lxc-create hangs and finally fails

Question

I was trying to place some juju charms on linux containers and the containers failed to start. To debug the issue I sshed into the node where this happened and tried creating an LXC container manually like

ubuntu@slot13:~$ sudo lxc-create -t ubuntu -n pavan
Checking cache download in /var/cache/lxc/trusty/rootfs-amd64 ...
Installing packages in template: ssh,vim,language-pack-en
Downloading ubuntu trusty minimal ...
I: Retrieving Release

It isn't making any progress at all. Its stuck here for a long long time. After a really long time it says,

ERROR: Unable to fetch GPG key from keyserver

and continues to hang. Finally after 20-30 mins, it gives up like

E: Failed getting release file http://archive.ubuntu.com/ubuntu/dists/trusty/Release

Where are the log files corresponding to lxc-create command? How can I debug this issue?

EDIT: I figured out how to see the debug logs and hence ran the below command a few times

sudo lxc-create -t ubuntu -n pavan --logfile=test.txt --logpriority=DEBUG

test.txt contains only this

lxc-create 1414897265.204 ERROR    lxc_container - Error: pavan creation was not completed
lxc-create 1414897407.757 ERROR    lxc_container - Error: pavan creation was not completed
lxc-create 1414897407.759 WARN     lxc_log - lxc_log_init called with log already initialized

But still it hangs and the debug logs aren't offering much help.

score 8 · Answer 1 · edited Jan 31 '19 at 15:49

8

Please append --no-validate flag to skip gpg validation:

lxc-create -t ubuntu -n pavan -- --no-validate

Refer https://github.com/lxc/lxc/blob/master/templates/lxc-download.in#L240

edited Jan 31 '19 at 15:49

smonff

508

answered Feb 02 '16 at 09:12

Mukul

81

score 3 · Accepted Answer · answered Nov 03 '14 at 22:33

3

Are you behind a proxy? if yes, then you may set your proxy in bash. Issue following,

export http_proxy="http://<proxy_host>:<port>"

answered Nov 03 '14 at 22:33

Pradeeper

229

Felipe Reyes · Answer 3 · 2014-11-06T14:12:02.413

Actually juju uses the 'ubuntu-cloud' template to grab an image, the command executed to create the template in my system running trusty is:

lxc-create -n juju-trusty-lxc-template \
  -t ubuntu-cloud \
  -f /var/lib/juju/containers/juju-trusty-lxc-template/lxc.conf \
  -- --debug \
  --userdata /var/lib/juju/containers/juju-trusty-lxc-template/cloud-init \
  --hostid juju-trusty-lxc-template
  -r trusty

I suggest you to run something like that and see what error gives you.

score 2 · Answer 4 · answered Mar 22 '15 at 23:38

Thanks Felipe for the workaround - for a complete fix, required also doing:

mkdir /var/lib/lxc/juju-trusty-lxc-template/rootfs/var/log/juju

Details:

ran lxc-create as per above Felipe's updateList item

deploying any service was consistently failing, juju status showing:

agent-state-info: 'container failed to start and was destroyed: jjo-local-machine-1'

found at /var/lib/juju/containers/jjo-local-machine-5/container.log :

lxc-start 1427066682.951 ERROR    lxc_conf - conf.c:mount_entry:1711 - No such file or directory - failed to mount '/var/log/juju-jjo-local' on '/usr/lib/x86_64-linux-gnu/lxc/var/log/juju'

Creating the directory fixed it, further deploys ok:

 mkdir /var/lib/lxc/juju-trusty-lxc-template/rootfs/var/log/juju

score 2 · Answer 5 · answered Aug 30 '17 at 04:59

Problem

If you are behind a firewall that restricts internet access, you could get this error:

$ lxc-create -t download -n my-container
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver.
lxc-create: lxccontainer.c: create_run_template: 1297 container
  creation template for my-container failed
lxc-create: tools/lxc_create.c: main: 318 Error creating
  container my-container

Fix

Connect to the key server through port 80:

$ lxc-create -t download -n my-container \
  -- --keyserver hkp://p80.pool.sks-keyservers.net:80

Details

The key server, hkp://p80.pool.sks-keyservers.net:80, is from the lxc source code:

apt source lxc
grep -ri hkp: .

References

score 1 · Answer 6 · answered Feb 09 '16 at 08:41

I had the same problem. We have a proxyserver with a wrong http/1.0 implementation making trouble with gpg keyserver fetch. As a workaround, the key can be added manually by doing the following things:

Got to http://keyserver.ubuntu.com and search for the following key: 0xBAEFF88C22F6E216 (found in /usr/share/lxc/templates/lxc-download search for DOWNLOAD_KEYID). Download it and save it to a file named keyfile

Now the saved file can be added to the system keyring for e.g. by using

sudo apt-key add keyfile

There are more ways to add it, but using ubuntu this is a working way. Maybe you can also use gpg directly. After adding there is no longer a need for lxc to contact the keyserver and the problem was fixed for me.

score 0 · Answer 7 · edited Apr 13 '17 at 12:23

0

Based on an answer in here, i found out that disabling IPV6 should work. And it worked for me.

This stack overflow answer shows how to do it.

edited Apr 13 '17 at 12:23

Community

1

answered Oct 07 '16 at 18:28

Jefferson

161
1
5

lxc-create hangs and finally fails

7 Answers7

Problem

Fix

Details

References

Linked