Can't launch any container

[bazuchan]

Required information

• Distribution: ubuntu
• Distribution version: jammy
• The output of "lxc info" or if that fails:

  config:
  core.https_address: 0.0.0.0:8443
  api_extensions:
  - storage_zfs_remove_snapshots
  - container_host_shutdown_timeout
  - container_stop_priority
  - container_syscall_filtering
  - auth_pki
  - container_last_used_at
  - etag
  - patch
  - usb_devices
  - https_allowed_credentials
  - image_compression_algorithm
  - directory_manipulation
  - container_cpu_time
  - storage_zfs_use_refquota
  - storage_lvm_mount_options
  - network
  - profile_usedby
  - container_push
  - container_exec_recording
  - certificate_update
  - container_exec_signal_handling
  - gpu_devices
  - container_image_properties
  - migration_progress
  - id_map
  - network_firewall_filtering
  - network_routes
  - storage
  - file_delete
  - file_append
  - network_dhcp_expiry
  - storage_lvm_vg_rename
  - storage_lvm_thinpool_rename
  - network_vlan
  - image_create_aliases
  - container_stateless_copy
  - container_only_migration
  - storage_zfs_clone_copy
  - unix_device_rename
  - storage_lvm_use_thinpool
  - storage_rsync_bwlimit
  - network_vxlan_interface
  - storage_btrfs_mount_options
  - entity_description
  - image_force_refresh
  - storage_lvm_lv_resizing
  - id_map_base
  - file_symlinks
  - container_push_target
  - network_vlan_physical
  - storage_images_delete
  - container_edit_metadata
  - container_snapshot_stateful_migration
  - storage_driver_ceph
  - storage_ceph_user_name
  - resource_limits
  - storage_volatile_initial_source
  - storage_ceph_force_osd_reuse
  - storage_block_filesystem_btrfs
  - resources
  - kernel_limits
  - storage_api_volume_rename
  - macaroon_authentication
  - network_sriov
  - console
  - restrict_devlxd
  - migration_pre_copy
  - infiniband
  - maas_network
  - devlxd_events
  - proxy
  - network_dhcp_gateway
  - file_get_symlink
  - network_leases
  - unix_device_hotplug
  - storage_api_local_volume_handling
  - operation_description
  - clustering
  - event_lifecycle
  - storage_api_remote_volume_handling
  - nvidia_runtime
  - container_mount_propagation
  - container_backup
  - devlxd_images
  - container_local_cross_pool_handling
  - proxy_unix
  - proxy_udp
  - clustering_join
  - proxy_tcp_udp_multi_port_handling
  - network_state
  - proxy_unix_dac_properties
  - container_protection_delete
  - unix_priv_drop
  - pprof_http
  - proxy_haproxy_protocol
  - network_hwaddr
  - proxy_nat
  - network_nat_order
  - container_full
  - candid_authentication
  - backup_compression
  - candid_config
  - nvidia_runtime_config
  - storage_api_volume_snapshots
  - storage_unmapped
  - projects
  - candid_config_key
  - network_vxlan_ttl
  - container_incremental_copy
  - usb_optional_vendorid
  - snapshot_scheduling
  - snapshot_schedule_aliases
  - container_copy_project
  - clustering_server_address
  - clustering_image_replication
  - container_protection_shift
  - snapshot_expiry
  - container_backup_override_pool
  - snapshot_expiry_creation
  - network_leases_location
  - resources_cpu_socket
  - resources_gpu
  - resources_numa
  - kernel_features
  - id_map_current
  - event_location
  - storage_api_remote_volume_snapshots
  - network_nat_address
  - container_nic_routes
  - rbac
  - cluster_internal_copy
  - seccomp_notify
  - lxc_features
  - container_nic_ipvlan
  - network_vlan_sriov
  - storage_cephfs
  - container_nic_ipfilter
  - resources_v2
  - container_exec_user_group_cwd
  - container_syscall_intercept
  - container_disk_shift
  - storage_shifted
  - resources_infiniband
  - daemon_storage
  - instances
  - image_types
  - resources_disk_sata
  - clustering_roles
  - images_expiry
  - resources_network_firmware
  - backup_compression_algorithm
  - ceph_data_pool_name
  - container_syscall_intercept_mount
  - compression_squashfs
  - container_raw_mount
