RPM spec files for building the latest stable lxc/lxd/incus releases on Fedora COPR
License: MIT License
Contains spec files to build the latest stable LXC/Incus/LXD RPMs and related packages for Fedora COPR.
License: MIT
Hiya, running fedora 32 with your copr enabled and getting this from systemctl status lxcfs.service
lxcfs.service - FUSE filesystem for LXC
Loaded: loaded (/usr/lib/systemd/system/lxcfs.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-07-04 07:27:23 BST; 2h 13min ago
Docs: man:lxcfs(1)
Process: 966 ExecStart=/usr/bin/lxcfs /var/lib/lxcfs (code=exited, status=1/FAILURE)
Process: 968 ExecStopPost=/bin/fusermount -u /var/lib/lxcfs (code=exited, status=203/EXEC)
Main PID: 966 (code=exited, status=1/FAILURE)
Jul 04 07:27:23 electronicbox systemd[1]: lxcfs.service: Scheduled restart job, restart counter is at 5.
Jul 04 07:27:23 electronicbox systemd[1]: Stopped FUSE filesystem for LXC.
Jul 04 07:27:23 electronicbox systemd[1]: lxcfs.service: Start request repeated too quickly.
Jul 04 07:27:23 electronicbox systemd[1]: lxcfs.service: Failed with result 'exit-code'.
Jul 04 07:27:23 electronicbox systemd[1]: Failed to start FUSE filesystem for LXC.
Hiya, thanks for your continued work on these packages, I just noticed LXD and LXCFS have been updating, is there any plans to upgrade the standalone LXC to its 5 version, its current version is 5.0.1 wheres fedora and your packages are still on 4.0.12 I think, many thanks to you and your packages :)
After an update from Fedora 33 to Fedora 34 the containers will fail to start with:
lxc test 20211205180956.221 ERROR start - start.c:core_scheduling:1572 - No such device - Failed to create new core scheduling domain
lxc test 20211205180956.222 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:867 - Received container state "ABORTING" instead of "RUNNING"
lxc test 20211205180956.227 ERROR start - start.c:__lxc_start:2068 - Failed to spawn container "ipa"
lxc test 20211205180956.227 WARN start - start.c:lxc_abort:1038 - No such process - Failed to send SIGKILL via pidfd 41 for process 914115
lxc 20211205181001.306 ERROR af_unix - af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20211205181001.306 ERROR commands - commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors
Both Fedora releases used lxd-4.19
On the x86_64/aarch64/armhfp architectures of Fedora 31/32 the raft test suite fails with:
===================================
raft 0.9.24: ./test-suite.log
===================================
# TOTAL: 5
# PASS: 4
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
.. contents:: :depth: 2
FAIL: test/integration/uv
=========================
Running test suite with seed 0x06f4451d...
init/dirTooLong [ OK ] [ 0.00002815 / 0.00001289 CPU ]
init/oom
heap-fault-delay=1, heap-fault-repeat=1 [ ERROR ]
Error: test/integration/test_uv_init.c:156: assertion failed: _rv == 1 (0 == 1)
Error: child killed by signal 6 (Aborted)
Hi.
I was trying create a fedora 40 beta with DistroBuilder tool.
Initially, I did think that problem is distro be Beta.
I did try again with files was previously generated, which have already worked.
Well... the problem did same!
I used something like:
lxc-create -n fedora -t local -- --metadata meta.tar.xz --fstree rootfs.tar.xz
and I receive the follow error:
lxc-create: fedora: ../src/lxc/parse.c: lxc_file_for_each_line_mmap: 78 No such file or directory - Failed to open file "LXC_TEMPLATE_CONFIG/common.conf"
lxc-create: fedora: ../src/lxc/parse.c: lxc_file_for_each_line_mmap: 129 Failed to parse config file "/var/lib/lxc/fedora/config" at line "lxc.include = LXC_TEMPLATE_CONFIG/common.conf"
lxc-create: fedora: ../src/lxc/tools/lxc_create.c: lxc_create_main: 318 Failed to create container fedora
After some tests and sometime after, so I did remember that templates are Shell scripts...
The problem was generated by set TEMPLATES_FILES before to set LXC_PATH!
I did make some tests... and create the follow patch:
--- a/usr/share/lxc/templates/lxc-local 2024-04-12 21:00:00.000000000 -0300
+++ b/usr/share/lxc/templates/lxc-local 2024-04-20 16:34:32.173400930 -0300
@@ -18,7 +18,8 @@
COMPAT_LEVEL=5
EXCLUDES=""
-TEMPLATE_FILES="${LXC_PATH}/config"
+# TEMPLATE_FILES="${LXC_PATH}/config;${LXC_ROOTFS}/etc/hostname;${LXC_ROOTFS}/etc/hosts"
+# Set only after to define LC_PATH and LXC_ROOTFS ...
# Make sure the usual locations are in PATH
@@ -93,6 +94,8 @@
esac
done
+TEMPLATE_FILES="${LXC_PATH}/config;${LXC_ROOTFS}/etc/hostname;${LXC_ROOTFS}/etc/hosts"
+
# Check for required binaries
for bin in tar xz; do
if ! command -V "${bin}" >/dev/null 2>&1; then
Well... I took the opportunity to adjust too LXC_NAME at /etc/hosts and /etc/hostname at container.
I hoped to helped you.
LXD supports multi-user setup starting from 4.22:
https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215
However, all documentation about the multi-user setup uses snap to config.
Does your package support multi-user installation? How do I enable it?
Recently the TestGetAllXattr() test started failing on the Fedora COPR instances on all releases and all architectures except aarch64:
[...]
Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.TMDaM8
+ umask 022
+ cd /builddir/build/BUILD
+ cd lxd-5.20
+ export GOPATH=/builddir/build/BUILDROOT/lxd-5.20-0.1.fc39.x86_64//usr/share/gocode:/usr/share/gocode
+ GOPATH=/builddir/build/BUILDROOT/lxd-5.20-0.1.fc39.x86_64//usr/share/gocode:/usr/share/gocode
+ export 'CGO_LDFLAGS_ALLOW=(-Wl,-wrap,pthread_create)|(-Wl,-z,now)'
+ CGO_LDFLAGS_ALLOW='(-Wl,-wrap,pthread_create)|(-Wl,-z,now)'
+ GO_LDFLAGS=' -X github.com/canonical/lxd/version=5.20'
+ GO_TEST_FLAGS='-buildmode pie -compiler gc -v -tags libsqlite3'
+ GO_TEST_EXT_LD_FLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes '
+ go-rpm-integration check -i github.com/canonical/lxd -b /builddir/build/BUILD/lxd-5.20/_build/bin -s /builddir/build/BUILD/lxd-5.20/_build -V 5.20-0.1.fc39 -p /builddir/build/BUILDROOT/lxd-5.20-0.1.fc39.x86_64 -g /usr/share/gocode -r '.*example.*' -v -t github.com/canonical/lxd/test -d github.com/canonical/lxd/lxc-to-lxd
Testing in: /builddir/build/BUILD/lxd-5.20/_build/src
PATH: /builddir/build/BUILD/lxd-5.20/_build/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin
GOPATH: /builddir/build/BUILD/lxd-5.20/_build:/builddir/build/BUILDROOT/lxd-5.20-0.1.fc39.x86_64//usr/share/gocode:/usr/share/gocode:/usr/share/gocode
GO111MODULE: off
command: go test -buildmode pie -compiler gc -v -tags libsqlite3 -ldflags " -X github.com/canonical/lxd/version=5.20 -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes '"
testing: github.com/canonical/lxd
[...]
github.com/canonical/lxd/shared
=== RUN TestGetAllXattr
util_linux_test.go:75: Expected to find extended attribute security.selinux with a value of unconfined_u:object_r:user_tmp_t:s0� on regular file but did not find it.
--- FAIL: TestGetAllXattr (0.00s)
=== RUN TestURLEncode
--- PASS: TestURLEncode (0.00s)
=== RUN TestUrlsJoin
--- PASS: TestUrlsJoin (0.00s)
=== RUN TestFileCopy
--- PASS: TestFileCopy (0.00s)
=== RUN TestDirCopy
--- PASS: TestDirCopy (0.00s)
=== RUN TestReaderToChannel
--- PASS: TestReaderToChannel (0.01s)
=== RUN TestGetExpiry
--- PASS: TestGetExpiry (0.00s)
=== RUN TestHasKey
--- PASS: TestHasKey (0.00s)
=== RUN TestRemoveElementsFromStringSlice
--- PASS: TestRemoveElementsFromStringSlice (0.00s)
=== RUN TestKeyPairAndCA
--- PASS: TestKeyPairAndCA (0.00s)
=== RUN TestGenerateMemCert
--- PASS: TestGenerateMemCert (0.00s)
FAIL
exit status 1
FAIL github.com/canonical/lxd/shared 0.021s
RPM build warnings:
RPM build errors:
error: Bad exit status from /var/tmp/rpm-tmp.TMDaM8 (%check)
Setting %{thisgofilelist} = devel.file-list
Setting %{currentgoipath} = github.com/canonical/lxd
Setting %{currentgosourcedir} = /builddir/build/BUILD/lxd-5.20
Setting %{currentgofilelist} = devel.file-list
Setting %{currentversion} = 5.20
Setting %{currentgoldflags} = -X github.com/canonical/lxd/version=5.20
Bad exit status from /var/tmp/rpm-tmp.TMDaM8 (%check)
Finish: rpmbuild lxd-5.20-0.1.fc39.src.rpm
Finish: build phase for lxd-5.20-0.1.fc39.src.rpm
I guess it has to do with the fact that the build system is having SELinux enabled and the build directory is on a tmpfs:
Storage (chroot, cache_topdir):
Filesystem Type Size Used Avail Use% Mounted on
mock_chroot_tmpfs tmpfs 151G 207M 151G 1% /var/lib/mock/fedora-39-x86_64-1714234046.102517/root
mock_cache_tmpfs tmpfs 35G 409M 34G 2% /var/cache/mock
I cannot reproduce this on my local machine (without SELinux)
In 5.18 and before there was an lxd.profile that set the LXD_SOCKET to /run/lxd.socket and the lxd.socket has the same change. This and possibly other changes made lxd work with SELinux in enforcing mode and why I haven't switched over to incus yet.
