Bug 2048033

Summary: systemd-nspawn fails to run Fedora Container Base images
Product: [Fedora] Fedora Reporter: Chris Murphy <bugzilla>
Component: systemdAssignee: systemd-maint
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 35CC: cglombek, dtardon, fedoraproject, filbranden, flepied, gregory.lee.bartholomew, kevin, lnykryn, msekleta, ryncsn, ssahani, s, systemd-maint, yuwatana, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-26 07:33:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Murphy 2022-01-29 06:21:21 UTC 
Description of problem:

systemd-nspawn won't run Fedora Container Base images. Either they aren't fully OCI compliant or nspawn isn't.


Version-Release number of selected component (if applicable):
Fedora-Container-Base-35-20220127.0.x86_64.tar.xz

How reproducible:
Always


Steps to Reproduce:

$ sudo machinectl pull-tar --verify=no https://kojipkgs.fedoraproject.org//packages/Fedora-Container-Base/35/20220127.0/images/Fedora-Container-Base-35-20220127.0.x86_64.tar.xz FCB35-20220127
Enqueued transfer job 1. Press C-c to continue download in background.
Pulling 'https://kojipkgs.fedoraproject.org//packages/Fedora-Container-Base/35/20220127.0/images/Fedora-Container-Base-35-20220127.0.x86_64.tar.xz', saving as 'FCB35-20220127'.
Downloading 34.8M for https://kojipkgs.fedoraproject.org//packages/Fedora-Container-Base/35/20220127.0/images/Fedora-Container-Base-35-20220127.0.x86_64.tar.xz.
HTTP request to https://kojipkgs.fedoraproject.org//packages/Fedora-Container-Base/35/20220127.0/images/Fedora-Container-Base-35-20220127.0.x86_64.nspawn failed with code 404.
Settings file could not be retrieved, proceeding without.
Got 1% of https://kojipkgs.fedoraproject.org//packages/Fedora-Container-Base/35/20220127.0/images/Fedora-Container-Base-35-20220127.0.x86_64.tar.xz.
Got 36% of https://kojipkgs.fedoraproject.org//packages/Fedora-Container-Base/35/20220127.0/images/Fedora-Container-Base-35-20220127.0.x86_64.tar.xz. 2s left at 7.4M/s.
Got 76% of https://kojipkgs.fedoraproject.org//packages/Fedora-Container-Base/35/20220127.0/images/Fedora-Container-Base-35-20220127.0.x86_64.tar.xz. 821ms left at 9.8M/s.
Download of https://kojipkgs.fedoraproject.org//packages/Fedora-Container-Base/35/20220127.0/images/Fedora-Container-Base-35-20220127.0.x86_64.tar.xz complete.
Created new local image 'FCB35-20220127'.
Operation completed successfully.
Exiting.
$ sudo systemd-nspawn -M FCB35-20220127
Directory /var/lib/machines/FCB35-20220127 doesn't look like it has an OS tree. Refusing.
$ sudo systemd-nspawn -M FCB35-20220127 --oci-bundle=/var/lib/machines/FCB35-20220127/
Failed to parse '/var/lib/machines/FCB35-20220127/config.json': No such file or directory
$ sudo systemd-nspawn -M FCB35-20220127 --oci-bundle=/var/lib/machines/FCB35-20220127/6935b138ac9bc84a2a71b785dedbcd3e2fc3fd768cb79bdaca734a6405e35659.json
Failed to parse '/var/lib/machines/FCB35-20220127/6935b138ac9bc84a2a71b785dedbcd3e2fc3fd768cb79bdaca734a6405e35659.json/config.json': Not a directory
$ sudo systemd-nspawn -M FCB35-20220127 --oci-bundle=/var/lib/machines/FCB35-20220127/145dbcdea53e22f711286848ca4db2286dd02d201520138026db1a73f86e2c99
Failed to parse '/var/lib/machines/FCB35-20220127/145dbcdea53e22f711286848ca4db2286dd02d201520138026db1a73f86e2c99/config.json': No such file or directory
$ 



Actual results:

Does not start


Expected results:

Should start


Additional info:
Comment 1 Chris Murphy 2022-01-30 19:37:11 UTC 
See also:
systemd-nspawn can't use Fedora Container Base 
https://pagure.io/ContainerSIG/container-sig/issue/55
Comment 2 Gregory Lee Bartholomew 2022-03-19 18:13:33 UTC 
FWIW, the following seems to have *almost* worked for me. (At least it found the config.json file.) This was a different container that was configured to work with the "host" network though.

# systemd-nspawn --capability=all --oci-bundle=/var/lib/containers/storage/overlay-containers/b6966cd5b707f27e4c934e4971b163becc59fe45cf541cde6b08e7ca6cf07ea4/userdata
OCI bundle version not supported: 1.0.2-dev
Comment 3 David Tardon 2022-08-26 07:33:17 UTC 
AFAICT the FCB images are not OCI bundles. According to https://github.com/opencontainers/runtime-spec/blob/main/bundle.md :

A Standard Container bundle contains all the information needed to load and run a container. This includes the following artifacts:

    config.json: contains configuration data. This REQUIRED file MUST reside in the root of the bundle directory and MUST be named config.json. See config.json for more details.

    container's root filesystem: the directory referenced by root.path, if that property is set in config.json.