  - container_nic_routed
  - container_syscall_intercept_mount_fuse
  - container_disk_ceph
  - virtual-machines
  - image_profiles
  - clustering_architecture
  - resources_disk_id
  - storage_lvm_stripes
  - vm_boot_priority
  - unix_hotplug_devices
  - api_filtering
  - instance_nic_network
  - clustering_sizing
  - firewall_driver
  - projects_limits
  - container_syscall_intercept_hugetlbfs
  - limits_hugepages
  - container_nic_routed_gateway
  - projects_restrictions
  - custom_volume_snapshot_expiry
  - volume_snapshot_scheduling
  - trust_ca_certificates
  - snapshot_disk_usage
  - clustering_edit_roles
  - container_nic_routed_host_address
  - container_nic_ipvlan_gateway
  - resources_usb_pci
  - resources_cpu_threads_numa
  - resources_cpu_core_die
  - api_os
  - container_nic_routed_host_table
  - container_nic_ipvlan_host_table
  - container_nic_ipvlan_mode
  - resources_system
  - images_push_relay
  - network_dns_search
  - container_nic_routed_limits
  - instance_nic_bridged_vlan
  - network_state_bond_bridge
  - usedby_consistency
  - custom_block_volumes
  - clustering_failure_domains
  - resources_gpu_mdev
  - console_vga_type
  - projects_limits_disk
  - network_type_macvlan
  - network_type_sriov
  - container_syscall_intercept_bpf_devices
  - network_type_ovn
  - projects_networks
  - projects_networks_restricted_uplinks
  - custom_volume_backup
  - backup_override_name
  - storage_rsync_compression
  - network_type_physical
  - network_ovn_external_subnets
  - network_ovn_nat
  - network_ovn_external_routes_remove
  - tpm_device_type
  - storage_zfs_clone_copy_rebase
  - gpu_mdev
  - resources_pci_iommu
  - resources_network_usb
  - resources_disk_address
  - network_physical_ovn_ingress_mode
  - network_ovn_dhcp
  - network_physical_routes_anycast
  - projects_limits_instances
  - network_state_vlan
  - instance_nic_bridged_port_isolation
  - instance_bulk_state_change
  - network_gvrp
  - instance_pool_move
  - gpu_sriov
  - pci_device_type
  - storage_volume_state
  - network_acl
  - migration_stateful
  - disk_state_quota
  - storage_ceph_features
  - projects_compression
  - projects_images_remote_cache_expiry
  - certificate_project
  - network_ovn_acl
  - projects_images_auto_update
  - projects_restricted_cluster_target
  - images_default_architecture
  - network_ovn_acl_defaults
  - gpu_mig
  - project_usage
  - network_bridge_acl
  - warnings
  - projects_restricted_backups_and_snapshots
  - clustering_join_token
  - clustering_description
  - server_trusted_proxy
  - clustering_update_cert
  - storage_api_project
  - server_instance_driver_operational
  - server_supported_storage_drivers
  - event_lifecycle_requestor_address
  - resources_gpu_usb
  - clustering_evacuation
  - network_ovn_nat_address
  - network_bgp
  - network_forward
  - custom_volume_refresh
  - network_counters_errors_dropped
  - metrics
  - image_source_project
  - clustering_config
  - network_peer
  - linux_sysctl
  - network_dns
  - ovn_nic_acceleration
  - certificate_self_renewal
  - instance_project_move
  - storage_volume_project_move
  - cloud_init
  - network_dns_nat
  - database_leader
  - instance_all_projects
  - clustering_groups
  - ceph_rbd_du
  - instance_get_full
  - qemu_metrics
  - gpu_mig_uuid
  - event_project
  - clustering_evacuation_live
  - instance_allow_inconsistent_copy
  - network_state_ovn
  - storage_volume_api_filtering
  - image_restrictions
  - storage_zfs_export
  - network_dns_records
  - storage_zfs_reserve_space
  - network_acl_log
  - storage_zfs_blocksize
  - metrics_cpu_seconds
  - instance_snapshot_never
  - certificate_token
  - instance_nic_routed_neighbor_probe
  - event_hub
  - agent_nic_config
  - projects_restricted_intercept
  - metrics_authentication
  - images_target_project
  - cluster_migration_inconsistent_copy
  - cluster_ovn_chassis
  - container_syscall_intercept_sched_setscheduler
  - storage_lvm_thinpool_metadata_size
