Closed aosmw closed 3 months ago
exit container and return to host and check version of pylxd
lsb_release -a && python3 -c "import pylxd;print('pylxd:', pylxd.__version__)"
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
pylxd: 2.3.4
Attempt Upgrade pylxd in virtual environment to see if that helps.
cd tryit
source venv/bin/activate
pip install --upgrade git+https://github.com/lxc/pylxd
Collecting git+https://github.com/lxc/pylxd
Cloning https://github.com/lxc/pylxd to /tmp/pip-req-build-bzm9buzr
Running command git clone --filter=blob:none --quiet https://github.com/lxc/pylxd /tmp/pip-req-build-bzm9buzr
Resolved https://github.com/lxc/pylxd to commit 3fdca7e3d8424b5feaea6c3722d0f2c6d775a500
Installing build dependencies ... done
Getting requirements to build wheel ... done
Installing backend dependencies ... done
Preparing metadata (pyproject.toml) ... done
Requirement already satisfied: cryptography>=3.2 in ./venv/lib/python3.10/site-packages (from pylxd==2.3.4) (3.4.8)
Requirement already satisfied: python-dateutil>=2.4.2 in ./venv/lib/python3.10/site-packages (from pylxd==2.3.4) (2.9.0.post0)
Requirement already satisfied: requests<2.32.0,>=2.20.0 in ./venv/lib/python3.10/site-packages (from pylxd==2.3.4) (2.31.0)
Requirement already satisfied: requests-toolbelt>=0.8.0 in ./venv/lib/python3.10/site-packages (from pylxd==2.3.4) (1.0.0)
Requirement already satisfied: requests-unixsocket>=0.1.5 in ./venv/lib/python3.10/site-packages (from pylxd==2.3.4) (0.3.0)
Requirement already satisfied: urllib3<2 in ./venv/lib/python3.10/site-packages (from pylxd==2.3.4) (1.26.18)
Requirement already satisfied: ws4py!=0.3.5,>=0.3.4 in ./venv/lib/python3.10/site-packages (from pylxd==2.3.4) (0.5.1)
Requirement already satisfied: cffi>=1.12 in ./venv/lib/python3.10/site-packages (from cryptography>=3.2->pylxd==2.3.4) (1.16.0)
Requirement already satisfied: six>=1.5 in ./venv/lib/python3.10/site-packages (from python-dateutil>=2.4.2->pylxd==2.3.4) (1.16.0)
Requirement already satisfied: charset-normalizer<4,>=2 in ./venv/lib/python3.10/site-packages (from requests<2.32.0,>=2.20.0->pylxd==2.3.4) (3.3.2)
Requirement already satisfied: idna<4,>=2.5 in ./venv/lib/python3.10/site-packages (from requests<2.32.0,>=2.20.0->pylxd==2.3.4) (3.7)
Requirement already satisfied: certifi>=2017.4.17 in ./venv/lib/python3.10/site-packages (from requests<2.32.0,>=2.20.0->pylxd==2.3.4) (2024.6.2)
Requirement already satisfied: pycparser in ./venv/lib/python3.10/site-packages (from cffi>=1.12->cryptography>=3.2->pylxd==2.3.4) (2.22)
python3 -c "import pylxd;print('pylxd:', pylxd.__version__)"
pylxd: 2.3.4
Ensuring cloud-init is up to date.
sudo apt update
sudo apt install --only-upgrade cloud-init
cloud-init --version
/usr/bin/cloud-init 24.1.3-0ubuntu1~22.04.4
Inside the lxd - network not available
ping 8.8.8.8
nc keyserver.ubuntu.com 80
Docker is installed on host and is interfering with lxd container egress
sudo iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Allow lxdbr0 access to internet - https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/
sudo iptables -I DOCKER-USER -i lxdbr0 -j ACCEPT
sudo iptables -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Now back in lxd container the failing command run manually now works.
root@colcon-in-container:/ws# gpg --keyserver=keyserver.ubuntu.com --recv-keys 'C1CF 6E31 E6BA DE88 68B1 72B4 F42E D6FB AB17 C654'
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key F42ED6FBAB17C654: public key "Open Robotics <info@osrfoundation.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
So now working.
Other interesting tips access the container while its doing its work.
lxd exec colcon_in_container bash
# See how cloud-init went
cat /var/log/cloud-init.log
# See whats going on
journalctl -f
Hello, thank you for your issue. Indeed, Docker and LXD are interfering network wise. I will mention it in the readme. Also, you can access the container when it's running with:
lxd shell colcon-in-container
Closing since #26 was merged