Was this change intended? It brings things to parity with incus.
The LXD spec file for >=lxd-4.3 fails to build on aarch64 for >=Fedora-33 (1.15-1.fc33/1.15.1-1.fc34). Unfortunately there is no clear build failure but it would always abort when trying to build github.com/spf13/cobra/doc as part of the lxd binary:
[...]
+ export GOPATH=/builddir/build/BUILD/lxd-4.5/_output:/builddir/build/BUILD/lxd-4.5:/usr/share/gocode
+ GOPATH=/builddir/build/BUILD/lxd-4.5/_output:/builddir/build/BUILD/lxd-4.5:/usr/share/gocode
+ unset LDFLAGS
+ export 'CGO_CFLAGS=-I/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/include/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/include/'
+ CGO_CFLAGS='-I/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/include/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/include/'
+ export 'CGO_LDFLAGS=-L/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/.libs/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/.libs/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/.libs/ -Wl,-rpath,/usr/lib64/lxd'
+ CGO_LDFLAGS='-L/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/.libs/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/.libs/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/.libs/ -Wl,-rpath,/usr/lib64/lxd'
+ export LD_LIBRARY_PATH=/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/.libs/:/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/:/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/.libs/:/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/.libs/
+ LD_LIBRARY_PATH=/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/.libs/:/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/:/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/.libs/:/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/.libs/
+ export CGO_LDFLAGS_ALLOW=-Wl,-wrap,pthread_create
+ CGO_LDFLAGS_ALLOW=-Wl,-wrap,pthread_create
+ for cmd in lxd lxc fuidshift lxd-benchmark lxc-to-lxd
+ BUILDTAGS=libsqlite3
++ head -c20 /dev/urandom
++ tr -d ' \n'
++ od -An -tx1
+ GOPATH=/builddir/build/BUILD/lxd-4.5/_build:/builddir/build/BUILD/lxd-4.5/_output:/builddir/build/BUILD/lxd-4.5:/usr/share/gocode:/usr/share/gocode
+ GO111MODULE=off
+ go build -buildmode pie -compiler gc '-tags=rpm_crashtraceback libsqlite3' -ldflags '-X github.com/lxc/lxd/version=4.5 -B 0xe952e8dee391a6b9b738499f509ecf65732698b2 -extldflags '\''-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '\''' -a -v -x -o /builddir/build/BUILD/lxd-4.5/_build/bin/lxd github.com/lxc/lxd/lxd
[...]
cd /builddir/build/BUILD/lxd-4.5/_build/src/github.com/lxc/lxd/vendor/github.com/spf13/cobra/doc
/usr/lib/golang/pkg/tool/linux_arm64/compile -o $WORK/b350/_pkg_.a -trimpath "$WORK/b350=>" -shared -p github.com/lxc/lxd/vendor/github.com/spf13/cobra/doc -complete -installsuffix shared -buildid F7yqV7gz_lrMzjFqiaJP/F7yqV7gz_lrMzjFqiaJP -goversion go1.15.1 -D "" -importcfg $WORK/b350/importcfg -pack ./man_docs.go ./md_docs.go ./rest_docs.go ./util.go ./yaml_docs.go
/usr/lib/golang/pkg/tool/linux_arm64/buildid -w $WORK/b350/_pkg_.a # internal
cp $WORK/b350/_pkg_.a /builddir/.cache/go-build/1d/1d36b0fc73b949a1f633a60f9387540ab92dfb6cc7c7f33d8a652b1f09129d0a-d # internal
/usr/lib/golang/pkg/tool/linux_arm64/buildid -w $WORK/b340/_pkg_.a # internal
cp $WORK/b340/_pkg_.a /builddir/.cache/go-build/68/681f9b0f83ad667bfc9540eae69b97342491eb8631e716e0483032aa467d9f28-d # internal
error: Bad exit status from /var/tmp/rpm-tmp.cC1Udw (%build)
Setting %{thisgofilelist} = devel.file-list
Setting %{currentgoipath} = github.com/lxc/lxd
Setting %{currentgosourcedir} = /builddir/build/BUILD/lxd-4.5
Setting %{currentgofilelist} = devel.file-list
Setting %{currentversion} = 4.5
Setting %{currentgoldflags} = -X github.com/lxc/lxd/version=4.5
Bad exit status from /var/tmp/rpm-tmp.cC1Udw (%build)
See e.g. ganto/lxc4: COPR build 01652912 - build.log.gz
On Fedora 31/32 (using 1.13.14-1.fc31 and golang-1.14.7-1.fc32) the aarch64 build is successful.
As a follow up to #29, Incus have now also packaged their UI fork upstream, which could be reflected here.
The LXD Snap brings an LXD UI since v5.14:
Is there a chance this could be included in these LXD builds here?
As per the definition of the snap, this only seems to copy some static files into an expected location, and is then available?
ui.enabled=true then exports an environment variable with the location of the UI:
LXD activates the UI, if this variable is present and set:
https://github.com/canonical/lxd/blob/1be6a0bc5e65a157d32afbac4b24ee3b0d8fc791/lxd/api.go#L70-L71
Would it be possible to replicate these steps with the COPR and RPM build infrastructure?
Else I've seen plans in Incus land to repackage it, which could be used as a reference point.
Incus currently fails to build for Fedora Rawhide (40) on all architectures:
+ sphinx-build -c doc/ -b dirhtml doc/ doc/html/
Running Sphinx v7.2.6
Exception occurred:
File "/usr/lib/python3.12/site-packages/notfound/extension.py", line 315, in setup
from sphinx.builders.html import setup_js_tag_helper
ImportError: cannot import name 'setup_js_tag_helper' from 'sphinx.builders.html' (/usr/lib/python3.12/site-packages/sphinx/builders/html/__init__.py)
The full traceback has been saved in /tmp/sphinx-err-ze15izlu.log, if you want to report the issue to the developers.
Please also report this if it was a user error, so that a better error message can be provided next time.
A bug report can be filed in the tracker at <https://github.com/sphinx-doc/sphinx/issues>. Thanks!
Using /builddir/build/BUILD/incus-0.2/_build/bin/incus to generate man pages.
I guess there is some breaking change in Sphinx. Fedora 39 still uses Sphinx v6.2.1.
For Incus and LXD VMs, secureboot config key must be set to false.
We can instead create symlinks to match the expected name. Inside /usr/share/edk/ovmf. If on an immutable system you will need to do this in a different location, symlink the full path, and change the {INCUS,LXD}_OVMF_PATH in {incus,lxd}.service file.
ln -s OVMF_CODE.secboot.fd OVMF_CODE.ms.fd
ln -s OVMF_VARS.secboot.fd OVMF_VARS.ms.fd
This should be enough to no longer need the secuerboot config key.
When installing the lxd-agent RPM on a VM that is managed via LXD and therefore has the agent already setup via the RPM scriptlet will disable the systemd service:
# dnf install lxd-agent ...
[...]
Installing : lxd-agent-4.12-0.1.fc33.x86_64 22/22
Running scriptlet: lxd-agent-4.12-0.1.fc33.x86_64 22/22
Removed /etc/systemd/system/multi-user.target.wants/lxd-agent.service.
[...]
After a reboot the lxd-agent systemd service might not automatically start anymore which disables some features provided through the lxd-agent (e.g. direct shell access to the VM)
The test suite from dqlite and cowsql sometimes fail to correctly build on Fedora for the ppc64le architecture. A rebuild of the packages would usually "fix" the issue. E.g.:
cluster/restart
num_records=0 [ OK ] [ 0.07839130 / 0.00605561 CPU ]
num_records=1 [ OK ] [ 0.08852291 / 0.00816774 CPU ]
num_records=256 [ ERROR ]
Error: test/lib/server.c:113: assertion failed: rv == 0 (1 == 0)
Error: child killed by signal 6 (Aborted)
num_records=993 [ ERROR ]
Error: test/lib/server.c:113: assertion failed: rv == 0 (1 == 0)
Error: child killed by signal 6 (Aborted)
num_records=2200 [ ERROR ]
Error: test/lib/server.c:113: assertion failed: rv == 0 (1 == 0)
Error: child killed by signal 6 (Aborted)
membership/transferTwicePendingTransaction
disk_mode=0 [ OK ] [ 0.33617061 / 0.02036653 CPU ]
disk_mode=1 [ ERROR ]
Error: test/integration/test_membership.c:335: assertion failed: rv_ == 0 (1 == 0)
Error: child killed by signal 6 (Aborted)
Also see also canonical/dqlite#448 for another example.
