lxc container in a parent lxd fails to start

[tkuhlman]

I am trying to run some lxc containers within an lxd container. The use case here is for integration tests of mojo (https://mojo.canonical.com/). The goal is the have an lxd image people can download and use for a full suite of integration tests of mojo. Mojo itself uses lxc and in this test environment will also rely on juju running locally using lxc. I'm still in proof of concept stage but the script I used to create the lxd env is at https://github.com/tkuhlman/containers/blob/master/mojo/build_mojo_lxd.sh and after that runs I was running 'lxc exec mojo -- su - ubuntu' and then 'sudo mojo project-new --series trusty mojo-how-to' which is the first step in a proof of concept run of mojo.

The initial error seen is:

2015-12-21 20:57:29 [INFO] Bootstrapping lxc env
2015-12-21 20:57:29 [INFO] Starting LXC container 'mojo-how-to.trusty'
lxc-start: lxc_start.c: main: 341 The container failed to start.
lxc-start: lxc_start.c: main: 343 To get more details, run the container in foreground mode.
lxc-start: lxc_start.c: main: 345 Additional information can be obtained by setting the --logfile and --logpriority options.

Rerunning with debug the output is:

ubuntu@mojo:~$ sudo lxc-start -F -n mojo-how-to.trusty -o /dev/stdout -l debug
      lxc-start 1450731894.849 INFO     lxc_start_ui - lxc_start.c:main:264 - using rcfile /var/lib/lxc/mojo-how-to.trusty/config
      lxc-start 1450731894.850 WARN     lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized
      lxc-start 1450731894.850 WARN     lxc_cgmanager - cgmanager.c:cgm_get:985 - do_cgm_get exited with error
      lxc-start 1450731894.850 INFO     lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .reject_force_umount  # comment this to allow umount -f;  not recommended.
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for reject_force_umount action 0
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts

      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for reject_force_umount action 0
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts

      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .[all].
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .kexec_load errno 1.
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for kexec_load action 327681
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for kexec_load action 327681
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .open_by_handle_at errno 1.
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for open_by_handle_at action 327681
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for open_by_handle_at action 327681
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .init_module errno 1.
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for init_module action 327681
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for init_module action 327681
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .finit_module errno 1.
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for finit_module action 327681
      lxc-start 1450731894.850 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:233 - Seccomp: got negative # for syscall: finit_module
      lxc-start 1450731894.850 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:234 - This syscall will NOT be blacklisted
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for finit_module action 327681
      lxc-start 1450731894.850 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:233 - Seccomp: got negative # for syscall: finit_module
      lxc-start 1450731894.850 WARN     lxc_seccomp - seccomp.c:do_resolve_add_rule:234 - This syscall will NOT be blacklisted
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:324 - processing: .delete_module errno 1.
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:426 - Adding native rule for delete_module action 327681
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:429 - Adding compat rule for delete_module action 327681
      lxc-start 1450731894.850 INFO     lxc_seccomp - seccomp.c:parse_config_v2:436 - Merging in the compat seccomp ctx into the main one
      lxc-start 1450731894.851 DEBUG    lxc_conf - conf.c:lxc_create_tty:3791 - allocated pty '/dev/pts/3' (5/6)
      lxc-start 1450731894.851 DEBUG    lxc_conf - conf.c:lxc_create_tty:3791 - allocated pty '/dev/pts/4' (7/8)
      lxc-start 1450731894.851 DEBUG    lxc_conf - conf.c:lxc_create_tty:3791 - allocated pty '/dev/pts/5' (9/10)
      lxc-start 1450731894.851 DEBUG    lxc_conf - conf.c:lxc_create_tty:3791 - allocated pty '/dev/pts/6' (11/12)
      lxc-start 1450731894.851 INFO     lxc_conf - conf.c:lxc_create_tty:3802 - tty's configured
      lxc-start 1450731894.851 DEBUG    lxc_start - start.c:setup_signal_fd:263 - sigchild handler set
      lxc-start 1450731894.851 DEBUG    lxc_console - console.c:lxc_console_peer_default:500 - opening /dev/tty for console peer
      lxc-start 1450731894.851 DEBUG    lxc_console - console.c:lxc_console_peer_default:506 - using '/dev/tty' as console
      lxc-start 1450731894.851 DEBUG    lxc_console - console.c:lxc_console_sigwinch_init:179 - 13094 got SIGWINCH fd 17
      lxc-start 1450731894.851 DEBUG    lxc_console - console.c:lxc_console_winsz:88 - set winsz dstfd:14 cols:106 rows:54
      lxc-start 1450731894.851 INFO     lxc_start - start.c:lxc_init:463 - 'mojo-how-to.trusty' is initialized
      lxc-start 1450731894.851 DEBUG    lxc_start - start.c:__lxc_start:1099 - Not dropping cap_sys_boot or watching utmp
      lxc-start 1450731894.852 DEBUG    lxc_conf - conf.c:instantiate_veth:3130 - instantiated veth 'veth4SYN57/veth2J00BW', index is '7'
      lxc-start 1450731894.852 INFO     lxc_cgroup - cgroup.c:cgroup_init:62 - cgroup driver cgmanager initing for mojo-how-to.trusty
      lxc-start 1450731894.870 ERROR    lxc_cgmanager - cgmanager.c:cgm_create:635 - cgroup error?  100 cgroups with this name already running
lxc-start: cgmanager.c: cgm_create: 635 cgroup error?  100 cgroups with this name already running
      lxc-start 1450731894.870 ERROR    lxc_start - start.c:lxc_spawn:891 - failed creating cgroups
lxc-start: start.c: lxc_spawn: 891 failed creating cgroups
      lxc-start 1450731894.890 ERROR    lxc_start - start.c:__lxc_start:1121 - failed to spawn 'mojo-how-to.trusty'
lxc-start: start.c: __lxc_start: 1121 failed to spawn 'mojo-how-to.trusty'
      lxc-start 1450731894.890 ERROR    lxc_start_ui - lxc_start.c:main:341 - The container failed to start.
lxc-start: lxc_start.c: main: 341 The container failed to start.
      lxc-start 1450731894.890 ERROR    lxc_start_ui - lxc_start.c:main:345 - Additional information can be obtained by setting the --logfile and --logpriority options.
lxc-start: lxc_start.c: main: 345 Additional information can be obtained by setting the --logfile and --logpriority options.

The contents of /var/lib/lxc/mojo-how-to.trusty/config:

# Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu
# Parameters passed to the template: --release trusty
# For additional config options, please look at lxc.container.conf(5)

# Common configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf

# Container specific configuration
lxc.rootfs = /srv/mojo/mojo-how-to/trusty/ROOTFS
lxc.mount = /var/lib/lxc/mojo-how-to.trusty/fstab
lxc.utsname = mojo-how-to.trusty
lxc.arch = amd64

# Network configuration
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.hwaddr = 00:16:3e:59:8d:2b

ubuntu@mojo:~$ sudo find /sys/fs/cgroup -type d
/sys/fs/cgroup
/sys/fs/cgroup/cgmanager.lower
/sys/fs/cgroup/cgmanager

[tkuhlman]

The host system is Wily, the parent LXD container is trusty and the child lxc container is trusty also.

[tkuhlman]

Opened as an lxc issue instead, https://github.com/lxc/lxc/issues/735