[SOLVED] Problem LXC mariadb debian 10

[popallo]

People hi!

I just noticed an anomaly on a lxc container freshly installed with a debian 10 template.
Indeed, after installing the container I launched an "apt update && apt-upgrade" then "apt install mariadb-server".
Here is the error message I just had:

systemctl status mariadb.service
● mariadb.service - MariaDB 10.3.15 database server
   Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2019-07-14 13:00:21 CEST; 13s ago
     Docs: man:mysqld(8)
           https://mariadb.com/kb/en/library/systemd/
 Main PID: 1296 (code=exited, status=226/NAMESPACE)

Jul 14 13:00:20 mariadb systemd[1]: Starting MariaDB 10.3.15 database server...
Jul 14 13:00:21 mariadb systemd[1296]: mariadb.service: Failed to set up mount namespacing: Permission denied
Jul 14 13:00:21 mariadb systemd[1296]: mariadb.service: Failed at step NAMESPACE spawning /usr/sbin/mysqld: Permission denied
Jul 14 13:00:21 mariadb systemd[1]: mariadb.service: Main process exited, code=exited, status=226/NAMESPACE
Jul 14 13:00:21 mariadb systemd[1]: mariadb.service: Failed with result 'exit-code'.
Jul 14 13:00:21 mariadb systemd[1]: Failed to start MariaDB 10.3.15 database server.

By doing the same manipulation but with a debian template 9, I do not have this problem.

An idea ?

My server runs on debian 9 and proxmox 5.4-11 and lxc container on debian 10.

 

[tom]

See https://bugzilla.proxmox.com/show_bug.cgi?id=2281

Just enable "Nesting" in your CT configuration as workaround and you can start mariadb.

 

[popallo]

See https://bugzilla.proxmox.com/show_bug.cgi?id=2281

Just enable "Nesting" in your CT configuration as workaround and you can start mariadb.

Indeed I just tested and it works perfectly. I will learn about this option that I did not know at all.
Thank you for your answer more than effective

 

[LnxBil]

An idea ?

The real problem is that Debian 10 Buster is now using AppArmor and this yields the problems.

@tom Maybe if Debian Buster is detected, LXC should automatically enable nesting?

 

[oguz]

@tom Maybe if Debian Buster is detected, LXC should automatically enable nesting?

we leave this decision to the user, as there are some implications to using nesting (such as exposing /proc and /sys from the host)

 

[thommie]

It seems like this problem ist till not solved on 6.0.9:


root@db1:~# systemctl status mariadb.service
* mariadb.service - MariaDB 10.4.8 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/mariadb.service.d
`-migrated-from-my.cnf-settings.conf
Active: failed (Result: exit-code) since Sat 2019-11-02 21:28:27 UTC; 28s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 329 ExecStart=/usr/sbin/mysqld $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_P
Process: 177 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=
Process: 170 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (
Process: 155 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (c
Main PID: 329 (code=exited, status=1/FAILURE)
Status: "MariaDB server is down"

Nov 02 21:28:27 db1 systemd[1]: Starting MariaDB 10.4.8 database server...
Nov 02 21:28:27 db1 mysqld[329]: 2019-11-02 21:28:27 0 [Warning] option 'max_allowed_packe
Nov 02 21:28:27 db1 mysqld[329]: 2019-11-02 21:28:27 0 [Note] /usr/sbin/mysqld (mysqld 10.
Nov 02 21:28:27 db1 mysqld[329]: 2019-11-02 21:28:27 0 [Warning] Can't create test file /v
Nov 02 21:28:27 db1 mysqld[329]: 2019-11-02 21:28:27 0 [ERROR] mysqld: File '/var/log/mysq
Nov 02 21:28:27 db1 mysqld[329]: 2019-11-02 21:28:27 0 [ERROR] Aborting
Nov 02 21:28:27 db1 systemd[1]: mariadb.service: Main process exited, code=exited, status=
root@db1:~# systemctl stop mariadb.service

I can't start the mariadb service inside the container, even not with nested=1 This makes lxc more or less unusable for me ... This whole lxc stuff looks pretty buggy ...

 

[LnxBil]

Hmm, i just created a new unpriviledged Debian 10 container on PVE 6.0-9 from the PVE template (pveam) on ZFS, activated nesting, installed mariadb and it worked:

root@test:~# systemctl status mariadb
● mariadb.service - MariaDB 10.3.17 database server
   Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-11-03 06:31:16 UTC; 12s ago
     Docs: man:mysqld(8)
           https://mariadb.com/kb/en/library/systemd/
Main PID: 1224 (mysqld)
   Status: "Taking your SQL requests now..."
    Tasks: 31 (limit: 4592)
   Memory: 64.9M
   CGroup: /system.slice/mariadb.service
           └─1224 /usr/sbin/mysqld

Nov 03 06:31:19 test /etc/mysql/debian-start[1262]: Running 'mysqlcheck' with connection arguments: --socket='/var/run/mysqld/mysqld.sock' --host='localhost' --socket='/var/run/mysqld/mysqld.sock' --host='localhost' --socket='/var/run/mysqld/mysqld.sock'
Nov 03 06:31:19 test /etc/mysql/debian-start[1262]: # Connecting to localhost...
Nov 03 06:31:19 test /etc/mysql/debian-start[1262]: # Disconnecting from localhost...
Nov 03 06:31:19 test /etc/mysql/debian-start[1262]: Processing databases
Nov 03 06:31:19 test /etc/mysql/debian-start[1262]: information_schema
Nov 03 06:31:19 test /etc/mysql/debian-start[1262]: performance_schema
Nov 03 06:31:19 test /etc/mysql/debian-start[1262]: Phase 7/7: Running 'FLUSH PRIVILEGES'
Nov 03 06:31:19 test /etc/mysql/debian-start[1262]: OK
Nov 03 06:31:19 test /etc/mysql/debian-start[1768]: Checking for insecure root accounts.
Nov 03 06:31:19 test /etc/mysql/debian-start[1778]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables

EDIT: Works also with Ubuntu 19.04 and 19.10

 

[tom]

It seems like this problem ist till not solved on 6.0.9:

works here. please post your

> pveversion -v

 

[thommie]

sorry folks, this was my fault, the lxc ran with unpriviledged = no, now all ist fine with

#database server
#
#db1.toko.loc
#IP 192.168.4.16
#Gateway 10.10.10.16
arch: amd64
cores: 2
hostname: db1
memory: 1024
nameserver: 10.10.10.1
net0: name=eth0,bridge=vmbr1,gw=10.10.10.1,hwaddr=7A2:B9:3A:80:1A,ip=10.10.10.16/24,type=veth
onboot: 1
ostype: ubuntu
rootfs: local:106/vm-106-disk-0.raw,size=16G
searchdomain: netzwissen-toko.loc
startup: order=1
swap: 1024
unprivileged: 1

 

[David Thistlethwaite]

See https://bugzilla.proxmox.com/show_bug.cgi?id=2281

Just enable "Nesting" in your CT configuration as workaround and you can start mariadb.

Fixes the problem, thanks again