  - storage_volume_state_total
  - instance_file_head
  - instances_nic_host_name
  - image_copy_profile
  - container_syscall_intercept_sysinfo
  - clustering_evacuation_mode
  api_status: stable
  api_version: "1.0"
  auth: trusted
  public: false
  auth_methods:
  - tls
  environment:
  addresses:
  - 192.168.122.1:8443
  - 172.17.2.7:8443
  - 10.218.152.1:8443
  - 172.20.65.64:8443
  architectures:
  - x86_64
  - i686
  certificate: |
  -----BEGIN CERTIFICATE-----
  MIIFYjCCA0qgAwIBAgIRANuqKiTk5I94s7Ls9KrmQOIwDQYJKoZIhvcNAQELBQAw
  NzEcMBoGA1UEChMTbGludXhjb250YWluZXJzLm9yZzEXMBUGA1UEAwwOcm9vdEB0
  YXJhbnR1bGEwHhcNMTgwMzEzMDgzOTU2WhcNMjgwMzEwMDgzOTU2WjA3MRwwGgYD
  VQQKExNsaW51eGNvbnRhaW5lcnMub3JnMRcwFQYDVQQDDA5yb290QHRhcmFudHVs
  YTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALDHye5K2TakguGjqRF1
  im261BjhPVRo6R4yhX/VfN9pPmOIaqkFvOAadu9KoRbGMtUjvS8mzXlqxHuzFMpn
  JIQD+mtkfxEUI2DsnGppzfP9fa+X1Bgli8XqsaS5BCB/z3uzU6PJgC2qGKpLZY3S
  if0XGzgU7JKcYx5BwWN7oHk98sVQQtrSeTLW634m/uPeaB9LAowJ7T13WzCDP2jK
  H2d6s6Es6PlXIvawLzNUEqRSWzrFEt5SsEwSURmghZkHZzM4MlJHbS3Ayw81XuRq
  oH650uJM2riSjm9CDODT3izjovh5KlLszofKoWPmmc/gn/M5KttZOo9FckL08TBZ
  lSz51nqovI/L8ntTThflIK/S633GB2Y0fvVpgv3EqsLe+2m0ikdTwG1Qp14S53pJ
  /Hg3Cp4cwk21VRaWDqrUzbKmPhJYmWaujxeCWRmVBWDaY/APuIg3iT2z73JAqYze
  2ve+UrEsp10E4KrIRQjepl1kkm89jGyFGeELKHnKGdmiPHZ226qC+bOAxnwADh1u
  pKb7TZekXiW3Cf3OlPUds6KAlVZGef8FIabAJwmfHxz1QDp3aVj7EhXXfdUqZWrh
  hqiLxz1CO6HlwGBQCn6MtqiCocRsrIAK6p9DpcLn4A6ynOh+6yaYbugTpEvWiESq
  yzgcyyCXULaZ2kkcKgv4vNlxAgMBAAGjaTBnMA4GA1UdDwEB/wQEAwIFoDATBgNV
  HSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMDIGA1UdEQQrMCmCCXRhcmFu
  dHVsYYcEZGQO/IcQKgARSLC6ABRdTh0pZe4ERIcEwKh6ATANBgkqhkiG9w0BAQsF
  AAOCAgEACs5/4rQLNpvdmXnPyQ+tLXAh7ReVhJZ0N+6vpFfROTt6Tw9PFs6i3Ldd
  rJDsOz/T+ibNDgu1QrBfB3scFsLXv7+tZNbxT2yYjy0luM8T/NKFKbBXYHka6mmv
  ZTuIlm7t1exM8RRHL4QnZOzq6+xAobnIvBRRFp0OPqS0j3/i0hkjyd6VohuGNyxb
  UyBv6aow6bHSpAB0ZtfOT71Obl5P71PoQerjinBtrsVf1BR0COHnObz28vThOWA0
  AikYKrQbUbxn8Z9q80jyYqe4S2ilyHL92U8AHae96/sq3W2ABaZ1UcmeK8wahElU
  gSft4ERYZL/ng/mp0WGd4m6MdMZrguhs2lTQnBgD5lS/0RdAE3lF/SNx7GBLq4s3
  x2kOhJQjUT86xMQQp1oYfkMDvdT8tzYujU6Y7BPk75Owhbh9MrnovtJwsm7z/MAz
  70+J8B6hkBEFPqiIqg3j1SCNmGdPeMsZcDqBKFVCyVDIg3Wb0fFNivC/31g6RQ2F
  OdCWHu1IyCOxrsr3OQ9iHShPnyEFFXE9Eo3hXxVvB12G7uaONeFIezu/GD3fQwv8
  +McZByaQ0+gkr0aN7n3SxIH9S6hBG00kY1m0LW8vq46ndsghq1imCtg25NMLEgLt
  Gz1iec/hwY84xLirHuW2MAriPNwPc9bcjsmQCW1RC/xuuOmUEPs=
  -----END CERTIFICATE-----
  certificate_fingerprint: fa7007488665ef87b85bf1f8a6747ea63ea5ce97ecf1492d812d88ab4bd38ac4
  driver: lxc | qemu
  driver_version: 4.0.12 | 6.1.1
  firewall: nftables
  kernel: Linux
  kernel_architecture: x86_64
  kernel_features:
  idmapped_mounts: "true"
  netnsid_getifaddrs: "true"
  seccomp_listener: "true"
  seccomp_listener_continue: "true"
  shiftfs: "false"
  uevent_injection: "true"
  unpriv_fscaps: "true"
  kernel_version: 5.15.0-25-generic
  lxc_features:
  cgroup2: "true"
  core_scheduling: "true"
  devpts_fd: "true"
  idmapped_mounts_v2: "true"
  mount_injection_file: "true"
  network_gateway_device_route: "true"
  network_ipvlan: "true"
  network_l2proxy: "true"
  network_phys_macvlan_mtu: "true"
  network_veth_router: "true"
  pidfd: "true"
  seccomp_allow_deny_syntax: "true"
  seccomp_notify: "true"
  seccomp_proxy_send_notify_fd: "true"
  os_name: Ubuntu
  os_version: "22.04"
  project: default
  server: lxd
  server_clustered: false
  server_event_mode: full-mesh
  server_name: tarantula
  server_pid: 1463775
  server_version: "5.1"
  storage: dir
  storage_version: "1"
  storage_supported_drivers:
  - name: ceph
  version: 15.2.16
  remote: true
  - name: btrfs
  version: 5.4.1
  remote: false
  - name: cephfs
  version: 15.2.16
  remote: true
  - name: dir
  version: "1"
  remote: false
  - name: lvm
  version: 2.03.07(2) (2019-11-30) / 1.02.167 (2019-11-30) / 4.45.0
  remote: false
  - name: zfs
  version: 2.1.2-1ubuntu3
  remote: false

