[SOLVED] LXC container fails to start without any reason

As said elsewhere: With firewall enabled there's a standard Linux bridge plugged in between the virtual guest, at which point the bridge fdb append command works again. We need to handle OVS more explicitly for the code added to support the disable-mac-learning feature.

Anyhow, there are a new set of packages trying to address this issue available on the pvetest repository:

libpve-common-perl version 7.2-8
pve-container version 4.3-6
qemu-server version 7.2-11

feedback would be appreciated (ensure to reload the GUI after updating to these version to avoid having the start done by an left-over old API worker).
 
t.lamprecht said:
As said elsewhere: With firewall enabled there's a standard Linux bridge plugged in between the virtual guest, at which point the bridge fdb append command works again. We need to handle OVS more explicitly for the code added to support the disable-mac-learning feature.

Anyhow, there are a new set of packages trying to address this issue available on the pvetest repository:

libpve-common-perl version 7.2-8
pve-container version 4.3-6
qemu-server version 7.2-11

feedback would be appreciated (ensure to reload the GUI after updating to these version to avoid having the start done by an left-over old API worker).
Click to expand...
Just updated with the test repo and my formerly NOT starting multihomed containers are now starting all fine:

Before:
Code: 
rootsula@world:~# pct start 106 --debug
run_buffer: 321 Script exited with status 1
lxc_init: 847 Failed to run lxc.hook.pre-start for container "106"
__lxc_start: 2008 Failed to initialize container "106"
rt-hook" for container "106", config section "lxc"
DEBUG    conf - ../src/lxc/conf.c:run_buffer:310 - Script exec /usr/share/lxc/hooks/lxc-pve-prestart-hook 106 lxc pre-start produced output: Can't locate object method "ct_is_symlink" via package "PVE::LXC::Setup::Unmanaged" at /usr/share/perl5/PVE/LXC/Setup.pm line 344.
DEBUG    conf - ../src/lxc/conf.c:run_buffer:310 - Script exec /usr/share/lxc/hooks/lxc-pve-prestart-hook 106 lxc pre-start produced output: error in setup task PVE::LXC::Setup::get_ct_init_path
ERROR    conf - ../src/lxc/conf.c:run_buffer:321 - Script exited with status 1
ERROR    start - ../src/lxc/start.c:lxc_init:847 - Failed to run lxc.hook.pre-start for container "106"
ERROR    start - ../src/lxc/start.c:__lxc_start:2008 - Failed to initialize container "106"
INFO     conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxcfs/lxc.reboot.hook" for container "106", config section "lxc"
startup for container '106' failed

Now:
Code: 
rootsula@mars:~# pct start 106 --debug
INFO     lsm - ../src/lxc/lsm/lsm.c:lsm_init_static:38 - Initialized LSM security driver AppArmor
INFO     conf - ../src/lxc/conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "106", config section "lxc"
DEBUG    seccomp - ../src/lxc/seccomp.c:parse_config_v2:656 - Host native arch is [3221225534]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "[all]"
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "kexec_load errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[246:kexec_load] action[327681:errno] arch[0]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741827]
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741886]
INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:807 - Processing "open_by_handle_at errno 1"
INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[304:open_by_handle_at] action[327681:errno] arch[0]
..

safe and effective 106.conf:
Code: 
rootsula@hell:~# cat /etc/pve/lxc/106.conf
arch: amd64
cores: 2
hostname: xxxx
memory: 1024
net0: name=port0,bridge=vmbrxxx,firewall=1,hwaddr=xxxx,tag=xxxx,type=veth
net1: name=port1,bridge=vmbrxxx,firewall=1,hwaddr=xxxx,tag=xxxx,type=veth
onboot: 1
ostype: unmanaged
rootfs: local:106/vm-106-disk-0.raw,size=2G
swap: 1024
lxc.apparmor.profile: unconfined
lxc.signal.halt: SIGUSR1
lxc.signal.reboot: SIGTERM
lxc.tty.max: 2
lxc.pty.max: 2
lxc.environment: xxxx_xxxx=xxxx
lxc.mount.auto: cgroup:mixed proc:mixed sys:mixed
lxc.mount.entry: shm dev/shm tmpfs defaults,create=dir 0 0
lxc.mount.entry: mqueue dev/mqueue mqueue defaults,optional,create=dir 0 0
lxc.mount.entry: tmpfs tmp tmpfs defaults
lxc.mount.entry: tmpfs run tmpfs defaults
lxc.mount.entry: /var/lib/vz/images/106/boostmeagain data none bind,create=dir  0 0
lxc.net.0.name: port0
lxc.net.0.flags: up
lxc.net.0.hwaddr: xxxx
lxc.net.0.ipv4.address: xxxx
lxc.net.0.ipv4.gateway: xxxx
lxc.net.1.name: port1
lxc.net.1.flags: up
lxc.net.1.hwaddr: xxxx
lxc.net.1.ipv4.address: xxxx
lxc.hook.autodev: sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
 
Last edited:
t.lamprecht said:
feedback would be appreciated
Click to expand...

