VM not getting IPV4 using LXD 5.18 - Arm processor Rockchip RK3588

[ghqter30]

Issue description

LXD deployed on SBC / Rockchip RK3588, Virtual Machines don't get an IPV4 and return "Error: LXD VM agent isn't currently running" when attempted to run exec command. CPU process is constantly maxed out. Best known/tested version where this behavior is not present is version 5.13 --revision=24850

Required information

• Distribution: Ubuntu
• Distribution version: Ubuntu 22.04.3 LTS (Armbian 23.8.1 - aarch64)
• The output of "lxc info" or if that fails: sudo lxc info

  config: {}
  api_extensions:
  - storage_zfs_remove_snapshots
  - container_host_shutdown_timeout
  - container_stop_priority
  - container_syscall_filtering
  - auth_pki
  - container_last_used_at
  - etag
  - patch
  - usb_devices
  - https_allowed_credentials
  - image_compression_algorithm
  - directory_manipulation
  - container_cpu_time
  - storage_zfs_use_refquota
  - storage_lvm_mount_options
  - network
  - profile_usedby
  - container_push
  - container_exec_recording
  - certificate_update
  - container_exec_signal_handling
  - gpu_devices
  - container_image_properties
  - migration_progress
  - id_map
  - network_firewall_filtering
  - network_routes
  - storage
  - file_delete
  - file_append
  - network_dhcp_expiry
  - storage_lvm_vg_rename
  - storage_lvm_thinpool_rename
  - network_vlan
  - image_create_aliases
  - container_stateless_copy
  - container_only_migration
  - storage_zfs_clone_copy
  - unix_device_rename
  - storage_lvm_use_thinpool
  - storage_rsync_bwlimit
  - network_vxlan_interface
  - storage_btrfs_mount_options
  - entity_description
  - image_force_refresh
  - storage_lvm_lv_resizing
  - id_map_base
  - file_symlinks
  - container_push_target
  - network_vlan_physical
  - storage_images_delete
  - container_edit_metadata
  - container_snapshot_stateful_migration
  - storage_driver_ceph
  - storage_ceph_user_name
  - resource_limits
  - storage_volatile_initial_source
  - storage_ceph_force_osd_reuse
  - storage_block_filesystem_btrfs
  - resources
  - kernel_limits
  - storage_api_volume_rename
  - macaroon_authentication
  - network_sriov
  - console
  - restrict_devlxd
  - migration_pre_copy
  - infiniband
  - maas_network
  - devlxd_events
  - proxy
  - network_dhcp_gateway
  - file_get_symlink
  - network_leases
  - unix_device_hotplug
  - storage_api_local_volume_handling
  - operation_description
  - clustering
  - event_lifecycle
  - storage_api_remote_volume_handling
  - nvidia_runtime
  - container_mount_propagation
  - container_backup
  - devlxd_images
  - container_local_cross_pool_handling
  - proxy_unix
  - proxy_udp
  - clustering_join
  - proxy_tcp_udp_multi_port_handling
  - network_state
  - proxy_unix_dac_properties
  - container_protection_delete
  - unix_priv_drop
  - pprof_http
  - proxy_haproxy_protocol
  - network_hwaddr
  - proxy_nat
  - network_nat_order
  - container_full
  - candid_authentication
  - backup_compression
  - candid_config
  - nvidia_runtime_config
  - storage_api_volume_snapshots
  - storage_unmapped
  - projects
  - candid_config_key
  - network_vxlan_ttl
  - container_incremental_copy
  - usb_optional_vendorid
  - snapshot_scheduling
  - snapshot_schedule_aliases
  - container_copy_project
  - clustering_server_address
  - clustering_image_replication
  - container_protection_shift
  - snapshot_expiry
  - container_backup_override_pool
  - snapshot_expiry_creation
  - network_leases_location
  - resources_cpu_socket
  - resources_gpu
  - resources_numa
  - kernel_features
  - id_map_current
  - event_location
  - storage_api_remote_volume_snapshots
  - network_nat_address
  - container_nic_routes
  - rbac
  - cluster_internal_copy
  - seccomp_notify
  - lxc_features
  - container_nic_ipvlan
  - network_vlan_sriov
  - storage_cephfs
  - container_nic_ipfilter
  - resources_v2
  - container_exec_user_group_cwd
  - container_syscall_intercept
  - container_disk_shift
  - storage_shifted
  - resources_infiniband
  - daemon_storage
  - instances
  - image_types
  - resources_disk_sata