I was a long time user of the lxc3 packages your provided. Thank you very much for your work in that area!
I found the lxc4 repo, but the page on copr very much makes it seem as though these packages aren't really ready for use yet. There aren't instructions included as there were in the lxc3 package page.
Are these packages ready for general use? If so, can documentation for their installation be provided? Even just a "Do the same things as you did for the lxc3" packages would be fine if the steps are indeed the same.
I'm using Fedora KDE 33. Using default settings and LXD created lxdbr0, I'm only able to ping ipv6 outside the container, receiving no ipv4 DHCP inside the container.
I've turned off the host dnsmasq and ran lxd init again to see if that would help, and no dice.
Inside an Ubuntu container, I'm able to use Netplan to turn off DHCP v4 and set a static ipv4 and using the lxd bridge as default gateway. This then allows me to ping out to ipv4 addresses, but still completely failing DNS resolution. Setting nameservers in Netplan doesn't help, and I can't download NetworkManager to manage DNS resolution because DNS resolution isn't working.
Chaging resolvconf nameserves / setting Iptables to allow all traffic in and out doesn't seem to help.
Same issue also inside happening in Fedora/33 containers.
I'm using latest copr lx4 builds as of 3/18/21.
Hi,
I have checked your COPR repository and it seems quite good and maintained with great care. Some of your packages are not yet officially packaged on Fedora. Could you please consider adding missing packages to Fedora Review process? It seems to me they would pass fine and you are already a packager.
I miss those packages you have already prepared:
Since you have already spent nontrivial effort to make and maintain them, could you maintain them in Fedora directly, please? Is there anything I can help you with making them official? I guess you could ask co-maintainer rights on the rest of packages also. Is there specific reason why you keep them updated here, but not in official repositories?
COPR build for dqlite-1.6.0-0.1.20200926git867d7b2.fc32 fails the "client/query" test on x86_64:
=======================================
libdqlite 1.5.0: ./test-suite.log
=======================================
# TOTAL: 2
# PASS: 1
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
.. contents:: :depth: 2
FAIL: integration-test
======================
Running test suite with seed 0x1f423a5b...
client/exec [ OK ] [ 0.00417511 / 0.00398783 CPU ]
client/query [ ERROR ]
Error: child killed by signal 13 (Broken pipe)
membership/join [ OK ] [ 1.00875907 / 0.01330154 CPU ]
node/start [ OK ] [ 0.00036561 / 0.00034499 CPU ]
vfs/open [ OK ] [ 0.00032492 / 0.00029877 CPU ]
vfs/writeTransactionNotImmediatelyVisible [ OK ] [ 0.00064395 / 0.00061455 CPU ]
vfs/pollAfterWriteTransaction [ OK ] [ 0.00043383 / 0.00041958 CPU ]
vfs/pollAcquireWriteLock [ OK ] [ 0.00064578 / 0.00061488 CPU ]
vfs/pollAfterPageStress [ OK ] [ 0.00466281 / 0.00449995 CPU ]
vfs/applyMakesTransactionVisible [ OK ] [ 0.00040761 / 0.00040868 CPU ]
vfs/applyExplicitTransaction [ OK ] [ 0.00061024 / 0.00044929 CPU ]
vfs/consecutiveWriteTransactions [ OK ] [ 0.00042698 / 0.00038397 CPU ]
vfs/reopenAfterConsecutiveWriteTransactions [ OK ] [ 0.00056896 / 0.00051313 CPU ]
vfs/transactionIsVisibleFromExistingConnection [ OK ] [ 0.00046665 / 0.00044292 CPU ]
vfs/transactionIsVisibleFromNewConnection [ OK ] [ 0.00045893 / 0.00042597 CPU ]
vfs/transactionIsVisibleFromReopenedConnection [ OK ] [ 0.00045785 / 0.00043307 CPU ]
vfs/firstApplyOnDifferentVfs [ OK ] [ 0.00045809 / 0.00043754 CPU ]
vfs/secondApplyOnDifferentVfs [ OK ] [ 0.00045621 / 0.00043476 CPU ]
vfs/applyOnDifferentVfsWithOpenConnection [ OK ] [ 0.00056522 / 0.00054421 CPU ]
vfs/transactionVisibleOnDifferentVfs [ OK ] [ 0.00053969 / 0.00051514 CPU ]
vfs/abort [ OK ] [ 0.00048792 / 0.00046810 CPU ]
vfs/checkpoint [ OK ] [ 0.00048668 / 0.00046534 CPU ]
vfs/applyOnDifferentVfsAfterCheckpoint [ OK ] [ 0.00065203 / 0.00063225 CPU ]
vfs/checkpointThenPerformTransaction [ OK ] [ 0.00059933 / 0.00059980 CPU ]
vfs/rollbackTransactionWithoutPageStress [ OK ] [ 0.00031064 / 0.00031092 CPU ]
vfs/rollbackTransactionWithPageStress [ OK ] [ 0.00060312 / 0.00060329 CPU ]
vfs/snapshotInitialDatabase [ OK ] [ 0.00019610 / 0.00019591 CPU ]
vfs/snapshotAfterFirstTransaction [ OK ] [ 0.00036460 / 0.00031371 CPU ]
vfs/snapshotAfterCheckpoint [ OK ] [ 0.00028715 / 0.00028720 CPU ]
vfs/restoreInitialDatabase [ OK ] [ 0.00028544 / 0.00028546 CPU ]
vfs/restoreAfterFirstTransaction [ OK ] [ 0.00049534 / 0.00049562 CPU ]
vfs/restoreWithOpenConnection [ OK ] [ 0.00045929 / 0.00045952 CPU ]
31 of 32 (97%) tests successful, 0 (0%) test skipped.
FAIL integration-test (exit status: 1)
============================================================================
Testsuite summary for libdqlite 1.5.0
============================================================================
# TOTAL: 2
# PASS: 1
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
============================================================================
See ./test-suite.log
Please report to https://github.com/canonical/dqlite
============================================================================
Issue cannot be reproduced locally, needs investigation.
LXD can serve its documentation via network socket. For this the environment variable INCUS_DOCUMENTATION/LXD_DOCUMENTATION must point to the documentation folder:
Extend init script with this environment variable that points to the directory of incus-doc/lxd-doc.
Attempting to build the RPM of >=raft-0.18.2 (from cowsql/raft) via mock on Fedora 38 fails with:
FAIL: test/unit/uv
==================
Running test suite with seed 0x7fe5bd45...