  Issue description

  Can't launch new containers.

  % lxc launch images:ubuntu/jammy/amd64 ge
  Creating ge
  Starting ge                                   
  Error: Failed to run: /snap/lxd/current/bin/lxd forkstart ge /var/snap/lxd/common/lxd/containers /var/snap/lxd/common/lxd/logs/ge/lxc.conf: 
  Try `lxc info --show-log local:ge` for more info

% lxc info --show-log local:ge
Name: ge
Status: STOPPED
Type: container
Architecture: x86_64
Created: 2022/05/17 10:50 MSK
Last Used: 2022/05/17 10:50 MSK

Log:

lxc ge 20220517075017.468 WARN     conf - conf.c:lxc_map_ids:3592 - newuidmap binary is missing
lxc ge 20220517075017.468 WARN     conf - conf.c:lxc_map_ids:3598 - newgidmap binary is missing
lxc ge 20220517075017.469 WARN     conf - conf.c:lxc_map_ids:3592 - newuidmap binary is missing
lxc ge 20220517075017.469 WARN     conf - conf.c:lxc_map_ids:3598 - newgidmap binary is missing
lxc ge 20220517075017.636 ERROR    start - start.c:start:2164 - No such file or directory - Failed to exec "/sbin/init"
lxc ge 20220517075017.636 ERROR    sync - sync.c:sync_wait:34 - An error occurred in another process (expected sequence number 7)
lxc ge 20220517075017.647 WARN     network - network.c:lxc_delete_network_priv:3617 - Failed to rename interface with index 0 from "eth0" to its initial name "veth8f78f55c"
lxc ge 20220517075017.647 ERROR    lxccontainer - lxccontainer.c:wait_on_daemonized_start:877 - Received container state "ABORTING" instead of "RUNNING"
lxc ge 20220517075017.647 ERROR    start - start.c:__lxc_start:2074 - Failed to spawn container "ge"
lxc ge 20220517075017.647 WARN     start - start.c:lxc_abort:1039 - No such process - Failed to send SIGKILL via pidfd 17 for process 1466589
lxc ge 20220517075022.736 WARN     conf - conf.c:lxc_map_ids:3592 - newuidmap binary is missing
lxc ge 20220517075022.736 WARN     conf - conf.c:lxc_map_ids:3598 - newgidmap binary is missing
lxc 20220517075022.774 ERROR    af_unix - af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20220517075022.775 ERROR    commands - commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors for command "get_state"