  - clustering_roles
  - images_expiry
  - resources_network_firmware
  - backup_compression_algorithm
  - ceph_data_pool_name
  - container_syscall_intercept_mount
  - compression_squashfs
  - container_raw_mount
  - container_nic_routed
  - container_syscall_intercept_mount_fuse
  - container_disk_ceph
  - virtual-machines
  - image_profiles
  - clustering_architecture
  - resources_disk_id
  - storage_lvm_stripes
  - vm_boot_priority
  - unix_hotplug_devices
  - api_filtering
  - instance_nic_network
  - clustering_sizing
  - firewall_driver
  - projects_limits
  - container_syscall_intercept_hugetlbfs
  - limits_hugepages
  - container_nic_routed_gateway
  - projects_restrictions
  - custom_volume_snapshot_expiry
  - volume_snapshot_scheduling
  - trust_ca_certificates
  - snapshot_disk_usage
  - clustering_edit_roles
  - container_nic_routed_host_address
  - container_nic_ipvlan_gateway
  - resources_usb_pci
  - resources_cpu_threads_numa
  - resources_cpu_core_die
  - api_os
  - container_nic_routed_host_table
  - container_nic_ipvlan_host_table
  - container_nic_ipvlan_mode
  - resources_system
  - images_push_relay
  - network_dns_search
  - container_nic_routed_limits
  - instance_nic_bridged_vlan
  - network_state_bond_bridge
  - usedby_consistency
  - custom_block_volumes
  - clustering_failure_domains
  - resources_gpu_mdev
  - console_vga_type
  - projects_limits_disk
  - network_type_macvlan
  - network_type_sriov
  - container_syscall_intercept_bpf_devices
  - network_type_ovn
  - projects_networks
  - projects_networks_restricted_uplinks
  - custom_volume_backup
  - backup_override_name
  - storage_rsync_compression
  - network_type_physical
  - network_ovn_external_subnets
  - network_ovn_nat
  - network_ovn_external_routes_remove
  - tpm_device_type
  - storage_zfs_clone_copy_rebase
  - gpu_mdev
  - resources_pci_iommu
  - resources_network_usb
  - resources_disk_address
  - network_physical_ovn_ingress_mode
  - network_ovn_dhcp
  - network_physical_routes_anycast
  - projects_limits_instances
  - network_state_vlan
  - instance_nic_bridged_port_isolation
  - instance_bulk_state_change
  - network_gvrp
  - instance_pool_move
  - gpu_sriov
  - pci_device_type
  - storage_volume_state
  - network_acl
  - migration_stateful
  - disk_state_quota
  - storage_ceph_features
  - projects_compression
  - projects_images_remote_cache_expiry
  - certificate_project
  - network_ovn_acl
  - projects_images_auto_update
  - projects_restricted_cluster_target
  - images_default_architecture
  - network_ovn_acl_defaults
  - gpu_mig
  - project_usage
  - network_bridge_acl
  - warnings
  - projects_restricted_backups_and_snapshots
  - clustering_join_token
  - clustering_description
  - server_trusted_proxy
  - clustering_update_cert
  - storage_api_project
  - server_instance_driver_operational
  - server_supported_storage_drivers
  - event_lifecycle_requestor_address
  - resources_gpu_usb
  - clustering_evacuation
  - network_ovn_nat_address
  - network_bgp
  - network_forward
  - custom_volume_refresh
  - network_counters_errors_dropped
  - metrics
  - image_source_project
  - clustering_config
  - network_peer
  - linux_sysctl
  - network_dns
  - ovn_nic_acceleration
  - certificate_self_renewal
  - instance_project_move
  - storage_volume_project_move
  - cloud_init
  - network_dns_nat
  - database_leader
  - instance_all_projects
  - clustering_groups
  - ceph_rbd_du
  - instance_get_full
  - qemu_metrics
  - gpu_mig_uuid
  - event_project
  - clustering_evacuation_live
  - instance_allow_inconsistent_copy
  - network_state_ovn
  - storage_volume_api_filtering
  - image_restrictions
  - storage_zfs_export
  - network_dns_records
  - storage_zfs_reserve_space
  - network_acl_log
  - storage_zfs_blocksize
  - metrics_cpu_seconds
  - instance_snapshot_never
  - certificate_token
  - instance_nic_routed_neighbor_probe
  - event_hub
  - agent_nic_config
  - projects_restricted_intercept
  - metrics_authentication
  - images_target_project
  - cluster_migration_inconsistent_copy
  - cluster_ovn_chassis