UvWriterClose/aio
dir-fs=btrfs [ SKIP ]
dir-fs=ext4 [ SKIP ]
dir-fs=xfs [ SKIP ]
UvWriterClose/threadpool
dir-fs=tmpfs [ SKIP ]
dir-fs=zfs [ SKIP ]
UvWriterSubmit/noResources
dir-fs=tmpfs [ SKIP ]
dir-fs=zfs [ SKIP ]
UvWriterSubmit/concurrentSame
dir-fs=tmpfs [ SKIP ]
dir-fs=ext4 [ SKIP ]
dir-fs=btrfs [ SKIP ]
dir-fs=xfs [ SKIP ]
dir-fs=zfs [ SKIP ]
UvWriterSubmit/concurrent
dir-fs=tmpfs [ SKIP ]
dir-fs=ext4 [ SKIP ]
dir-fs=btrfs [ SKIP ]
dir-fs=xfs [ SKIP ]
dir-fs=zfs [ SKIP ]
UvWriterSubmit/beyondEOF
dir-fs=tmpfs [ SKIP ]
dir-fs=ext4 [ SKIP ]
dir-fs=btrfs [ SKIP ]
dir-fs=xfs [ SKIP ]
dir-fs=zfs [ SKIP ]
UvWriterSubmit/vecTwice
dir-fs=tmpfs [ SKIP ]
dir-fs=ext4 [ SKIP ]
dir-fs=btrfs [ SKIP ]
dir-fs=xfs [ SKIP ]
dir-fs=zfs [ SKIP ]
UvWriterSubmit/vec
dir-fs=tmpfs [ SKIP ]
dir-fs=ext4 [ SKIP ]
dir-fs=btrfs [ SKIP ]
dir-fs=xfs [ SKIP ]
dir-fs=zfs [ SKIP ]
UvWriterSubmit/twice
dir-fs=tmpfs [ SKIP ]
dir-fs=ext4 [ SKIP ]
dir-fs=btrfs [ SKIP ]
dir-fs=xfs [ SKIP ]
dir-fs=zfs [ SKIP ]
UvWriterSubmit/two
dir-fs=tmpfs [ SKIP ]
dir-fs=ext4 [ SKIP ]
dir-fs=btrfs [ SKIP ]
dir-fs=xfs [ SKIP ]
dir-fs=zfs [ SKIP ]
UvWriterSubmit/one
dir-fs=tmpfs [ SKIP ]
dir-fs=ext4 [ SKIP ]
dir-fs=btrfs [ SKIP ]
dir-fs=xfs [ SKIP ]
dir-fs=zfs [ SKIP ]
UvWriterInit/noResources [ ERROR ]
Error: test/unit/test_uv_writer.c:256: assertion failed: _rv == RAFT_TOOMANY (0 == 23)
Error: child killed by signal 6 (Aborted)
UvOsJoin/dirAndFilenameMax [ OK ] [ 0.00003054 / 0.00003026 CPU ]
UvOsJoin/dirAndFilenameTooLong [ OK ] [ 0.00001283 / 0.00001264 CPU ]
UvOsJoin/filenameTooLong [ OK ] [ 0.00000978 / 0.00000937 CPU ]
UvOsJoin/dirTooLong [ OK ] [ 0.00001116 / 0.00001086 CPU ]
UvOsJoin/basic [ OK ] [ 0.00000747 / 0.00000724 CPU ]
UvFsRenameFile/same [ OK ] [ 0.04239300 / 0.00061866 CPU ]
UvFsRenameFile/rename [ OK ] [ 0.03020970 / 0.00062390 CPU ]
UvFsMakeFile/exists [ OK ] [ 0.05205354 / 0.00108483 CPU ]
UvFsMakeFile/notExists [ OK ] [ 0.04082608 / 0.00059668 CPU ]
UvFsProbeCapabilities/noResources [ SKIP ]
UvFsProbeCapabilities/noSpace [ SKIP ]
UvFsProbeCapabilities/noAccess [ OK ] [ 0.00003693 / 0.00003672 CPU ]
UvFsProbeCapabilities/aio
dir-fs=btrfs [ SKIP ]
dir-fs=ext4 [ SKIP ]
dir-fs=xfs [ SKIP ]
UvFsProbeCapabilities/zfsDirectIO [ SKIP ]
UvFsProbeCapabilities/tmpfs [ SKIP ]
UvFsAllocateFile/noSpace
dir-fs=tmpfs [ SKIP ]
UvFsAllocateFile/fileAlreadyExists [ OK ] [ 0.00003526 / 0.00003513 CPU ]
UvFsAllocateFile/dirNoExists [ OK ] [ 0.00002953 / 0.00002947 CPU ]
UvFsAllocateFile/success [ OK ] [ 0.00005135 / 0.00005133 CPU ]
UvFsOpenFileForReading/noExists [ OK ] [ 0.00001578 / 0.00001562 CPU ]
UvFsSyncDir/noExists [ OK ] [ 0.00003273 / 0.00003256 CPU ]
UvFsCheckDir/notWritable [ OK ] [ 0.00002304 / 0.00002278 CPU ]
UvFsCheckDir/notDir [ OK ] [ 0.00003940 / 0.00003929 CPU ]
UvFsCheckDir/notDirPrefix [ OK ] [ 0.00002816 / 0.00002796 CPU ]
UvFsCheckDir/permissionDenied [ OK ] [ 0.00003916 / 0.00003906 CPU ]
UvFsCheckDir/doesNotExist [ OK ] [ 0.00001378 / 0.00001368 CPU ]
UvFsCheckDir/exists [ OK ] [ 0.00001266 / 0.00001241 CPU ]
21 of 22 (95%) tests successful, 55 (71%) test skipped.
FAIL test/unit/uv (exit status: 1)
FAIL: test/integration/uv
=========================
Running test suite with seed 0x21ca1d33...
snapshot_truncate/snapshotThenTruncate [ ERROR ]
src/uv_append.c:598 - enqueue 4 entries
src/uv_prepare.c:166 - create open segment open-1
src/uv_append.c:630 - set uv->append_next_index 5
src/uv_append.c:598 - enqueue 4 entries
src/uv_append.c:630 - set uv->append_next_index 9
src/uv_append.c:598 - enqueue 4 entries
src/uv_append.c:630 - set uv->append_next_index 13
src/uv_snapshot.c:622 - put snapshot at 6, keeping 8192
src/uv_append.c:815 - UvBarrier uv->append_next_index:13
src/uv_truncate.c:173 - uv truncate 8
src/uv_append.c:815 - UvBarrier uv->append_next_index:8
src/uv_prepare.c:232 - completed creation of open-1
src/uv_prepare.c:166 - create open segment open-2
src/uv_finalize.c: 39 - finalize open-1 into 0000000000000001-0000000000000004
src/uv_prepare.c:232 - completed creation of open-2
src/uv_append.c:462 - prepare segment ready failed (23)
src/uv_append.c:111 - rollback uv->append_next_index was:8
src/uv_append.c:114 - rollback uv->append_next_index now:4
src/uv_append.c:111 - rollback uv->append_next_index was:4
src/uv_append.c:114 - rollback uv->append_next_index now:0
Error: test/integration/test_uv_truncate_snapshot.c:42: assertion failed: status == result->status (23 == 0)
Error: child killed by signal 6 (Aborted)
The LXD spec file for >=lxd-4.3 fails to build on x86_64 for >=Fedora-33 (1.15-1.fc33/1.15.1-1.fc34). Unfortunately there is no clear build failure but it would always abort when trying to build gopkg.in/fsnotify.v0 as part of the lxd binary:
[...]
+ export GOPATH=/builddir/build/BUILD/lxd-4.5/_output:/builddir/build/BUILD/lxd-4.5:/usr/share/gocode
+ GOPATH=/builddir/build/BUILD/lxd-4.5/_output:/builddir/build/BUILD/lxd-4.5:/usr/share/gocode
+ unset LDFLAGS
+ export 'CGO_CFLAGS=-I/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/include/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/include/'
+ CGO_CFLAGS='-I/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/include/ -I/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/include/'
+ export 'CGO_LDFLAGS=-L/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/.libs/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/.libs/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/.libs/ -Wl,-rpath,/usr/lib64/lxd'
+ CGO_LDFLAGS='-L/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/.libs/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/.libs/ -L/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/.libs/ -Wl,-rpath,/usr/lib64/lxd'
+ export LD_LIBRARY_PATH=/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/.libs/:/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/:/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/.libs/:/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/.libs/
+ LD_LIBRARY_PATH=/builddir/build/BUILD/lxd-4.5/_dist/deps/sqlite/.libs/:/builddir/build/BUILD/lxd-4.5/_dist/deps/libco/:/builddir/build/BUILD/lxd-4.5/_dist/deps/raft/.libs/:/builddir/build/BUILD/lxd-4.5/_dist/deps/dqlite/.libs/
+ export CGO_LDFLAGS_ALLOW=-Wl,-wrap,pthread_create
+ CGO_LDFLAGS_ALLOW=-Wl,-wrap,pthread_create
+ for cmd in lxd lxc fuidshift lxd-benchmark lxc-to-lxd
+ BUILDTAGS=libsqlite3
++ tr -d ' \n'
++ od -An -tx1
++ head -c20 /dev/urandom
+ GOPATH=/builddir/build/BUILD/lxd-4.5/_build:/builddir/build/BUILD/lxd-4.5/_output:/builddir/build/BUILD/lxd-4.5:/usr/share/gocode:/usr/share/gocode
+ GO111MODULE=off
+ go build -buildmode pie -compiler gc '-tags=rpm_crashtraceback libsqlite3' -ldflags '-X github.com/lxc/lxd/version=4.5 -B 0x5506634c95116b74f8e1c1973a65b4f40f62ef71 -extldflags '\''-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '\''' -a -v -x -o /builddir/build/BUILD/lxd-4.5/_build/bin/lxd github.com/lxc/lxd/lxd
[...]
cd /builddir/build/BUILD/lxd-4.5/_build/src/github.com/lxc/lxd/vendor/gopkg.in/fsnotify.v0
/usr/lib/golang/pkg/tool/linux_amd64/compile -o $WORK/b356/_pkg_.a -trimpath "$WORK/b356=>" -shared -p github.com/lxc/lxd/vendor/gopkg.in/fsnotify.v0 -complete -installsuffix shared -buildid sOHmd1iezqk94woZQgxu/sOHmd1iezqk94woZQgxu -goversion go1.15 -D "" -importcfg $WORK/b356/importcfg -pack ./fsnotify.go ./fsnotify_linux.go
/usr/lib/golang/pkg/tool/linux_amd64/buildid -w $WORK/b356/_pkg_.a # internal
cp $WORK/b356/_pkg_.a /builddir/.cache/go-build/3c/3cd82c06e247b55e6ad8532d1940185e004dcc1d061c61281093224c12360dae-d # internal
/usr/lib/golang/pkg/tool/linux_amd64/buildid -w $WORK/b342/_pkg_.a # internal
cp $WORK/b342/_pkg_.a /builddir/.cache/go-build/2f/2f05984d84a6868e3653c22b463505a9aeece7c6a6acf447cd1cae7cd5b70bc7-d # internal
error: Bad exit status from /var/tmp/rpm-tmp.22FGgw (%build)
Setting %{thisgofilelist} = devel.file-list
Setting %{currentgoipath} = github.com/lxc/lxd
Setting %{currentgosourcedir} = /builddir/build/BUILD/lxd-4.5
Setting %{currentgofilelist} = devel.file-list
Setting %{currentversion} = 4.5
Setting %{currentgoldflags} = -X github.com/lxc/lxd/version=4.5
Bad exit status from /var/tmp/rpm-tmp.22FGgw (%build)
See e.g. ganto/lxc4: COPR build 01652912 - build.log.gz
On Fedora 31/32 (using golang-1.13.14-1.fc31 and golang-1.14.7-1.fc32) the x86_64 build is successful. Also on i686 Fedora >=33 with >=golang-1.15.