Installed from snap stable.

# snap list lxd
Name  Version      Rev    Tracking       Publisher   Notes
lxd   5.1-1f6f485  23037  latest/stable  canonical✓  -

[stgraber]

Can you try another image?

[bazuchan]

I have tried jammy, focal, bionic and debian buster and got same error.

[stgraber]

Can you show:

• ls -lh /var/snap/lxd/common/lxd/storage-pools/default/containers/ge
• ls -lh /var/snap/lxd/common/lxd/storage-pools/default/containers/ge/rootfs
• ls -lh /var/snap/lxd/common/lxd/storage-pools/default/containers/ge/rootfs/sbin

[bazuchan]

% lxc launch images:ubuntu/jammy/amd64 ge1
Creating ge1
Starting ge1                              
Error: Failed to run: /snap/lxd/current/bin/lxd forkstart ge1 /var/snap/lxd/common/lxd/containers /var/snap/lxd/common/lxd/logs/ge1/lxc.conf: 
Try `lxc info --show-log local:ge1` for more info

# ls -lh /var/snap/lxd/common/lxd/storage-pools/default/containers/ge1
total 8,0K
-r-------- 1 root root 2,8K мая 18 10:31 backup.yaml
drwxr-xr-x 5 root root 4,0K мая 18 10:31 rootfs

# ls -lh /var/snap/lxd/common/lxd/storage-pools/default/containers/ge1/rootfs
total 12K
drw-r--r-- 2 root root 4,0K мая 18 10:31 dev
drwxr-xr-x 2 root root 4,0K мая 18 10:31 proc
drwxr-xr-x 2 root root 4,0K мая 18 10:31 sys

# ls -lh /var/snap/lxd/common/lxd/storage-pools/default/containers/ge1/rootfs/sbin
ls: cannot access '/var/snap/lxd/common/lxd/storage-pools/default/containers/ge1/rootfs/sbin': No such file or directory

[tomponline]

OK so looks like your images are not being unpacked correctly.

Please can you rule out any issues with problematic cached images by doing lxc image list, finding the entry of the image you are trying to launch and then doing lxc image delete <fingerprint> for that image.

Than try launching the instance again and this should trigger a fresh image be downloaded.

If you still have issues, please can you run sudo du -h /var/snap/lxd/common/lxd/storage-pools/default/containers/ge1/ so we can see how much is inside the image.

And please also look for any AppArmor denials in your log, using journalctl -b | grep DENIED

[bazuchan]

Looks I found root of the problem. I have

# ls -la /var/snap/lxd/common/lxd/storage-pools
lrwxrwxrwx 1 root root 9 мар 13  2018 /var/snap/lxd/common/lxd/storage-pools -> /home/lxd

and it breaks image unpacking now. Coping container from another lxc host works fine btw.

[tomponline]

Hrm, that is highly unusual agreed. What makes you think this is the cause?

I believe @stgraber doesn't recommend using that approach (see this recent post https://discuss.linuxcontainers.org/t/lxd-broken-after-setting-custom-backups-storage/14102/6?u=tomp).

Have you considered using a bind mount instead of a symlink?

[bazuchan]

Hrm, that is highly unusual agreed. What makes you think this is the cause?

I have created new storage pool in default location and have no problem launching with new pool.

I believe @stgraber doesn't recommend using that approach (see this recent post https://discuss.linuxcontainers.org/t/lxd-broken-after-setting-custom-backups-storage/14102/6?u=tomp).

Have you considered using a bind mount instead of a symlink?

I'm moving instances to new pool, so my problem is solved. You can close issue if it is expected behavior.