  - container_syscall_intercept_sched_setscheduler
  - storage_lvm_thinpool_metadata_size
  - storage_volume_state_total
  - instance_file_head
  - instances_nic_host_name
  - image_copy_profile
  - container_syscall_intercept_sysinfo
  - clustering_evacuation_mode
  - resources_pci_vpd
  - qemu_raw_conf
  - storage_cephfs_fscache
  - network_load_balancer
  - vsock_api
  - instance_ready_state
  - network_bgp_holdtime
  - storage_volumes_all_projects
  - metrics_memory_oom_total
  - storage_buckets
  - storage_buckets_create_credentials
  - metrics_cpu_effective_total
  - projects_networks_restricted_access
  - storage_buckets_local
  - loki
  - acme
  - internal_metrics
  - cluster_join_token_expiry
  - remote_token_expiry
  - init_preseed
  - storage_volumes_created_at
  - cpu_hotplug
  - projects_networks_zones
  - network_txqueuelen
  - cluster_member_state
  - instances_placement_scriptlet
  - storage_pool_source_wipe
  - zfs_block_mode
  - instance_generation_id
  - disk_io_cache
  - amd_sev
  - storage_pool_loop_resize
  - migration_vm_live
  - ovn_nic_nesting
  - oidc
  - network_ovn_l3only
  - ovn_nic_acceleration_vdpa
  - cluster_healing
  - instances_state_total
  - auth_user
  - security_csm
  - instances_rebuild
  - numa_cpu_placement
  - custom_volume_iso
  - network_allocations
  - storage_api_remote_volume_snapshot_copy
  - zfs_delegate
  - operations_get_query_all_projects
  - metadata_configuration
  - syslog_socket
  - event_lifecycle_name_and_project
  - instances_nic_limits_priority
  - disk_initial_volume_configuration
  api_status: stable
  api_version: "1.0"
  auth: trusted
  public: false
  auth_methods:
  - tls
  auth_user_name: root
  auth_user_method: unix
  environment:
  addresses: []
  architectures:
  - aarch64
  - armv6l
  - armv7l
  - armv8l
  certificate: |
  -----BEGIN CERTIFICATE-----
  MIIB3jCCAWOgAwIBAgIQLbj2/jeoghPbFNFJ2nOgbDAKBggqhkjOPQQDAzAiMQww
  CgYDVQQKEwNMWEQxEjAQBgNVBAMMCXJvb3RAbHhkMjAeFw0yMzEwMDgxNjExNDBa
  Fw0zMzEwMDUxNjExNDBaMCIxDDAKBgNVBAoTA0xYRDESMBAGA1UEAwwJcm9vdEBs
  eGQyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE1xyqhYuHwRAsxywxAfE8prNU43kY
  Eql3ft3V2TUS6OU/zSbXlqhrp/ELR5AfgAVTnNfaJ25JQ0OzWR3FmM5Lnz/GX2W+
  0xVzkVnvXA/xqnYQWiHeFaQchd5PRJmdGQdbo14wXDAOBgNVHQ8BAf8EBAMCBaAw
  EwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAnBgNVHREEIDAeggRs
  eGQyhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAoGCCqGSM49BAMDA2kAMGYCMQD0
  +wBrPbggl1psXwfpxMTe8zXNxv9RVyq79Q81ojXue75C6RJpvyUO19tLRsiKa0gC
  MQCo3xqM+hmL0eD2g7JfZ71BJ2BNURbRQ4gL47Z/GzXhZ+vMuNlA14nsr7R1K0gv
  BZs=
  -----END CERTIFICATE-----
  certificate_fingerprint: 327f41a4995c7d473b52b212497bee58fbd921b1cbb9c2e1f1627f48eeb5fdae
  driver: lxc | qemu
  driver_version: 5.0.0 | 8.0.5
  firewall: nftables
  kernel: Linux
  kernel_architecture: aarch64
  kernel_features:
  idmapped_mounts: "false"
  netnsid_getifaddrs: "true"
  seccomp_listener: "true"
  seccomp_listener_continue: "true"
  shiftfs: "false"
  uevent_injection: "true"
  unpriv_fscaps: "true"
  kernel_version: 5.10.160-legacy-rk35xx
  lxc_features:
  cgroup2: "true"
  core_scheduling: "true"
  devpts_fd: "true"
  idmapped_mounts_v2: "true"
  mount_injection_file: "true"
  network_gateway_device_route: "true"
  network_ipvlan: "true"
  network_l2proxy: "true"
  network_phys_macvlan_mtu: "true"
  network_veth_router: "true"
  pidfd: "true"
  seccomp_allow_deny_syntax: "true"
  seccomp_notify: "true"
  seccomp_proxy_send_notify_fd: "true"
  os_name: Ubuntu
  os_version: "22.04"
  project: default
  server: lxd
  server_clustered: false
  server_event_mode: full-mesh
  server_name: lxd2
  server_pid: 3087
  server_version: "5.18"
  storage: btrfs
  storage_version: 5.16.2
  storage_supported_drivers:
  - name: btrfs
  version: 5.16.2
  remote: false
  - name: ceph
  version: 17.2.6
  remote: true
  - name: cephfs
  version: 17.2.6
  remote: true
  - name: cephobject
  version: 17.2.6
  remote: true
  - name: dir
  version: "1"
  remote: false
  - name: lvm
  version: 2.03.11(2) (2021-01-08) / 1.02.175 (2021-01-08) / 4.44.0
  remote: false

