Deploy failed at systemd service start with "code=exited, status=226/NAMESPACE" on Debian 10 (LXD)

[br-olf]

Describe the bug During the deployment of nusenu.relayor ansible fails to start the systemd services for the tor relays. The services show this Error:

* tor@10.128.0.214_9100.service - Anonymizing overlay network for TCP (instance 10.128.0.214_9100)
   Loaded: loaded (/etc/systemd/system/tor@10.128.0.214_9100.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2020-09-28 12:55:04 CEST; 58s ago
  Process: 23208 ExecStartPre=/usr/bin/install -Z -m 02755 -o _tor-10.128.0.214_9100 -g _tor-10.128.0.214_9100 -d /run/tor-instances/10.128.0.214_9100 (code=exited, status=226/NAMESPACE)

Sep 28 12:55:04 tor systemd[1]: Failed to start Anonymizing overlay network for TCP (instance 10.128.0.214_9100).
Sep 28 12:55:04 tor systemd[1]: tor@10.128.0.214_9100.service: Service RestartSec=100ms expired, scheduling restart.
Sep 28 12:55:04 tor systemd[1]: tor@10.128.0.214_9100.service: Scheduled restart job, restart counter is at 5.
Sep 28 12:55:04 tor systemd[1]: Stopped Anonymizing overlay network for TCP (instance 10.128.0.214_9100).
Sep 28 12:55:04 tor systemd[1]: tor@10.128.0.214_9100.service: Start request repeated too quickly.
Sep 28 12:55:04 tor systemd[1]: tor@10.128.0.214_9100.service: Failed with result 'exit-code'.
Sep 28 12:55:04 tor systemd[1]: Failed to start Anonymizing overlay network for TCP (instance 10.128.0.214_9100).

root@tor:~# systemctl status tor@10.128.0.214_9000.service
* tor@10.128.0.214_9000.service - Anonymizing overlay network for TCP (instance 10.128.0.214_9000)
   Loaded: loaded (/lib/systemd/system/tor@.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2020-09-28 13:10:03 CEST; 14min ago
  Process: 24829 ExecStartPre=/usr/bin/install -Z -m 02755 -o _tor-10.128.0.214_9000 -g _tor-10.128.0.214_9000 -d /run/tor-instances/10.128.0.214_9000 (code=exited, status=226/NAMESPACE)

Sep 28 13:10:03 tor systemd[1]: tor@10.128.0.214_9000.service: Control process exited, code=exited, status=226/NAMESPACE
Sep 28 13:10:03 tor systemd[1]: tor@10.128.0.214_9000.service: Failed with result 'exit-code'.
Sep 28 13:10:03 tor systemd[1]: Failed to start Anonymizing overlay network for TCP (instance 10.128.0.214_9000).
Sep 28 13:10:03 tor systemd[1]: tor@10.128.0.214_9000.service: Service RestartSec=100ms expired, scheduling restart.
Sep 28 13:10:03 tor systemd[1]: tor@10.128.0.214_9000.service: Scheduled restart job, restart counter is at 5.
Sep 28 13:10:03 tor systemd[1]: Stopped Anonymizing overlay network for TCP (instance 10.128.0.214_9000).
Sep 28 13:10:03 tor systemd[1]: tor@10.128.0.214_9000.service: Start request repeated too quickly.
Sep 28 13:10:03 tor systemd[1]: tor@10.128.0.214_9000.service: Failed with result 'exit-code'.
Sep 28 13:10:03 tor systemd[1]: Failed to start Anonymizing overlay network for TCP (instance 10.128.0.214_9000).

To Reproduce

1. Setup a Debian 10 (buster) LXD Container.
2. Deploy the playbook in Playbook information.

Expected behavior

• The execution of the playbook should not fail.

Version information (please include the following information):

• ansible version:
  • ansible 2.9.13
  • python version = 3.8.5 (default, Sep 5 2020, 10:50:12) [GCC 10.2.0]
• ansible-relayor version (please try to reproduce the bug against the git master branch)
  • Role: nusenu.relayor
  • description: An Ansible role for Tor Relay Operators
  • active: True
  • commit: de20efe3cf5811ac8faf3475775f1f2182fc216d
  • commit_message: increase min. ansible version from 2.9.7 to 2.9.12

Playbook information

---
- name: deploy tor server
  hosts: tor
  user: root
  gather_facts: no

  vars:
    tor_ContactInfo: xxxxxXXXxxxxx
    tor_signingkeylifetime_days: 90
    tor_nickname: xxxxx
    tor_IPv6: false

  tasks:
    - name: install gpg
      apt:
        name: gnupg
        state: present

  roles:
    - nusenu.relayor

OS information

• Host:
  • Proxmox Virtual Environment 6.2-11
  • Linux 5.4.44-2-pve # 1 SMP PVE 5.4.44-2 (Wed, 01 Jul 2020 16:37:57 +0200) x86_64 GNU/Linux
• LXD container
  • Debian GNU/Linux 10 (buster)

Debug information Please add the output of your ansible-playbook run using "-vvv".

• See ansible.log

[nusenu]

Hi, thanks for your report.

I fear this is specific to LXD since I haven't seen anyone using this role with containers.

Can you reproduce this on a Debian 10 VM as well?

[br-olf]

I tried it on the VM and couldn't reproduce the issue.

[nusenu]

this role is meant to be used with VM or on bare metal, closing.