When trying to build incus-0.3 from the release archive via RPM spec file the incusd binary build will fail with:
+ GOPATH=/builddir/build/BUILD/incus-0.3/_build:/usr/share/gocode
+ GO111MODULE=off
+ go build -buildmode pie -compiler gc '-tags=rpm_crashtraceback libsqlite3' -ldflags ' -X github.com/lxc/incus/version=0.3 -B 0x581a52dff56a33d675a511b550782a8c391d2eeb -compressdwarf=false -linkmode=external -extldflags '\''-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes '\''' -a -v -x -o /builddir/build/BUILD/incus-0.3/_build/lib/incusd github.com/lxc/incus/cmd/incusd
WORK=/tmp/go-build4146813390
_build/src/github.com/lxc/incus/vendor/github.com/openfga/go-sdk/oauth2/clientcredentials/clientcredentials.go:19:5: code in directory /builddir/build/BUILD/incus-0.3/_build/src/github.com/lxc/incus/vendor/github.com/openfga/go-sdk/oauth2 expects import "golang.org/x/oauth2"
_build/src/github.com/lxc/incus/vendor/github.com/openfga/go-sdk/credentials/credentials.go:9:5: code in directory /builddir/build/BUILD/incus-0.3/_build/src/github.com/lxc/incus/vendor/github.com/openfga/go-sdk/oauth2/clientcredentials expects import "golang.org/x/oauth2/clientcredentials"
The error doesn't happen when building the project via Makefile.
Startup error:
Oct 03 16:05:01 fedora32.example.com systemd[1]: Starting LXD - main daemon...
Oct 03 16:05:01 fedora32.example.com lxd[13867]: /usr/bin/lxd: symbol lookup error: /lib64/liblxc.so.1: undefined symbol: seccomp_notify_fd
Oct 03 16:05:01 fedora32.example.com lxd[13866]: /usr/bin/lxd: symbol lookup error: /lib64/liblxc.so.1: undefined symbol: seccomp_notify_fd
Oct 03 16:05:01 fedora32.example.com systemd[1]: lxd.service: Main process exited, code=exited, status=127/n/a
Oct 03 16:05:01 fedora32.example.com systemd[1]: lxd.service: Control process exited, code=exited, status=127/n/a
Oct 03 16:05:01 fedora32.example.com systemd[1]: lxd.service: Failed with result 'exit-code'.
Oct 03 16:05:01 fedora32.example.com systemd[1]: Failed to start LXD - main daemon.
Do you by any chance plan to include incus in this repo? https://github.com/lxc/incus
There's an upstream issue[1] with lxd and qemu >= 5.2.0 that just started affecting Fedora 34 since it ships qemu 5.2.0. It's fixed upstream[2], but not in a release yet.
1: https://github.com/lxc/lxd/issues/8416
2: https://github.com/lxc/lxd/pull/8700
Since this yesterday (2024-03-25), I encounter the following error.
Any idea how to way out of this situation ?
~$ dnf update --ref
...
Problem: package raft-0.22.0-1.fc39.x86_64 from updates conflicts with dqlite < 1.16.0-2 provided by dqlite-1.16.0-0.2.fc39.x86_64 from @System
- cannot install the best update candidate for package raft-0.22.0-0.1.fc39.x86_64
- cannot install the best update candidate for package dqlite-1.16.0-0.2.fc39.x86_64
====================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================
Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
raft x86_64 0.22.0-1.fc39 updates 105 k
Transaction Summary
====================================================================================================================
Skip 1 Package
~$ dnf info raft
Last metadata expiration check: 0:01:06 ago on lun. 25 mars 2024 15:14:11.
Installed Packages
Name : raft
Version : 0.22.0
Release : 0.1.fc39
Architecture : x86_64
Size : 223 k
Source : raft-0.22.0-0.1.fc39.src.rpm
Repository : @System
From repo : copr:copr.fedorainfracloud.org:ganto:lxc4
Summary : C implementation of the Raft consensus protocol
URL : https://raft.readthedocs.io/
License : LGPL-3.0-only WITH LGPL-3.0-linking-exception
Description : Fully asynchronous C implementation of the Raft consensus protocol. It consists
: of a core part that implements the core Raft algorithm logic and a pluggable
: interface defining the I/O implementation for networking and disk persistence.
Available Packages
Name : raft
Version : 0.22.0
Release : 1.fc39
Architecture : x86_64
Size : 105 k
Source : raft-0.22.0-1.fc39.src.rpm
Repository : updates
Summary : C implementation of the Raft consensus protocol
URL : https://raft.readthedocs.io/
License : LGPL-3.0-only WITH LGPL-3.0-linking-exception
Description : Fully asynchronous C implementation of the Raft consensus protocol. It consists
: of a core part that implements the core Raft algorithm logic and a pluggable
: interface defining the I/O implementation for networking and disk persistence.
Name : raft
Version : 0.22.0
Release : 0.1.fc39
Architecture : src
Size : 378 k
Source : None
Repository : copr:copr.fedorainfracloud.org:ganto:lxc4
Summary : C implementation of the Raft consensus protocol
URL : https://raft.readthedocs.io/
License : LGPL-3.0-only WITH LGPL-3.0-linking-exception
Description : Fully asynchronous C implementation of the Raft consensus protocol. It consists
: of a core part that implements the core Raft algorithm logic and a pluggable
: interface defining the I/O implementation for networking and disk persistence.
Name : raft
Version : 0.22.0
Release : 1.fc39
Architecture : i686
Size : 116 k
Source : raft-0.22.0-1.fc39.src.rpm
Repository : updates
Summary : C implementation of the Raft consensus protocol
URL : https://raft.readthedocs.io/
License : LGPL-3.0-only WITH LGPL-3.0-linking-exception
Description : Fully asynchronous C implementation of the Raft consensus protocol. It consists
: of a core part that implements the core Raft algorithm logic and a pluggable
: interface defining the I/O implementation for networking and disk persistence.
~$ dnf info dqlite
Fedora 39 - x86_64 - Updates 28 kB/s | 18 kB 00:00
Fedora 39 - x86_64 - Updates 1.6 MB/s | 2.5 MB 00:01
Last metadata expiration check: 0:00:08 ago on lun. 25 mars 2024 15:14:11.
Installed Packages
Name : dqlite
Version : 1.16.0
Release : 0.2.fc39
Architecture : x86_64
Size : 207 k
Source : dqlite-1.16.0-0.2.fc39.src.rpm
Repository : @System
From repo : copr:copr.fedorainfracloud.org:ganto:lxc4
Summary : Embeddable, replicated and fault tolerant SQL engine
URL : https://github.com/canonical/dqlite
License : LGPL-3.0-only WITH LGPL-3.0-linking-exception
Description : dqlite is a C library that implements an embeddable and replicated SQL database
: engine with high-availability and automatic failover.
Available Packages
Name : dqlite
Version : 1.15.1
Release : 1.fc39
Architecture : i686
Size : 101 k
Source : dqlite-1.15.1-1.fc39.src.rpm
Repository : fedora
Summary : Embeddable, replicated and fault tolerant SQL engine
URL : https://github.com/canonical/dqlite
License : LGPL-3.0-only WITH LGPL-3.0-linking-exception
Description : dqlite is a C library that implements an embeddable and replicated SQL database
: engine with high-availability and automatic failover.
Name : dqlite
Version : 1.16.0
Release : 0.2.fc39
Architecture : src
Size : 231 k
Source : None
Repository : copr:copr.fedorainfracloud.org:ganto:lxc4
Summary : Embeddable, replicated and fault tolerant SQL engine
URL : https://github.com/canonical/dqlite
License : LGPL-3.0-only WITH LGPL-3.0-linking-exception
Description : dqlite is a C library that implements an embeddable and replicated SQL database
: engine with high-availability and automatic failover.
Problems concerns LXD on a fresh install of Fedora 35 Server Edition.
Installation finishes succesfully, but systemd service fails to start with the following message:
Error: exec: "setfattr": executable file not found in $PATH
Manually installing the attr package with dnf solves the issue.
I was just happy to notice that work on version 4 has begun. I would like to point out a permission issue that exists with versions 3.18, 3.21 and 4.0 installed in CentOS 8.
If you create a CentOS 8 container and install Postfix, Postfix cannot be started afterwards.
...systemd[1]: Starting Postfix Mail Transport Agent...
... postfix[86]: /usr/libexec/postfix/postfix-script: line 127: /dev/null: Permission denied
... postfix/postfix-script[93]: fatal: the Postfix mail system is already running
For this I had posted a topic at linuxcontainers.org, see https://discuss.linuxcontainers.org/t/postfix-doesnt-run-in-an-lxd-fedora-31-container-permission-denied/7221
I had installed snap as a test and was able to reproduce the problem with version 3.21 as well as with 4.0. With Fedora 31 the problem did not occur (with version 4.0, version 3.21 did not run at al with snap).
The problem did not occur with CentOS 7.