Steps to reproduce

1. Step one sudo snap install lxd --channel latest/edge # git-a733f9b 2023-10-06 (25934) sudo lxd init

2. Step two sudo lxc launch ubuntu:22.04 --vm vm1

3. Step three sudo lxc list

   +------+---------+---------------------+-----------------------------------------------+-----------------+-----------+
   | NAME |  STATE  |        IPV4         |                     IPV6                      |      TYPE       | SNAPSHOTS |
   +------+---------+---------------------+-----------------------------------------------+-----------------+-----------+
   | c1   | RUNNING | 10.213.33.30 (eth0) | fd42:ee0b:c420:2042:216:3eff:fef2:f6e8 (eth0) | CONTAINER       | 0         |
   +------+---------+---------------------+-----------------------------------------------+-----------------+-----------+
   | vm1  | RUNNING |                     | fd42:ee0b:c420:2042:216:3eff:fea3:fcfe (eth0) | VIRTUAL-MACHINE | 0         |
   +------+---------+---------------------+-----------------------------------------------+-----------------+-----------+

   sudo lxc exec vm1 bash

   Error: LXD VM agent isn't currently running

sudo lxc stop vm1 --force

sudo lxc start vm1 --console

To detach from the console, press: <ctrl>+a q

Information to attach

sudo lxc info vm1 --show-log

Status: RUNNING
Type: virtual-machine
Architecture: aarch64
PID: 6515
Created: 2023/10/08 09:18 PDT
Last Used: 2023/10/08 11:33 PDT

Resources:
  Processes: -1
  Network usage:
    eth0:
      Type: broadcast
      State: UP
      Host interface: tapf2305589
      MAC address: 00:16:3e:a3:fc:fe
      MTU: 1500
      Bytes received: 232B
      Bytes sent: 0B
      Packets received: 2
      Packets sent: 0
      IP addresses:
        inet6: fd42:ee0b:c420:2042:216:3eff:fea3:fcfe/64 (global)

