mysql installation in lxc container failed

lk777 · Apr 6, 2022

This is my first attempt to install mysql server in Proxmox lxc container.
Never experienced this kind of problem with lxc/lxd containers on ubuntu server host.

Code:

arch: amd64
cores: 2
cpulimit: 2
features: mount=nfs;cifs,nesting=1
hostname: ubuntu-lxc-1
memory: 4096
net0: name=eth0,bridge=vmbr0,gw=10.10.5.1,hwaddr=2E:CF:14:D0:60:19,ip=10.10.5.91/24,type=veth
onboot: 1
ostype: ubuntu
rootfs: zfsa:subvol-200-disk-1,mountoptions=noatime,size=10G,acl=0
swap: 512
lxc.apparmor.profile=unconfined

Even 'lxc.apparmor.profile=unconfined' doesn't help

This is a privileged container.

The error message:

Code:

apparmor_parser: Unable to replace "/usr/sbin/mysqld".  Permission denied; attempted to load a profile while confined?

Tried the following to no avail:

Code:

sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld

This is my lxd container configuration on Ubuntu 20.04 which works with no issues:

Code:

architecture: x86_64
config:
  boot.autostart: "true"
  image.architecture: amd64
  image.description: ubuntu 20.04 LTS amd64 (
  image.label: release
  image.os: ubuntu
  image.release: xenial
  image.version: "20.04"
  limits.cpu: "2"
  limits.memory: 8GB
  limits.memory.swap: "true"
  raw.lxc: |-
    lxc.cgroup.devices.allow = c 116:* rw
    lxc.cgroup.devices.allow = c 166:* rw
    lxc.apparmor.profile=unconfined
  security.nesting: "true"
  security.privileged: "true"
  volatile.base_image: 58f90cbf68927c3fc43e6ee1386446a04f3d8068c1a75a291339cb2be01dec08
  volatile.eth0.host_name: veth2606d870
  volatile.eth0.hwaddr: 00:16:3e:1b:02:06
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.current: '[]'
  volatile.idmap.next: '[]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 1d7f3e07-3902-4a15-913e-a4a42199b7ff
devices:
  eth0:
    ipv4.address: 10.0.3.11
    nictype: bridged
    parent: srvbr0
    type: nic
  vol-btrfs-1:
    path: /mnt/data-volume
    pool: btrfs-pool-dev-1
    source: vol-btrfs-1
    type: disk
ephemeral: false
profiles:
- default
stateful: false

Any ideas?

oguz · Apr 6, 2022

hi,

* which PVE version? pveversion -v

* which ubuntu container version? did you get the container from our available templates? [0]

lk777 said:
This is a privileged container.

can you try with an unprivileged container as well?

[0]: https://pve.proxmox.com/wiki/Linux_Container#pct_supported_distributions

lk777 · Apr 6, 2022

Code:

root@pve-1:~# pveversion -v
proxmox-ve: 7.1-1 (running kernel: 5.15.30-1-pve)
pve-manager: 7.1-12 (running version: 7.1-12/b3c09de3)
pve-kernel-5.15: 7.1-14
pve-kernel-helper: 7.1-14
pve-kernel-5.13: 7.1-9
pve-kernel-5.15.30-1-pve: 5.15.30-1
pve-kernel-5.15.19-2-pve: 5.15.19-3
pve-kernel-5.15.5-1-pve: 5.15.5-1
pve-kernel-5.13.19-6-pve: 5.13.19-15
pve-kernel-5.13.19-1-pve: 5.13.19-3
ceph-fuse: 15.2.15-pve1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.22-pve2
libproxmox-acme-perl: 1.4.1
libproxmox-backup-qemu0: 1.2.0-1
libpve-access-control: 7.1-7
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.1-5
libpve-guest-common-perl: 4.1-1
libpve-http-server-perl: 4.1-1
libpve-storage-perl: 7.1-1
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.11-1
lxcfs: 4.0.11-pve1
novnc-pve: 1.3.0-2
proxmox-backup-client: 2.1.5-1
proxmox-backup-file-restore: 2.1.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.4-7
pve-cluster: 7.1-3
pve-container: 4.1-4
pve-docs: 7.1-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.3-6
pve-ha-manager: 3.3-3
pve-i18n: 2.6-2
pve-qemu-kvm: 6.1.1-2
pve-xtermjs: 4.16.0-1
qemu-server: 7.1-4
smartmontools: 7.2-1
spiceterm: 3.2-2
swtpm: 0.7.1~bpo11+1
vncterm: 1.7-1
zfsutils-linux: 2.1.4-pve1

This container is based on the template created by importing a lxc container from Ubuntu 20.04 host.