Unfortunately I'm not familiar with go, and have no idea how to narrow down the problem more precisely.
incus fails to start because of two missing directories:
/var/lib/incus
/var/log/incus
Similar to #36 I think this can be solved with an ExecStartPre
Various operations of Incus violate the default SELinux policies present in Fedora.
systemctl start incus (unconfigured):type=AVC msg=audit(1703417537.466:123): avc: denied { create } for pid=1 comm="systemd" name="unix.socket" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file permissive=1
type=AVC msg=audit(1703417537.466:124): avc: denied { write } for pid=1 comm="systemd" name="unix.socket" dev="vda5" ino=65042 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file permissive=1
type=AVC msg=audit(1703417537.481:125): avc: denied { setattr } for pid=967 comm="(sd-chown)" name="unix.socket" dev="vda5" ino=65042 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file permissive=1
type=AVC msg=audit(1703417537.540:163): avc: denied { read write } for pid=972 comm="incusd" name="ptmx" dev="devtmpfs" ino=100 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ptmx_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1703417537.540:164): avc: denied { open } for pid=972 comm="incusd" path="/dev/ptmx" dev="devtmpfs" ino=100 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ptmx_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1703417537.540:165): avc: denied { ioctl } for pid=972 comm="incusd" path="/dev/ptmx" dev="devtmpfs" ino=100 ioctlcmd=0x5430 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ptmx_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1703417537.540:166): avc: denied { open } for pid=972 comm="incusd" path="/dev/pts/2" dev="devpts" ino=5 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1703417537.563:167): avc: denied { write } for pid=973 comm="incusd" name="unix.socket" dev="vda5" ino=65042 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file permissive=1
type=AVC msg=audit(1703417537.567:168): avc: denied { execute } for pid=992 comm="incusd" name=".incus_fcaps_v3_1595198027" dev="tmpfs" ino=33 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:init_tmp_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417537.585:169): avc: denied { create } for pid=972 comm="incusd" name=".test" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1703417537.585:170): avc: denied { read } for pid=972 comm="incusd" name=".test" dev="vda5" ino=65061 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1703417537.585:171): avc: denied { open } for pid=972 comm="incusd" path="/var/lib/incus/devices/.test" dev="vda5" ino=65061 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1703417537.585:172): avc: denied { unlink } for pid=972 comm="incusd" name=".test" dev="vda5" ino=65061 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1703417538.093:173): avc: denied { sqpoll } for pid=972 comm="incusd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=io_uring permissive=1
type=AVC msg=audit(1703417538.290:176): avc: denied { watch } for pid=972 comm="incusd" path="/dev" dev="devtmpfs" ino=1 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem permissive=1
type=AVC msg=audit(1703417538.290:177): avc: denied { watch_sb } for pid=972 comm="incusd" path="/dev" dev="devtmpfs" ino=1 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1703417538.291:178): avc: denied { create } for pid=972 comm="incusd" name="seccomp.socket" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file permissive=1
type=AVC msg=audit(1703417538.291:179): avc: denied { setattr } for pid=972 comm="incusd" name="seccomp.socket" dev="vda5" ino=65097 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file permissive=1
type=AVC msg=audit(1703417538.622:180): avc: denied { name_connect } for pid=972 comm="incusd" dest=443 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1703417539.864:182): avc: denied { create } for pid=972 comm="incusd" name="instance_types.yaml" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417539.864:183): avc: denied { write open } for pid=972 comm="incusd" path="/var/cache/incus/instance_types.yaml" dev="vda5" ino=65099 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
incus admin init --minimal:type=AVC msg=audit(1703417679.322:184): avc: denied { name_connect } for pid=972 comm="incusd" dest=22 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ssh_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1703417679.322:185): avc: denied { name_connect } for pid=972 comm="incusd" dest=22 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:ssh_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1703417680.384:186): avc: denied { read write } for pid=1056 comm="dnsmasq" path="/var/log/incus/dnsmasq.incusbr0.log" dev="vda5" ino=65116 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417680.386:187): avc: denied { search } for pid=1056 comm="dnsmasq" name="networks" dev="vda5" ino=65053 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1703417680.386:188): avc: denied { getattr } for pid=1056 comm="dnsmasq" path="/var/lib/incus/networks/incusbr0/dnsmasq.raw" dev="vda5" ino=65114 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417680.386:189): avc: denied { read } for pid=1056 comm="dnsmasq" name="dnsmasq.raw" dev="vda5" ino=65114 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417680.386:190): avc: denied { open } for pid=1056 comm="dnsmasq" path="/var/lib/incus/networks/incusbr0/dnsmasq.raw" dev="vda5" ino=65114 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417680.386:191): avc: denied { write } for pid=1056 comm="dnsmasq" name="incusbr0" dev="vda5" ino=65112 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1703417680.386:192): avc: denied { add_name } for pid=1056 comm="dnsmasq" name="dnsmasq.leases" scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1703417680.386:193): avc: denied { create } for pid=1056 comm="dnsmasq" name="dnsmasq.leases" scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417680.386:194): avc: denied { append } for pid=1056 comm="dnsmasq" path="/var/lib/incus/networks/incusbr0/dnsmasq.leases" dev="vda5" ino=65117 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417680.387:195): avc: denied { write } for pid=1056 comm="dnsmasq" name="dnsmasq.leases" dev="vda5" ino=65117 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417680.396:196): avc: denied { getattr } for pid=1056 comm="dnsmasq" path="/var/lib/incus/networks/incusbr0/dnsmasq.hosts" dev="vda5" ino=65115 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1703417680.396:197): avc: denied { read } for pid=1056 comm="dnsmasq" name="dnsmasq.hosts" dev="vda5" ino=65115 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1703417680.396:198): avc: denied { open } for pid=1056 comm="dnsmasq" path="/var/lib/incus/networks/incusbr0/dnsmasq.hosts" dev="vda5" ino=65115 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=dir permissive=1
incus launch images:ubuntu/22.04 ubuntu-container:type=AVC msg=audit(1703417886.399:204): avc: denied { name_connect } for pid=972 comm="incusd" dest=443 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1703417886.796:205): avc: denied { create } for pid=972 comm="incusd" name="index.json" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417886.796:206): avc: denied { write open } for pid=972 comm="incusd" path="/var/cache/incus/64bfbd0d406818492958140cedfac3be5f9cce7fd130ca14fa2cd586a2b6842e/index.json" dev="vda5" ino=65122 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417889.542:207): avc: denied { search } for pid=1056 comm="dnsmasq" name="networks" dev="vda5" ino=65053 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1703417889.542:208): avc: denied { getattr } for pid=1056 comm="dnsmasq" path="/var/lib/incus/networks/incusbr0/dnsmasq.hosts" dev="vda5" ino=65115 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1703417889.542:209): avc: denied { read } for pid=1056 comm="dnsmasq" name="dnsmasq.hosts" dev="vda5" ino=65115 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1703417889.542:210): avc: denied { open } for pid=1056 comm="dnsmasq" path="/var/lib/incus/networks/incusbr0/dnsmasq.hosts" dev="vda5" ino=65115 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1703417892.613:214): avc: denied { open } for pid=1180 comm="incusd" path="/usr/lib64/lxc/rootfs/dev/pts/ptmx" dev="devpts" ino=2 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1703417892.613:215): avc: denied { setattr } for pid=1180 comm="incusd" name="0" dev="devpts" ino=3 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1703417892.614:216): avc: denied { execute } for pid=1180 comm="incusd" name="systemd" dev="vda5" ino=68642 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417892.614:217): avc: denied { execute_no_trans } for pid=1180 comm="incusd" path="/usr/lib/systemd/systemd" dev="vda5" ino=68642 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417892.745:218): avc: denied { read } for pid=1304 comm="systemd-journal" name="meminfo" dev="fuse" ino=6 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417892.745:219): avc: denied { open } for pid=1304 comm="systemd-journal" path="/proc/meminfo" dev="fuse" ino=6 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417892.749:220): avc: denied { ioctl } for pid=1304 comm="systemd-journal" path="/proc/meminfo" dev="fuse" ino=6 ioctlcmd=0x5401 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417892.769:221): avc: denied { read } for pid=1340 comm="udevadm" name="subsystem" dev="fuse" ino=18 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file permissive=1
type=AVC msg=audit(1703417892.798:222): avc: denied { write } for pid=1340 comm="udevadm" name="uevent" dev="fuse" ino=26 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1703417892.825:223): avc: denied { create } for pid=1374 comm="systemd-network" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=netlink_generic_socket permissive=1
type=AVC msg=audit(1703417892.825:224): avc: denied { getopt } for pid=1374 comm="systemd-network" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=netlink_generic_socket permissive=1
type=AVC msg=audit(1703417892.825:225): avc: denied { setopt } for pid=1374 comm="systemd-network" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=netlink_generic_socket permissive=1
type=AVC msg=audit(1703417892.825:226): avc: denied { bind } for pid=1374 comm="systemd-network" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=netlink_generic_socket permissive=1
type=AVC msg=audit(1703417892.825:227): avc: denied { getattr } for pid=1374 comm="systemd-network" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=netlink_generic_socket permissive=1
type=AVC msg=audit(1703417892.891:228): avc: denied { execmem } for pid=1381 comm="networkd-dispat" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process permissive=1
type=AVC msg=audit(1703417893.970:229): avc: denied { create } for pid=1374 comm="systemd-network" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=rawip_socket permissive=1
type=AVC msg=audit(1703417893.970:230): avc: denied { setopt } for pid=1374 comm="systemd-network" lport=58 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=rawip_socket permissive=1
Measured on a Fedora 39 host with selinux-policy-39.3-1.fc39 and incus-0.4.