Log:

sudo lxc config show vm1 --expanded

config:
  image.architecture: arm64
  image.description: ubuntu 22.04 LTS arm64 (release) (20230927)
  image.label: release
  image.os: ubuntu
  image.release: jammy
  image.serial: "20230927"
  image.type: disk1.img
  image.version: "22.04"
  volatile.base_image: af58751ca593b6c3e38836254a0565cbb86fd01c2fbb5d1ba2c43ea27cc02e78
  volatile.cloud-init.instance-id: 12ec2bf4-ad25-451f-8772-58768dd630d8
  volatile.eth0.host_name: tapf2305589
  volatile.eth0.hwaddr: 00:16:3e:a3:fc:fe
  volatile.last_state.power: RUNNING
  volatile.last_state.ready: "false"
  volatile.uuid: bb4f8b8d-f6f7-4681-84d3-b0b48f836083
  volatile.uuid.generation: bb4f8b8d-f6f7-4681-84d3-b0b48f836083
  volatile.vsock_id: "1537207436"
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

sudo cat /var/snap/lxd/common/lxd/logs/lxd.log

time="2023-10-08T09:11:38-07:00" level=warning msg="AppArmor support has been disabled because of lack of kernel support"
time="2023-10-08T09:11:38-07:00" level=warning msg=" - AppArmor support has been disabled, Disabled because of lack of kernel support"
time="2023-10-08T09:11:38-07:00" level=warning msg=" - Couldn't find the CGroup network priority controller, per-instance network priority will be ignored. Please use per-device limits.priority instead"
time="2023-10-08T09:11:41-07:00" level=warning msg="Failed to initialize fanotify, falling back on inotify" err="Failed to watch directory \"/dev\": no such device"
time="2023-10-08T09:18:46-07:00" level=warning msg="Unable to use virtio-fs for config drive, using 9p as a fallback" err="Architecture unsupported" instance=vm1 instanceType=virtual-machine project=default
time="2023-10-08T09:18:46-07:00" level=warning msg="Using writeback cache I/O" devPath=/var/snap/lxd/common/lxd/storage-pools/default/virtual-machines/vm1/root.img device=root fsType=btrfs instance=vm1 instanceType=virtual-machine project=default
time="2023-10-08T09:19:34-07:00" level=warning msg="Unable to use virtio-fs for config drive, using 9p as a fallback" err="Architecture unsupported" instance=vm1 instanceType=virtual-machine project=default
time="2023-10-08T09:19:34-07:00" level=warning msg="Using writeback cache I/O" devPath=/var/snap/lxd/common/lxd/storage-pools/default/virtual-machines/vm1/root.img device=root fsType=btrfs instance=vm1 instanceType=virtual-machine project=default
time="2023-10-08T11:10:11-07:00" level=warning msg="Unable to use virtio-fs for config drive, using 9p as a fallback" err="Architecture unsupported" instance=vm1 instanceType=virtual-machine project=default
time="2023-10-08T11:10:11-07:00" level=warning msg="Using writeback cache I/O" devPath=/var/snap/lxd/common/lxd/storage-pools/default/virtual-machines/vm1/root.img device=root fsType=btrfs instance=vm1 instanceType=virtual-machine project=default
time="2023-10-08T11:33:11-07:00" level=warning msg="Unable to use virtio-fs for config drive, using 9p as a fallback" err="Architecture unsupported" instance=vm1 instanceType=virtual-machine project=default
time="2023-10-08T11:33:11-07:00" level=warning msg="Using writeback cache I/O" devPath=/var/snap/lxd/common/lxd/storage-pools/default/virtual-machines/vm1/root.img device=root fsType=btrfs instance=vm1 instanceType=virtual-machine project=default
time="2023-10-08T11:33:42-07:00" level=warning msg="Unable to use virtio-fs for config drive, using 9p as a fallback" err="Architecture unsupported" instance=vm1 instanceType=virtual-machine project=default
time="2023-10-08T11:33:42-07:00" level=warning msg="Using writeback cache I/O" devPath=/var/snap/lxd/common/lxd/storage-pools/default/virtual-machines/vm1/root.img device=root fsType=btrfs instance=vm1 instanceType=virtual-machine project=default

[tomponline]

Are you able to try on 5.0/edge channel (you will need a fresh install as can't downgrade from latest/stable).