This container is Ubuntu 20.04

oguz · Apr 6, 2022

lk777 said:
This container is based on the template created by importing a lxc container from Ubuntu 20.04 host.

how did you export/import the container?

could you try using our templates [0] instead? installing mysql should normally work just fine...

[0]: https://pve.proxmox.com/pve-docs/pv...ong_pveam_strong_proxmox_ve_appliance_manager

lk777 · Apr 6, 2022

oguz said:
how did you export/import the container?

could you try using our templates [0] instead? installing mysql should normally work just fine...

[0]: https://pve.proxmox.com/pve-docs/pv...ong_pveam_strong_proxmox_ve_appliance_manager

I have just tried ubuntu-20.04-standard_20.04-1_amd64.tar.gz (proxmox template) with the same results.

Code:

Warning: Unable to start the server.
apparmor_parser: Unable to replace "/usr/sbin/mysqld".  Permission denied; attempted to load a profile while confined?

And just for the test purposes I have successfully installed Postgresql. What is wrong with mysql?

ness1602 · Apr 6, 2022

Yes, i also have that problem with ubuntu 20.04, so i just installed it on debian.

oguz · Apr 6, 2022

lk777 said:
I have just tried ubuntu-20.04-standard_20.04-1_amd64.tar.gz (proxmox template) with the same results.

installing & starting mysql-server on ubuntu 20.04 works fine here with an unprivileged container and "nesting" option enabled (using our template).

could you please check?

what i did:
1. create ubuntu 20.04 container with official template, enable "nesting" (default on GUI) and choose "unprivileged" (also default in GUI)
2. enter container and upgrade packages apt update && apt dist-upgrade -y
3. exit and reboot container
4. enter container and install mysql apt install mysql-server
5. systemctl start mysql
6. verify that it works: ss -antlp | grep 3306

lk777 · Apr 6, 2022

There are no any created apparmor profiles for postgresql, but for mysql it creates usr.sbin.mysqld and can't handle it after all.

lk777 · Apr 6, 2022

oguz said:
installing & starting mysql-server on ubuntu 20.04 works fine here with an unprivileged container and "nesting" option enabled (using our template).

could you please check?

what i did:
1. create ubuntu 20.04 container with official template, enable "nesting" (default on GUI) and choose "unprivileged" (also default in GUI)
2. enter container and upgrade packages apt update && apt dist-upgrade -y
3. exit and reboot container
4. enter container and install mysql apt install mysql-server
5. systemctl start mysql
6. verify that it works: ss -antlp | grep 3306

That is interesting. It didn't work for me either. It doesn't complain now about apparmor and it enforces /usr/sbin/mysqld:

Code:

root@ubuntu-lxc-3:~# aa-status
apparmor module is loaded.
12 profiles are loaded.
12 profiles are in enforce mode.
   /usr/bin/man
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/sbin/mysqld
   /usr/sbin/tcpdump
   /{,usr/}sbin/dhclient
   lsb_release
   man_filter
   man_groff
   nvidia_modprobe
   nvidia_modprobe//kmod
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

oguz · Apr 6, 2022

lk777 said:
It doesn't complain now about apparmor and it enforces /usr/sbin/mysqld:

does it work like that?

if yes please mark the thread as [SOLVED]

lk777 · Apr 6, 2022

oguz said:
does it work like that?

if yes please mark the thread as [SOLVED]

UPDATE:
I have disabled usr.sbin.mysqld profile and installed mariadb-server and it works now.

ness1602 · Apr 6, 2022

But this is not the same, mariadb and mysql

lk777 · Apr 6, 2022

Yes, that is right and mysql-server still doesn't work for me. But maybe it is time for me to move on from mysql, at least on Proxmox lxc containers.

But @oguz states that it works.

lk777 · Apr 6, 2022

And mariadb now works in my imported privileged container with the disabled 'usr.sbin.mysqld' apparmor profile.
I am not a DBA and can't tell you what is the difference between MySQL and MariaDB, they just look similar to me.

lk777 · Apr 6, 2022

ness1602 said:
Yes, i also have that problem with ubuntu 20.04, so i just installed it on debian.

" ... MySQL is not available in the official package repository of Debian 10. But, MariaDB is available..." So maybe this is a sign ...

oguz · Apr 7, 2022

lk777 said:
Yes, that is right and mysql-server still doesn't work for me. But maybe it is time for me to move on from mysql, at least on Proxmox lxc containers.