Incusd when ran causes the runtime directory /run/incus to have permissions of 0700, the issue was reported here lxc/incus#1003 and here lxc/incus#1010 a fix was commited here lxc/incus@d69c680 and awaiting a new update please to fix the RPM.
Thank you!
I noticed when I upgraded to Fedora 39 that it reinstalled the older versions of LXC as no 5.x version exists on your COPR repo for Fedora 39, could these be built please? many thanks
When trying to build incus-0.1 the %gocheck of github.com/lxc/incus/cmd/lxc-to-incus fails with:
github.com/lxc/incus/cmd/lxc-to-incus
=== RUN TestValidateConfig
2023/10/14 17:40:36 Running test #0: container migrated
Checking whether container has already been migrated 2023/10/14 17:40:36 Running test #1: container name missmatch (1) Checking whether container has already been migrated
2023/10/14 17:40:36 Running test #2: container name missmatch (2)
Checking whether container has already been migrated
2023/10/14 17:40:36 Running test #3: incomplete AppArmor support (1)
Checking whether container has already been migrated
Validating whether incomplete AppArmor support is enabled
2023/10/14 17:40:36 Running test #4: incomplete AppArmor support (2)
Checking whether container has already been migrated
Validating whether incomplete AppArmor support is enabled
2023/10/14 17:40:36 Running test #5: missing minimal /dev filesystem
Checking whether container has already been migrated
Validating whether incomplete AppArmor support is enabled
Validating whether mounting a minimal /dev is enabled
2023/10/14 17:40:36 Running test #6: missing lxc.rootfs key
Checking whether container has already been migrated
Validating whether incomplete AppArmor support is enabled
Validating whether mounting a minimal /dev is enabled
Validating container rootfs
2023/10/14 17:40:36 Running test #7: non-existent rootfs path
Checking whether container has already been migrated
Validating whether incomplete AppArmor support is enabled
Validating whether mounting a minimal /dev is enabled
Validating container rootfs
--- PASS: TestValidateConfig (0.00s)
=== RUN TestConvertNetworkConfig
2023/10/14 17:40:36 Running test #0: loopback only
main_migrate_test.go:215:
Error Trace: /builddir/build/BUILD/incus-0.1/_build/src/github.com/lxc/incus/cmd/lxc-to-incus/main_migrate_test.go:215
Error: Received unexpected error:
creating the container failed
Test: TestConvertNetworkConfig
--- FAIL: TestConvertNetworkConfig (0.00s)
=== RUN TestConvertStorageConfig
2023/10/14 17:40:36 Running test #0: invalid path
Processing storage configuration
2023/10/14 17:40:36 Running test #1: ignored default mounts
Processing storage configuration
2023/10/14 17:40:36 Running test #2: ignored mounts
Processing storage configuration
2023/10/14 17:40:36 Running test #3: valid mount configuration
Processing storage configuration
--- PASS: TestConvertStorageConfig (0.00s)
=== RUN TestGetRootfs
2023/10/14 17:40:36 Running test #0: missing lxc.rootfs key
2023/10/14 17:40:36 Running test #1: valid lxc.rootfs key (1)
2023/10/14 17:40:36 Running test #2: valid lxc.rootfs key (2)
--- PASS: TestGetRootfs (0.00s)
FAIL
exit status 1
FAIL github.com/lxc/incus/cmd/lxc-to-incus 0.006s
Partly related to ganto/copr-lxc3#10.
Since a few weeks the Fedora Rawhide (upcoming Fedora 40) builds for the incus and lxd packages are failing due to missing Sphinx packages:
[...]
Updating and loading repositories:
Copr repository 100% | 33.8 KiB/s | 1.8 KiB | 00m00s
fedora 100% | 514.3 KiB/s | 22.1 KiB | 00m00s
Repositories loaded.
Failed to resolve the transaction:
No match for argument: python3-sphinxcontrib-applehelp
No match for argument: python3-sphinxcontrib-jsmath
WARNING: DNF5 command failed, retrying, attempt #2, sleeping 10s
[...]
According to their package sources these packages are orphaned:
So I guess someone needs to reactivate them before we can move Incus to Fedora.
The incus-user.socket is not enabled at starup.
BTW. See:
The RPM build fails for all Fedora releases during the test suite with the following error:
=== RUN TestIntegration_UnixSocket
testing.go:36: 22:27:18.670 info Kernel uid/gid map:
testing.go:36: 22:27:18.675 info - u 0 0 4294967295
testing.go:36: 22:27:18.675 info - g 0 0 4294967295
testing.go:36: 22:27:18.676 info Configured LXD uid/gid map:
testing.go:36: 22:27:18.686 info - u 0 100000 65536
testing.go:36: 22:27:18.687 info - g 0 100000 65536
testing.go:36: 22:27:18.690 warn AppArmor support has been disabled because of lack of kernel support
testing.go:36: 22:27:18.693 info LXD 4.12 is starting in mock mode path=/var/lib/lxd
testing.go:36: 22:27:18.696 info Kernel uid/gid map:
testing.go:36: 22:27:18.696 info - u 0 0 4294967295
testing.go:36: 22:27:18.696 info - g 0 0 4294967295
testing.go:36: 22:27:18.696 info Configured LXD uid/gid map:
testing.go:36: 22:27:18.698 info - u 0 100000 65536
testing.go:36: 22:27:18.699 info - g 0 100000 65536
testing.go:36: 22:27:18.700 warn AppArmor support has been disabled because of lack of kernel support
testing.go:36: 22:27:18.702 info Kernel features:
testing.go:36: 22:27:18.702 info - closing multiple file descriptors efficiently: no
testing.go:36: 22:27:18.703 dbug Failed to attach to host network namespace
testing.go:36: 22:27:18.703 info - netnsid-based network retrieval: no
testing.go:36: 22:27:18.703 info - pidfds: no
testing.go:36: 22:27:18.704 info - uevent injection: yes
testing.go:36: 22:27:18.704 info - seccomp listener: no
testing.go:36: 22:27:18.704 info - seccomp listener continue syscalls: no
testing.go:36: 22:27:18.704 info - seccomp listener add file descriptors: no
testing.go:36: 22:27:18.705 info - attach to namespaces via pidfds: no
testing.go:36: 22:27:18.705 info - safe native terminal allocation : yes
testing.go:36: 22:27:18.706 info - unprivileged file capabilities: no
testing.go:36: 22:27:18.707 info - cgroup layout: cgroup2
testing.go:36: 22:27:18.707 warn - Couldn't find the CGroup hugetlb controller, hugepage limits will be ignored
testing.go:36: 22:27:18.708 warn - Couldn't find the CGroup network priority controller, network priority will be ignored
testing.go:36: 22:27:18.708 warn - Couldn't find the CGroup memory swap accounting, swap limits will be ignored
testing.go:36: 22:27:18.709 dbug operation not permitted - Failed to unshare mount namespace
testing.go:36: 22:27:18.710 info - shiftfs support: no
testing.go:36: 22:27:18.710 info Initializing local database
testing.go:36: 22:27:18.833 dbug Initializing database gateway
testing.go:36: 22:27:18.835 dbug Start database node id=1 address= role=voter
testing.go:36: 22:27:18.891 info Starting /dev/lxd handler:
testing.go:36: 22:27:18.891 info - binding devlxd socket socket=/tmp/lxd-sys-os-test-974525412/devlxd/sock
testing.go:36: 22:27:18.892 info REST API daemon:
testing.go:36: 22:27:18.892 info - binding Unix socket socket=/tmp/lxd-sys-os-test-974525412/unix.socket
testing.go:36: 22:27:18.895 info Initializing global database
testing.go:36: 22:27:18.919 dbug Dqlite: attempt 0: server 1: connected
testing.go:36: 22:27:19.010 dbug Database error: protocol.Error{Code:10, Message:"no more rows available"}
testing.go:36: 22:27:19.013 eror Failed to start the daemon: failed to open cluster database: failed to ensure schema: no more rows available
testing.go:36: 22:27:19.013 info Starting shutdown sequence
testing.go:36: 22:27:19.017 info Stop database gateway
testing.go:36: 22:27:19.029 info Stopping REST API handler:
testing.go:36: 22:27:19.030 info - closing socket socket=/tmp/lxd-sys-os-test-974525412/unix.socket
testing.go:36: 22:27:19.033 info Stopping /dev/lxd handler:
testing.go:36: 22:27:19.033 info - closing socket socket=/tmp/lxd-sys-os-test-974525412/devlxd/sock
testing.go:36: 22:27:19.035 dbug Not unmounting temporary filesystems (containers are still running)
daemon_integration_test.go:41:
Error Trace: daemon_integration_test.go:41
daemon_integration_test.go:17
Error: Received unexpected error:
no more rows available
failed to ensure schema
github.com/lxc/lxd/lxd/db.OpenCluster
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/db/db.go:239
github.com/lxc/lxd/lxd.(*Daemon).init
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/daemon.go:960
github.com/lxc/lxd/lxd.(*Daemon).Init
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/daemon.go:658
github.com/lxc/lxd/lxd.newTestDaemon
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/daemon_integration_test.go:41
github.com/lxc/lxd/lxd.TestIntegration_UnixSocket
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/daemon_integration_test.go:17
testing.tRunner
/usr/lib/golang/src/testing/testing.go:1123
runtime.goexit
/usr/lib/golang/src/runtime/asm_arm.s:857
failed to open cluster database
github.com/lxc/lxd/lxd.(*Daemon).init
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/daemon.go:987
github.com/lxc/lxd/lxd.(*Daemon).Init
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/daemon.go:658
github.com/lxc/lxd/lxd.newTestDaemon
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/daemon_integration_test.go:41
github.com/lxc/lxd/lxd.TestIntegration_UnixSocket
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/daemon_integration_test.go:17
testing.tRunner
/usr/lib/golang/src/testing/testing.go:1123
runtime.goexit
/usr/lib/golang/src/runtime/asm_arm.s:857
Test: TestIntegration_UnixSocket
--- FAIL: TestIntegration_UnixSocket (0.40s)
=== RUN TestCredsSendRecv
--- PASS: TestCredsSendRecv (0.01s)
=== RUN TestHttpRequest
devlxd_test.go:142: failed to open cluster database: failed to ensure schema: no more rows available
--- FAIL: TestHttpRequest (0.19s)
=== RUN TestContainerTestSuite
=== RUN TestContainerTestSuite/TestContainer_IsPrivileged_Privileged
main_test.go:64: failed to start daemon: failed to open cluster database: failed to ensure schema: no more rows available
suite.go:63: test panicked: runtime error: invalid memory address or nil pointer dereference
goroutine 111 [running]:
runtime/debug.Stack(0x420ed8f4, 0x412837f8, 0x419acd18)
/usr/lib/golang/src/runtime/debug/stack.go:24 +0x80
github.com/lxc/lxd/vendor/github.com/stretchr/testify/suite.failOnPanic(0x420837a0)
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/vendor/github.com/stretchr/testify/suite/suite.go:63 +0x3c
panic(0x412837f8, 0x419acd18)
/usr/lib/golang/src/runtime/panic.go:969 +0x168
github.com/lxc/lxd/lxd.(*Daemon).Stop(0x0, 0x42039500, 0x28ff4c68)
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/daemon.go:1318 +0x50
github.com/lxc/lxd/lxd.(*lxdTestSuite).TearDownTest(0x4200c780)
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/main_test.go:101 +0x20
github.com/lxc/lxd/vendor/github.com/stretchr/testify/suite.Run.func1.1(0x424608e0, 0x420837a0, 0x4120947b, 0x25, 0x0, 0x0, 0x413a7aa0, 0x42277a80, 0x42277a80, 0x4216d8b8, ...)