I activated the test repository, updated and rebooted the node.

The fresh created managed LXCs do start if firewall is checked and unchecked.
There are some errors/warnings in the log.

Nov 20 18:07:23 pve-node-002 pvedaemon[1057]: <root@pam> end task UPID:pve-node-002:00000843:0000A9FC:637A5EC8:vzstart:104:root@pam: OK
Nov 20 18:07:23 pve-node-002 kernel: eth1: renamed from vethZzSXLM
Nov 20 18:07:23 pve-node-002 kernel: eth0: renamed from vethtcF5Jp
Nov 20 18:07:23 pve-node-002 kernel: device veth104i1 entered promiscuous mode
Nov 20 18:07:23 pve-node-002 ovs-vsctl[2185]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl -- add-port vmbr0 veth104i1 tag=118 -- set Interface veth104i1 mtu_request=1500
Nov 20 18:07:23 pve-node-002 ovs-vsctl[2184]: ovs|00002|db_ctl_base|ERR|no port named fwln104i1
Nov 20 18:07:23 pve-node-002 ovs-vsctl[2184]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port fwln104i1
Nov 20 18:07:23 pve-node-002 ovs-vsctl[2183]: ovs|00002|db_ctl_base|ERR|no port named veth104i1
Nov 20 18:07:23 pve-node-002 ovs-vsctl[2183]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port veth104i1
Nov 20 18:07:22 pve-node-002 systemd-udevd[2124]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Nov 20 18:07:22 pve-node-002 kernel: device veth104i0 entered promiscuous mode
Nov 20 18:07:22 pve-node-002 ovs-vsctl[2166]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl -- add-port vmbr0 veth104i0 tag=116 -- set Interface veth104i0 mtu_request=1500
Nov 20 18:07:22 pve-node-002 ovs-vsctl[2165]: ovs|00002|db_ctl_base|ERR|no port named fwln104i0
Nov 20 18:07:22 pve-node-002 ovs-vsctl[2165]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port fwln104i0
Nov 20 18:07:22 pve-node-002 ovs-vsctl[2164]: ovs|00002|db_ctl_base|ERR|no port named veth104i0
Nov 20 18:07:22 pve-node-002 ovs-vsctl[2164]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port veth104i0
Nov 20 18:07:22 pve-node-002 systemd-udevd[2124]: Using default interface naming scheme 'v247'.
Nov 20 18:07:22 pve-node-002 systemd-udevd[2124]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Nov 20 18:07:22 pve-node-002 kernel: audit: type=1400 audit(1668964042.060:21): apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-104_</var/lib/lxc>" pid=2141 comm="apparmor_parser"
Nov 20 18:07:22 pve-node-002 audit[2141]: AVC apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-104_</var/lib/lxc>" pid=2141 comm="apparmor_parser"
Nov 20 18:07:21 pve-node-002 kernel: EXT4-fs (loop0): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
Nov 20 18:07:21 pve-node-002 kernel: loop0: detected capacity change from 0 to 16777216
Nov 20 18:07:20 pve-node-002 systemd[1]: Started PVE LXC Container: 104.
Nov 20 18:07:20 pve-node-002 systemd[1]: Created slice PVE LXC Container Slice.
Nov 20 18:07:20 pve-node-002 pvedaemon[1057]: <root@pam> starting task UPID:pve-node-002:00000843:0000A9FC:637A5EC8:vzstart:104:root@pam:
Nov 20 18:07:20 pve-node-002 pvedaemon[2115]: starting CT 104: UPID:pve-node-002:00000843:0000A9FC:637A5EC8:vzstart:104:root@pam:

The "old" unmanaged LXCs do also start now if firewall is checked and unchecked.
There are some errors/warnings in the log.

