LXC template for Fedora 30.

Serverhamster

Active Member
Nov 5, 2017
25
4
43
44
Will there be an LXC template for Fedora 30 soon? It was just released and Fedora 28 is now end-of-life.
 
I tried upgrading a Fedora 29 container. While upgrading from 28 to 29 worked, from 29 to 30 is apparently not ok.
Code:
root@node06:~# systemctl status pve-container@131.service
● pve-container@131.service - PVE LXC Container: 131
   Loaded: loaded (/lib/systemd/system/pve-container@.service; static; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2019-05-02 11:55:16 CEST; 22s ago
     Docs: man:lxc-start
           man:lxc
           man:pct
  Process: 28571 ExecStop=/usr/share/lxc/pve-container-stop-wrapper 131 (code=exited, status=0/SUCCESS)
  Process: 31269 ExecStart=/usr/bin/lxc-start -n 131 (code=exited, status=1/FAILURE)
 Main PID: 19611 (code=exited, status=0/SUCCESS)

May 02 11:55:14 node06 systemd[1]: Starting PVE LXC Container: 131...
May 02 11:55:16 node06 lxc-start[31269]: lxc-start: 131: lxccontainer.c: wait_on_daemonized_start: 856 No such file or directory - Failed to receive the container state
May 02 11:55:16 node06 lxc-start[31269]: lxc-start: 131: tools/lxc_start.c: main: 330 The container failed to start
May 02 11:55:16 node06 lxc-start[31269]: lxc-start: 131: tools/lxc_start.c: main: 333 To get more details, run the container in foreground mode
May 02 11:55:16 node06 lxc-start[31269]: lxc-start: 131: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
May 02 11:55:16 node06 systemd[1]: pve-container@131.service: Control process exited, code=exited status=1
May 02 11:55:16 node06 systemd[1]: Failed to start PVE LXC Container: 131.
May 02 11:55:16 node06 systemd[1]: pve-container@131.service: Unit entered failed state.
May 02 11:55:16 node06 systemd[1]: pve-container@131.service: Failed with result 'exit-code'.
Is there a better log than this?
 
Thank you. I retried and this is the debug log:
lxc-start 131 20190506123549.928 INFO lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount # comment this to allow umount -f; not recommended"
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start 131 20190506123549.928 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start 131 20190506123549.929 INFO seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
lxc-start 131 20190506123549.929 INFO conf - conf.c:run_script_argv:356 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "131", config section "lxc"
lxc-start 131 20190506123551.715 DEBUG conf - conf.c:run_buffer:326 - Script exec /usr/share/lxc/hooks/lxc-pve-prestart-hook 131 lxc pre-start with output: unsupported fedora release

lxc-start 131 20190506123551.833 ERROR conf - conf.c:run_buffer:335 - Script exited with status 255
lxc-start 131 20190506123551.834 ERROR start - start.c:lxc_init:861 - Failed to run lxc.hook.pre-start for container "131"
lxc-start 131 20190506123551.835 ERROR start - start.c:__lxc_start:1944 - Failed to initialize container "131"
lxc-start 131 20190506123551.835 ERROR lxc_start - tools/lxc_start.c:main:330 - The container failed to start
lxc-start 131 20190506123551.836 ERROR lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options

Is unsupported fedora release the only reason this is failing to start?
 
Is unsupported fedora release the only reason this is failing to start?
I just tested it with an unprivileged container - 29 booted fine afais - but for 30 I needed to enable the nesting feature (in order to get it started and the network configured)...
I'll try to send a patch if it also works in the privileged container case

EDIT: s/nexting/nesting/
 
Last edited:
hi,
Any updates on getting an official Fedora 30 LXC template?

i just tried the latest template from here: http://uk.images.linuxcontainers.org/images/fedora/30/amd64/default/20190716_20:33/

both unprivileged and privileged didn't get any network connection without nesting enabled, and in both cases i couldn't connect via vnc but with `pct enter`.

after enabling nesting, they obtained ip addresses but vnc still didn't work.

i will take a look if we can fix these issues and possibly add it to our official templates.

in the mean time if you want a fedora 30 container, you can do what i did:

* simply download the rootfs.tar.xz, move it to /var/lib/vz/template/cache/
* possibly rename it like fedora-30-default_20190716_amd64.tar.xz
* create a new container using the template
* enable nesting in the features

and it should work except vnc (maybe vnc will work after some tweaking too, but i haven't tried too much)
 
I got it to work however web console does not work. Networking works. How can I create my own template with nesting etc enabled from the get go?
 
How can I create my own template with nesting etc enabled from the get go?

right click on the container you created (with all the changes you made inside and nesting enabled etc.) and convert it to a template.
 
Just wanted to let everyone know it is the same case with fedora 34. I think I tried fedora 32 before without this issue, in other words:
fedora 32 lxc template - network is working out of the box (didnt check if nesting was enabled in the template already)
fedora 34 lxc template - nesting has to be enabled in features

doesn`t matter if privileged or unprivileged, but for security reasons from what I have found DON´T enable nesting in privileged containers!

Best regards,
Jonas Stunkat
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!