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/vendor/github.com/stretchr/testify/suite/suite.go:141 +0xb4
panic(0x412837f8, 0x419acd18)
/usr/lib/golang/src/runtime/panic.go:969 +0x168
github.com/lxc/lxd/lxd.(*Daemon).State(...)
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/daemon.go:388
github.com/lxc/lxd/lxd.(*lxdTestSuite).SetupTest(0x4200c780)
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/lxd/main_test.go:73 +0x28c
github.com/lxc/lxd/vendor/github.com/stretchr/testify/suite.Run.func1(0x420837a0)
/builddir/build/BUILD/lxd-4.12/_build/src/github.com/lxc/lxd/vendor/github.com/stretchr/testify/suite/suite.go:148 +0x49c
testing.tRunner(0x420837a0, 0x422988c0)
/usr/lib/golang/src/testing/testing.go:1123 +0xd8
created by testing.(*T).Run
/usr/lib/golang/src/testing/testing.go:1168 +0x254
[...]
--- FAIL: TestContainerTestSuite (1.96s)
--- FAIL: TestContainerTestSuite/TestContainer_IsPrivileged_Privileged (0.17s)
--- FAIL: TestContainerTestSuite/TestContainer_IsPrivileged_Unprivileged (0.13s)
--- FAIL: TestContainerTestSuite/TestContainer_LoadFromDB (0.17s)
--- FAIL: TestContainerTestSuite/TestContainer_LogPath (0.12s)
--- FAIL: TestContainerTestSuite/TestContainer_Path_Regular (0.18s)
--- FAIL: TestContainerTestSuite/TestContainer_ProfilesDefault (0.12s)
--- FAIL: TestContainerTestSuite/TestContainer_ProfilesMulti (0.12s)
--- FAIL: TestContainerTestSuite/TestContainer_ProfilesOverwriteDefaultNic (0.20s)
--- FAIL: TestContainerTestSuite/TestContainer_Rename (0.13s)
--- FAIL: TestContainerTestSuite/TestContainer_findIdmap_isolated (0.13s)
--- FAIL: TestContainerTestSuite/TestContainer_findIdmap_maxed (0.13s)
--- FAIL: TestContainerTestSuite/TestContainer_findIdmap_mixed (0.22s)
--- FAIL: TestContainerTestSuite/TestContainer_findIdmap_raw (0.12s)
=== RUN TestParseAddr
2021/04/05 22:27:21 Running test #0: Single port
2021/04/05 22:27:21 Running test #1: Multiple ports
2021/04/05 22:27:21 Running test #2: Port range
2021/04/05 22:27:21 Running test #3: Mixed ports and port ranges
2021/04/05 22:27:21 Running test #4: UDP
2021/04/05 22:27:21 Running test #5: Unix socket
2021/04/05 22:27:21 Running test #6: Abstract unix socket
2021/04/05 22:27:21 Running test #7: Unknown connection type
2021/04/05 22:27:21 Running test #8: Valid IPv6 address (1)
2021/04/05 22:27:21 Running test #9: Valid IPv6 address (2)
2021/04/05 22:27:21 Running test #10: Valid IPv6 address (3)
2021/04/05 22:27:21 Running test #11: Valid IPv6 address (4)
2021/04/05 22:27:21 Running test #12: Invalid IPv6 address (1)
2021/04/05 22:27:21 Running test #13: Invalid IPv6 address (2)
--- PASS: TestParseAddr (0.01s)
FAIL
exit status 1
FAIL github.com/lxc/lxd/lxd 3.012s
error: Bad exit status from /var/tmp/rpm-tmp.4sXjbG (%check)
No idea what's the root cause here...
When checking the COPR hw_info.log it looks like the architecture is only emulated:
CPU info:
Architecture: i686
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 46 bits physical, 48 bits virtual
CPU(s): 2
On-line CPU(s) list: 0,1
Thread(s) per core: 2
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 79
Model name: Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz
Stepping: 1
CPU MHz: 2701.638
CPU max MHz: 3000.0000
CPU min MHz: 1200.0000
BogoMIPS: 4600.13
Hypervisor vendor: Xen
Virtualization type: full
L1d cache: 32 KiB
L1i cache: 32 KiB
L2 cache: 256 KiB
L3 cache: 45 MiB
NUMA node0 CPU(s): 0,1
Vulnerability Itlb multihit: KVM: Mitigation: VMX unsupported
Vulnerability L1tf: Mitigation; PTE Inversion
Vulnerability Mds: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
Vulnerability Meltdown: Mitigation; PTI
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2: Mitigation; Full generic retpoline, STIBP disabled, RSB filling
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch cpuid_fault invpcid_single pti fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx xsaveopt
Memory:
total used free shared buff/cache available
Mem: 15610604 551256 13889660 578452 1169688 14199596
Swap: 447088940 0 447088940
Storage:
Filesystem Size Used Avail Use% Mounted on
mock_chroot_tmpfs 151G 231M 151G 1% /var/lib/mock/fedora-33-armv7hl-1617657474.940167/root
Error: Get "http://unix.socket/1.0": dial unix /var/lib/lxd/unix.socket: connect: no such file or directory
error if run "sudo lxс list"not from root account
following a kernel upgrade post 5.12.8-300 I am unable to enter a running container with lxc shell or exec
there are some selinux errors but I don;t see an avc in audit logs that might fix this.
lxc secure-falcon 20210615165538.480 ERROR selinux - lsm/selinux.c:selinux_process_label_set_at:158 - Operation not permitted - Failed to set AppArmor SELinux label to "system_u:system_r:spc_t:s0"
lxc secure-falcon 20210615165538.480 ERROR attach - attach.c:do_attach:1336 - Failed to attach to container
this is using your latest build from copr
/var/lib/lxcfs is not created before lxcfs tries to start.
I think the unit file needs an ExecStartPre similar to this one
I'm curious if the plan for this package is to track the LTS or feature releases of LXD. A lot of helpful bug fixes for LXD virtual machine support has been merged in 4.1 and continues in 4.2.
Incus version 6.3
Previous version 6.2 installed incus daemon in /usr/lib/incus but his version install the executable in /usr/libexec/incus
File incus/incus.service, incus/incus-startup.service and incus/incus-user.service has incorrect path in the systemd service unit, which prevents the service from starting or finding incusd.
the correct path is /usr/libexec/incus
please update paths in the systemd service unit files or make a symlink to the specified path **/usr/lib/incus/** for both incusd and incus-user.
In addition, the SELinux Module for FContext will need to be adjusted for the new path from
/usr/lib/incus(/.*)? all files system_u:object_r:container_runtime_exec_t:s0
to
/usr/libexec/incus(/.*)? all files system_u:object_r:container_runtime_exec_t:s0
or gaining shell/exec commands will fail with error message
"Error: Command not executable"
Thank you
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.