meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
ubiquiti:controller:lxc [2021/03/20 21:40] – created niziakubiquiti:controller:lxc [2021/03/20 22:37] (current) niziak
Line 103: Line 103:
  
 === Issues === === Issues ===
 +
 +=== lxc-start: unifi: lxccontainer.c: wait_on_daemonized_start: 850 Received container state "STOPPING" instead of "RUNNING" ===
 +
 +<code bash>
 +lxc-start -n unifi -l DEBUG -o debug.log
 +cat debug.log
 +
 +lxc-start unifi 20210320203918.294 DEBUG    conf - conf.c:chown_mapped_root:3146 - trying to chown "/dev/pts/1" to 1025
 +lxc-start unifi 20210320203918.310 INFO     start - start.c:lxc_init:926 - Container "unifi" is initialized
 +lxc-start unifi 20210320203918.310 ERROR    cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1275 - Permission denied - Failed to create directory "/sys/fs/cgroup/user.slice/user-1025.slice/session-73473.scope/lxc.monitor/"
 +lxc-start unifi 20210320203918.310 ERROR    cgfsng - cgroups/cgfsng.c:monitor_create_path_for_hierarchy:1296 - Failed to create cgroup "/sys/fs/cgroup/user.slice/user-1025.slice/session-73473.scope/lxc.monitor/unifi"
 +lxc-start unifi 20210320203918.310 ERROR    cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1385 - Failed to create cgroup "/sys/fs/cgroup/user.slice/user-1025.slice/session-73473.scope/lxc.monitor/unifi"
 +</code>
 +
 +<code bash>
 +$ lxc-checkconfig
 +...
 +Cgroup v1 systemd controller: missing
 +Cgroup v1 freezer controller: missing
 +Cgroup namespace: required
 +...
 +</code>
 +
 +Solution for unprivileged containers: 
 +<code bash>
 +systemd-run --user --scope -p "Delegate=yes" lxc-start
 +</code>
 +
 +
 +Reason: [[https://wiki.debian.org/LXC/CGroupV2]]
 +Problem solved in LXC  v4.0.2-1~1. 
 +Solution: <code bash>apt-get install lxc -t bullseye</code>
 +
 +
 +
 +Workaround 1: Add to container config:
 +<file>
 +lxc.cgroup.devices.allow =
 +lxc.cgroup.devices.deny =
 +# for unpriv container:
 +#lxc.apparmor.profile = unconfined
 +lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy=1
 +</file>
 +
 +lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy
 +
 +
 +
 +
 +Workaround 2:
 +CGroupsV2 is the new default.
 +Set kernel commandline option: systemd.unified_cgroup_hierarchy=0 to retain the old default and lxc-start start container.
 +
 +Workaround 3:
 +<code bash>
 +mount -o remount,rw /sys/fs/cgroup
 +mkdir /sys/fs/cgroup/devices
 +mount -t cgroup devices -o devices /sys/fs/cgroup/devices
 +mount -o remount,ro /sys/fs/cgroup
 +</code>
 +
  
 === lxc-start: unifi: tools/lxc_start.c: main: 329 The container failed to start === === lxc-start: unifi: tools/lxc_start.c: main: 329 The container failed to start ===