`rockcraft` crashes at the `update apt cache` step

[gruyaume]

Overview

Rockcraft fails at the update apt cache step when running on github's runners.

Description

We build and publish our rocks using github actions. The action to build the rock crashes with the error message craft-providers error: Failed to update apt cache.

• Github runner version: ubuntu-latest (22.04.1)
• Rockcraft version: 0+git.11f000f

Reference

• https://github.com/canonical/lego-rock/actions/runs/3941060880/jobs/6742971009

Log:

Run rockcraft pack --verbose
Starting Rockcraft 0.0.1.dev1
Logging execution to '/home/runner/.local/state/rockcraft/log/rockcraft-20230117-16061[4](https://github.com/canonical/lego-rock/actions/runs/3941060880/jobs/6742971009#step:5:5).0[5](https://github.com/canonical/lego-rock/actions/runs/3941060880/jobs/6742971009#step:5:6)1518.log'
Launching instance...
craft-providers error: Failed to update apt cache.
* Command that failed: 'lxc --project rockcraft exec local:rockcraft-lego-1072[6](https://github.com/canonical/lego-rock/actions/runs/3941060880/jobs/6742971009#step:5:7)[7](https://github.com/canonical/lego-rock/actions/runs/3941060880/jobs/6742971009#step:5:8)5 -- env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ROCKCRAFT_MANAGED_MODE=1 apt-get update'
* Command exit code: 100
* Command output: b'Ign:1 http://archive.ubuntu.com/ubuntu jammy InRelease\nIgn:2 http://security.ubuntu.com/ubuntu jammy-security InRelease\nIgn:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease\nIgn:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease\nIgn:1 http://archive.ubuntu.com/ubuntu jammy InRelease\nIgn:2 http://security.ubuntu.com/ubuntu jammy-security InRelease\nIgn:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease\nIgn:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease\nIgn:1 http://archive.ubuntu.com/ubuntu jammy InRelease\nIgn:2 http://security.ubuntu.com/ubuntu jammy-security InRelease\nIgn:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease\nIgn:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease\nErr:1 http://archive.ubuntu.com/ubuntu jammy InRelease\n  Cannot initiate the connection to archive.ubuntu.com:[8](https://github.com/canonical/lego-rock/actions/runs/3941060880/jobs/6742971009#step:5:9)0 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::1[9](https://github.com/canonical/lego-rock/actions/runs/3941060880/jobs/6742971009#step:5:10)). - connect ([10](https://github.com/canonical/lego-rock/actions/runs/3941060880/jobs/6742971009#step:5:11)1: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (91.189.91.39), connection timed out Could not connect to archive.ubuntu.com:80 (185.125.190.39), connection timed out Could not connect to archive.ubuntu.com:80 (185.125.190.36), connection timed out\nErr:2 http://security.ubuntu.com/ubuntu jammy-security InRelease\n  Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (185.125.190.39), connection timed out Could not connect to security.ubuntu.com:80 (185.125.190.36), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.39), connection timed out\nErr:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease\n  Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable)\nErr:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease\n  Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable)\nReading package lists...\n'
* Command standard error output: b'E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease  Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (91.189.91.39), connection timed out Could not connect to archive.ubuntu.com:80 (185.125.190.39), connection timed out Could not connect to archive.ubuntu.com:80 (185.125.190.36), connection timed out\nE: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease  Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable)\nE: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease  Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable)\nE: Failed to fetch http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease  Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (185.125.190.39), connection timed out Could not connect to security.ubuntu.com:80 (185.125.190.36), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.39), connection timed out\nE: Some index files failed to download. They have been ignored, or old ones used instead.\n'
Full execution log: '/home/runner/.local/state/rockcraft/log/rockcraft-20230[11](https://github.com/canonical/lego-rock/actions/runs/3941060880/jobs/6742971009#step:5:12)7-160614.051518.log'
Error: Process completed with exit code 1.

[gruyaume]

I tested this with ubuntu 20.04 and I do not get this error. The error is somewhat related to the ubuntu 22.04 image / runner.

[jnsgruk]

Pretty sure this is an iptables clash on 22.04

If you use the canonical/setup-lxd action before you install rockcraft you likely won't have the same issue.

Or you can lift the iptables rules from here: https://github.com/canonical/setup-lxd/blob/90d76101915da56a42a562ba766b1a77019242fd/action.yml#L39

[gruyaume]

@jnsgruk , the example above leverages whywaita/setup-lxd@v1, is there a difference from the canonical provided one?

[jnsgruk]

@jnsgruk , the example above leverages whywaita/setup-lxd@v1, is there a difference from the canonical provided one?

Yeh, it just doesn't do the iptables stuff - the Ubuntu Github Actions runners that use 22.04 have a conflict where the rules that ship with docker prevent LXD containers from accessing the internet by default -- the Canonical action includes the change to iptables to ensure both work :)

[gruyaume]

Ahhh ok that's good to know. Cheers!

[gruyaume]

The fact that rockcraft depends on both docker and lxc being installed and that both those things don't play well together on Ubuntu is a bit of a pain. I'm not sure if this comment is helpful, but I'm sure I'm not the first feeling this pain.

[cjdcordeiro]

this is a pain indeed. The thing is that Rockcraft doesn't actually depend on Docker, but most people do have it installed and is the de-facto tool for testing containers. In any case, here are some (hopefully) helpful nuggets:

Docker compatibility

I think the iptables clash might disappear if you use the Docker snap instead of the DEB.

LXD setup and automation

As Jon mentioned, the LXD action already takes care of this clash, as well as the new rockcraft-pack action: https://github.com/canonical/craft-actions/#rockcraft-pack