But @oguz states that it works.

if you follow the instructions i wrote in my previous post it should work as described

make sure your container is unprivileged and has nesting enabled.

ness1602 · Apr 7, 2022

I've tested it oguz on latest PVE,and it still doesn't work even with nesting ,and apparmor profile for mysql disabled

oguz · Apr 7, 2022

ness1602 said:
I've tested it oguz on latest PVE,and it still doesn't work even with nesting ,and apparmor profile for mysql disabled

could you post your container configuration file? pct config CTID (replace CTID with yours)

lk777 · Apr 7, 2022

oguz said:
if you follow the instructions i wrote in my previous post it should work as described

make sure your container is unprivileged and has nesting enabled.

I have followed your instructions and it doesn't work:

Code:

root@ubuntu-lxc-3:~# systemctl status mysql
* mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2022-04-07 12:00:25 UTC; 1s ago
    Process: 782 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
    Process: 790 ExecStart=/usr/sbin/mysqld (code=exited, status=1/FAILURE)
   Main PID: 790 (code=exited, status=1/FAILURE)
     Status: "Server startup in progress"
        CPU: 296ms

Apr 07 12:00:25 ubuntu-lxc-3 systemd[1]: mysql.service: Scheduled restart job, restart counter is at 5.
Apr 07 12:00:25 ubuntu-lxc-3 systemd[1]: Stopped MySQL Community Server.
Apr 07 12:00:25 ubuntu-lxc-3 systemd[1]: mysql.service: Start request repeated too quickly.
Apr 07 12:00:25 ubuntu-lxc-3 systemd[1]: mysql.service: Failed with result 'exit-code'.
Apr 07 12:00:25 ubuntu-lxc-3 systemd[1]: Failed to start MySQL Community Server.

Code:

2022-04-07T11:39:38.578418Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2022-04-07T11:39:38.613006Z 1 [ERROR] [MY-012963] [InnoDB] Log file ./ib_logfile1 is of different size 0 bytes than other log files 17825792 bytes!
2022-04-07T11:39:38.613069Z 1 [ERROR] [MY-012930] [InnoDB] Plugin initialization aborted with error Generic error.
2022-04-07T11:39:39.105605Z 1 [ERROR] [MY-010334] [Server] Failed to initialize DD Storage Engine
2022-04-07T11:39:39.105731Z 0 [ERROR] [MY-010020] [Server] Data Dictionary initialization failed.
2022-04-07T11:39:39.105827Z 0 [ERROR] [MY-010119] [Server] Aborting
2022-04-07T11:39:39.106262Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.28-0ubuntu0.20.04.3)  (Ubuntu).

oguz · Apr 7, 2022

lk777 said:
I have followed your instructions and it doesn't work:

Code:

root@pve:~# pct enter 137
root@test-mysql:~# systemctl status mysql
● mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-04-07 12:08:30 UTC; 1min 47s ago
    Process: 121 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
   Main PID: 136 (mysqld)
     Status: "Server is operational"
      Tasks: 37 (limit: 19116)
     Memory: 436.7M
        CPU: 1.144s
     CGroup: /system.slice/mysql.service
             └─136 /usr/sbin/mysqld

Apr 07 12:08:28 test-mysql systemd[1]: Starting MySQL Community Server...
Apr 07 12:08:30 test-mysql systemd[1]: Started MySQL Community Server.
root@test-mysql:~# ss -antlp | grep 3306
LISTEN    0         70               127.0.0.1:33060            0.0.0.0:*        users:(("mysqld",pid=136,fd=22))                                               
LISTEN    0         151              127.0.0.1:3306             0.0.0.0:*        users:(("mysqld",pid=136,fd=24))

works here. could you post your container configuration?

here's mine:

Code:

root@pve:~# pct config 137
arch: amd64
cores: 1
features: nesting=1
hostname: test-mysql
memory: 2048
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=C2:79:27:6F:E8:5D,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local:137/vm-137-disk-0.raw,size=8G
swap: 2048
unprivileged: 1

and my package versions:

Code:

root@pve:~# pveversion -v 
proxmox-ve: 7.1-1 (running kernel: 5.15.30-1-pve)
pve-manager: 7.1-12 (running version: 7.1-12/b3c09de3)
... SNIP ...
lvm2: 2.03.11-2.1
lxc-pve: 4.0.12-1
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-2
proxmox-backup-client: 2.1.5-1
proxmox-backup-file-restore: 2.1.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.4-7
pve-cluster: 7.1-3
pve-container: 4.1-4
... SNIP ...

are you using unified cgroups by chance? what do you get from cat /proc/cmdline?

mysql installation in lxc container failed

Member

Proxmox Retired Staff

Member

Proxmox Retired Staff

Member

Renowned Member

Proxmox Retired Staff

Member

Member

Proxmox Retired Staff

Member

Renowned Member

Member

Member

Member

Proxmox Retired Staff

Renowned Member

Proxmox Retired Staff

Member

Proxmox Retired Staff