This channel comes with same qemu version but previous edk firmware version (as we've seen a fair few problems with more recent edk firmware versions).

[ghqter30]

5.0/edge channel works just fine:

sudo snap list lxd

lxd   git-7f8a581  25932  5.0/edge  canonical✓  

sudo lxc list

+------+---------+------------------------+-------------------------------------------------+-----------------+-----------+
| NAME |  STATE  |          IPV4          |                      IPV6                       |      TYPE       | SNAPSHOTS |
+------+---------+------------------------+-------------------------------------------------+-----------------+-----------+
| c2   | RUNNING | 10.33.200.84 (eth0)    | fd42:e225:ffb0:2967:216:3eff:fe13:5045 (eth0)   | CONTAINER       | 0         |
+------+---------+------------------------+-------------------------------------------------+-----------------+-----------+
| vm2  | RUNNING | 10.33.200.116 (enp5s0) | fd42:e225:ffb0:2967:216:3eff:fe94:e2ea (enp5s0) | VIRTUAL-MACHINE | 0         |
+------+---------+------------------------+-------------------------------------------------+-----------------+-----------

sudo lxc exec vm2 -- uptime

 22:33:07 up 3 min,  0 users,  load average: 0.07, 0.17, 0.08

[mihalicyn]

Hi @ghqter30

Can you try to run the VM on latest/edge with lxc launch ubuntu:22.04 --vm --console=vga vm1 and try to catch on which step it fails? Can you see any messaged from GRUB? Or maybe from the Linux kernel.

We have seen and workarounded two issues with edk2: https://github.com/canonical/lxd-pkg-snap/pull/147 https://github.com/canonical/lxd-pkg-snap/pull/153

Unfortunately, edk2 developers do not care about maintaining compatibility with old versions of GRUB/shim/Linux kernel and as a consequence we have problems like that.

Another experiment that you can make is to try lxc launch ubuntu:22.04 -c security.secureboot=false --vm --console=vga vm1 and check results.

Kind regards, Alex

[tomponline]

thanks @mihalicyn !

[ghqter30]

I get this:

sudo snap list lxd

lxd   git-7d7624d  25952  latest/edge  canonical✓ 

sudo lxc launch ubuntu:22.04 -c security.secureboot=false --vm --console=vga vm1

Creating vm1
Starting vm1

(remote-viewer:7732): Gtk-WARNING **: 08:42:00.885: cannot open display:

sudo lxc list vm1
+------+---------+------+---------------------------------------------+-----------------+-----------+
| NAME |  STATE  | IPV4 |                    IPV6                     |      TYPE       | SNAPSHOTS |
+------+---------+------+---------------------------------------------+-----------------+-----------+
| vm1  | RUNNING |      | fd42:6c59:447:38fb:216:3eff:fe3b:c49 (eth0) | VIRTUAL-MACHINE | 0         |
+------+---------+------+---------------------------------------------+-----------------+-----------+

[mihalicyn]

Ah, you are likely running this on the server without desktop environment? Then just use --console without vga.

[ghqter30]

Console output doesn't show much:

sudo lxc launch ubuntu:22.04 -c security.secureboot=false --vm --console vm2

Creating vm2
Starting vm2
To detach from the console, press: <ctrl>+a q

[ghqter30]

Graphic and Text Console show the same empty results:

[ghqter30]

Any suggestions?

[mihalicyn]

Hi @ghqter30

Sorry about this huge delay with reply. This thread got lost. (Feel free to ping us next time!)

The first thing that I would start with is to try latest/edge channel again.

Results that you've shared with us a bit interesting: nothing in the console output, nothing on the screen and VM just stuck, right? Couldn't you also show:

# replace "vm1" to your VM instance name
cat /proc/$(cat /var/snap/lxd/common/lxd/logs/vm1/qemu.pid)/stack

[tomponline]

Closing this for now, but please let us know if you are still experiencing the issue and can reproduce on latest/edge channel.

Thanks!