Nov 20 18:12:05 pve-node-002 pvedaemon[1057]: <root@pam> end task UPID:pve-node-002:00000D47:0001181C:637A5FE2:vzstart:207:root@pam: OK
Nov 20 18:12:04 pve-node-002 kernel: eth1: renamed from vethw3aEUQ
Nov 20 18:12:04 pve-node-002 kernel: eth0: renamed from vethgxmpEb
Nov 20 18:12:04 pve-node-002 kernel: device veth207i1 entered promiscuous mode
Nov 20 18:12:04 pve-node-002 ovs-vsctl[3459]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl -- add-port vmbr0 veth207i1 tag=111 -- set Interface veth207i1 mtu_request=1500
Nov 20 18:12:04 pve-node-002 ovs-vsctl[3458]: ovs|00002|db_ctl_base|ERR|no port named fwln207i1
Nov 20 18:12:04 pve-node-002 ovs-vsctl[3458]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port fwln207i1
Nov 20 18:12:04 pve-node-002 ovs-vsctl[3457]: ovs|00002|db_ctl_base|ERR|no port named veth207i1
Nov 20 18:12:04 pve-node-002 ovs-vsctl[3457]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port veth207i1
Nov 20 18:12:04 pve-node-002 systemd-udevd[3436]: Using default interface naming scheme 'v247'.
Nov 20 18:12:04 pve-node-002 systemd-udevd[3436]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Nov 20 18:12:04 pve-node-002 kernel: device veth207i0 entered promiscuous mode
Nov 20 18:12:04 pve-node-002 ovs-vsctl[3441]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl -- add-port vmbr0 veth207i0 tag=118 -- set Interface veth207i0 mtu_request=1500
Nov 20 18:12:04 pve-node-002 ovs-vsctl[3440]: ovs|00002|db_ctl_base|ERR|no port named fwln207i0
Nov 20 18:12:04 pve-node-002 ovs-vsctl[3440]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port fwln207i0
Nov 20 18:12:04 pve-node-002 ovs-vsctl[3439]: ovs|00002|db_ctl_base|ERR|no port named veth207i0
Nov 20 18:12:04 pve-node-002 ovs-vsctl[3439]: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl del-port veth207i0
Nov 20 18:12:03 pve-node-002 systemd-udevd[3408]: Using default interface naming scheme 'v247'.
Nov 20 18:12:03 pve-node-002 systemd-udevd[3408]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Nov 20 18:12:03 pve-node-002 kernel: audit: type=1400 audit(1668964323.539:22): apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-207_</var/lib/lxc>" pid=3423 comm="apparmor_parser"
Nov 20 18:12:03 pve-node-002 audit[3423]: AVC apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-207_</var/lib/lxc>" pid=3423 comm="apparmor_parser"
Nov 20 18:12:03 pve-node-002 kernel: EXT4-fs (loop1): mounted filesystem with ordered data mode. Opts: (null). Quota mode: none.
Nov 20 18:12:02 pve-node-002 kernel: loop1: detected capacity change from 0 to 434110464
Nov 20 18:12:02 pve-node-002 systemd[1]: Started PVE LXC Container: 207.
Nov 20 18:12:02 pve-node-002 pvedaemon[3399]: starting CT 207: UPID:pve-node-002:00000D47:0001181C:637A5FE2:vzstart:207:root@pam:

Creating a new unmanaged LXC still fails

Formatting '/var/lib/vz/images/106/vm-106-disk-0.raw', fmt=raw size=8589934592 preallocation=off
Creating filesystem with 2097152 4k blocks and 524288 inodes
Filesystem UUID: a5dae667-0f3e-4bf3-9438-e29f1c882d9d
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
extracting archive '/var/lib/vz/template/cache/openwrt-snapshot_20220702_amd64.tar.xz'
Total bytes read: 12175360 (12MiB, 23MiB/s)
Detected container architecture: amd64
unknown ID 'openwrt' in /etc/os-release file, trying fallback detection
TASK ERROR: unable to create CT 106 - unable to detect OS distribution
 
Thanks for your feedback.
ch888 said:
Creating a new unmanaged LXC still fails

Formatting '/var/lib/vz/images/106/vm-106-disk-0.raw', fmt=raw size=8589934592 preallocation=off
Creating filesystem with 2097152 4k blocks and 524288 inodes
Filesystem UUID: a5dae667-0f3e-4bf3-9438-e29f1c882d9d
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
extracting archive '/var/lib/vz/template/cache/openwrt-snapshot_20220702_amd64.tar.xz'
Total bytes read: 12175360 (12MiB, 23MiB/s)
Detected container architecture: amd64
unknown ID 'openwrt' in /etc/os-release file, trying fallback detection
TASK ERROR: unable to create CT 106 - unable to detect OS distribution
Click to expand...
I think that was always the case though? IIRC (did not verified) one had to pass --ostype unmanaged to the pct create call, are you sure you created your "old" unmanaged CTs without that option?
 
  • Like
Reactions: ch888
t.lamprecht said:
I think that was always the case though? IIRC (did not verified) one had to pass --ostype unmanaged to the pct create call, are you sure you created your "old" unmanaged CTs without that option?
Click to expand...
Yes indeed. I just verified that the "unmanaged" containers were all created with pct and not in the webinterface.
 
I can now also confirm that new "unmanaged" containers (privileged and unprivileged ones, with firewall checked and unchecked) can be created without problems using pct - and they start as expected.
 
  • Like
Reactions: t.lamprecht
t.lamprecht said:
apt update
apt full-upgrade

If that doesn't bring in a new pve-container then post the output of apt update
Click to expand...
netdev_configure_server_veth: 669 Operation not supported - Failed to create veth pair "veth105i0" and "vethdZWVSB"
lxc_create_network_priv: 3463 Operation not supported - Failed to create network device
lxc_spawn: 1847 Failed to create the network
__lxc_start: 2114 Failed to spawn container "105"
TASK ERROR: startup for container '105' failed
i keep getting this issue, what do i do?
 
netdev_configure_server_veth: 669 Operation not supported - Failed to create veth pair "veth105i0" and "vethdZWVSB"
lxc_create_network_priv: 3463 Operation not supported - Failed to create network device
lxc_spawn: 1847 Failed to create the network
__lxc_start: 2114 Failed to spawn container "105"
TASK ERROR: startup for container '105' failed
This error comes up when i try to open a container or vm on my promox.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom