESPACE spawning /usr/sbin/nginx: Permission denied

I'm pretty sure this could be circumvented in a cleaner way, but I'm not an AppArmor expert at all.

So if you tell me which patch to send in, I will.
 
Last edited:
Re: Upgrade impossible, what's next?

OK, I tried to post to the devel list, but it got rejected. Here's the diff.

---
Code: 
 src/PVE/LXC/Setup/Redhat.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


diff --git a/src/PVE/LXC/Setup/Redhat.pm b/src/PVE/LXC/Setup/Redhat.pm
index 956e1da..2dcc4ad 100644
--- a/src/PVE/LXC/Setup/Redhat.pm
+++ b/src/PVE/LXC/Setup/Redhat.pm
@@ -19,8 +19,8 @@ sub new {
 
     my $version;
 
-    if ($release =~ m/release\s+(\d+\.\d+)(\.\d+)?/) {
-    if ($1 >= 6 && $1 < 8) {
+    if ($release =~ m/release\s+(\d+\.?\d+)(\.\d+)?/) {
+    if ($1 >= 6 && $1 < 25) {
         $version = $1;
     }
     }
 
Re: Upgrade impossible, what's next?

*push*
Would be great if you could consider this patches, or let me know how I can get them into discussion.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom