Bug 974041

Summary: [virt-sandbox-service] Fail to start nginx service in a container
Product: [Fedora] Fedora Reporter: Alex Jia <ajia>
Component: libvirt-sandboxAssignee: Daniel Berrangé <berrange>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 20CC: berrange, bperkins, dwalsh, dyuan, gsun, mzhan, virt-maint, weizhan, zpeng
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-06-29 12:00:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alex Jia 2013-06-13 10:41:45 UTC
Description of problem:
To create a templated unit inside the sandbox, for example, creating a nginx container then fail to start the container.

Version-Release number of selected component (if applicable):
# rpm -q libvirt-sandbox libvirt systemd kernel
package libvirt-sandbox is not installed
libvirt-1.0.3-1.fc19.x86_64
systemd-198-7.fc20.x86_64
kernel-3.6.10-4.fc18.x86_64
kernel-3.9.0-0.rc2.git0.3.fc20.x86_64

# virt-sandbox -V
libvirt-sandbox version 0.2.0

Notes, using libvirt-sandbox upstream(current commit a81dbf1)

How reproducible:
always

Steps to Reproduce:
1. yum install nginx -y
2. vim /etc/systemd/system/nginx_lxc@.service (see "Actual results" section)
3. virt-sandbox-service create -u nginx_lxc@ test.example.org --package nginx
4. virt-sandbox-service start test.example.org

Actual results:

[root@dell-op790-03 libvirt-sandbox]# cat /etc/systemd/system/nginx_lxc@.service
[Unit]
Description=Test of a specific nginx running in lxc
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
PIDFile=/run/nginx.%i.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.%i.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.%i.conf
Type=forking
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID

[Install]
WantedBy=multi-user.target

[root@dell-op790-03 libvirt-sandbox]# virt-sandbox-service create -u nginx_lxc@ test.example.org --package nginx
Created sandbox container dir /var/lib/libvirt/filesystems/test.example.org
Created unit file /etc/systemd/system/test.example.org_sandbox.service
Created sandbox config /etc/libvirt-sandbox/services/test.example.org.sandbox
[root@dell-op790-03 libvirt-sandbox]# ll /etc/systemd/system|grep nginx_lxc
-rw-r--r--. 1 root root   488 Jun 13 16:35 nginx_lxc
drwxr-xr-x. 2 root root  4096 Jun 13 16:35 nginx_lxc.wants
-rw-r--r--. 1 root root   404 Jun 13 16:35 nginx_lxc@.service

[root@dell-op790-03 libvirt-sandbox]# cat /etc/systemd/system/nginx_lxc.wants/test.example.org_sandbox.service

[Unit]
Description=Secure Sandbox Container test.example.org
Requires=libvirtd.service
After=libvirtd.service
ReloadPropagatedFrom=nginx_lxc@.service

[Service]
Type=simple
ExecStart=/usr/bin/virt-sandbox-service start test.example.org
ExecReload=/usr/bin/virt-sandbox-service reload -u nginx_lxc@.service test.example.org
ExecStop=/usr/bin/virt-sandbox-service stop test.example.org

[Install]
WantedBy=nginx_lxc
[root@dell-op790-03 libvirt-sandbox]# cat /etc/systemd/system/nginx_lxc

#  This target file is generated by virt-sandbox-service.
#  Use this target to start/stop all "nginx_lxc@" sandbox services
#
#  virt-sandbox is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=nginx_lxc@ Sandbox Container Target
Documentation=man:virt-sandbox-service(1)


[root@dell-op790-03 libvirt-sandbox]# virt-sandbox-service start test.example.org
systemd 198 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
Detected virtualization 'lxc-libvirt'.
0;34Set hostname to <test.example.org>.
  /dev/mapper/control: mknod failed: Operation not permitted
  Failure to communicate with kernel device-mapper driver.
  Check that device-mapper is available in the kernel.
Default target could not be isolated, starting instead: Operation refused, unit may not be isolated.
[  OK  ] Listening on Delayed Shutdown Socket.
[  OK  ] Listening on Journal Socket.
[  OK  ] Reached target Swap.
[  OK  ] Reached target Local File Systems.
         Starting Recreate Volatile Files and Directories...
         Starting Journal Service...
[  OK  ] Started Journal Service.
[  OK  ] Started Recreate Volatile Files and Directories.
[  OK  ] Reached target System Initialization.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Basic System.
         Starting Test of a specific nginx running in lxc...
nginx_lxc.org.service: control process exited, code=exited status=1
[FAILED] Failed to start Test of a specific nginx running in lxc.
See 'systemctl status nginx_lxc.org.service' for details.
Unit nginx_lxc.org.service entered failed state
[  OK  ] Reached target Sandbox multi-user target.

[root@dell-op790-03 libvirt-sandbox]# systemctl status nginx_lxc.org.service
nginx_lxc.org.service - Test of a specific nginx running in lxc
	  Loaded: loaded (/etc/systemd/system/nginx_lxc@.service; disabled)
	  Active: inactive (dead)


Expected results:
Can run nginx in a container

Additional info:

Comment 1 Alex Jia 2013-06-13 10:42:44 UTC
[root@dell-op790-03 libvirt-sandbox]# rpm -q nginx
nginx-1.2.5-1.fc18.x86_64

Comment 2 Alex Jia 2013-06-13 10:48:11 UTC
(In reply to Alex Jia from comment #0)

> Additional info:

[root@dell-op790-03 libvirt-sandbox]# virt-sandbox-service connect test.example.org                    
sh-4.2# journalctl -xn
-- Logs begin at Thu 2013-06-13 17:07:49 CST, end at Thu 2013-06-13 17:07:49 CST. --
Jun 13 17:07:49 test.example.org systemd-journal[11]: Allowing runtime journal files to grow to 1.0M.
Jun 13 17:07:49 test.example.org systemd-journal[11]: Journal started
Jun 13 17:07:49 test.example.org systemd-tmpfiles[10]: Failed to create device node /dev/lp0: Operation not permitted
Jun 13 17:07:49 test.example.org systemd-tmpfiles[10]: Failed to create device node /dev/lp1: Operation not permitted
Jun 13 17:07:49 test.example.org systemd-tmpfiles[10]: Failed to create device node /dev/lp2: Operation not permitted
Jun 13 17:07:49 test.example.org systemd-tmpfiles[10]: Failed to create device node /dev/lp3: Operation not permitted
Jun 13 17:07:49 test.example.org nginx[12]: nginx: [emerg] open() "/etc/nginx/nginx.test.example.org.conf" failed (2: No such file or directory)
Jun 13 17:07:49 test.example.org nginx[12]: nginx: configuration file /etc/nginx/nginx.test.example.org.conf test failed

Daniel, need we to create /etc/nginx/nginx.test.example.org.conf?

Comment 3 Daniel Walsh 2013-06-15 11:32:57 UTC
Does it work if you use the -C (--copy) command to copy this content off of /etc/nginx directory?

Comment 4 Alex Jia 2013-06-18 10:00:44 UTC
(In reply to Daniel Walsh from comment #3)
> Does it work if you use the -C (--copy) command to copy this content off of
> /etc/nginx directory?

Daniel, the nginx.test.example.org.conf file doesn't exist under the /etc/nginx in the container, so I can't use -C option to copy it, but the nginx.conf exists, maybe you mean I need to copy it into /etc/nginx then rename it to nginx.test.example.org.conf in the container, however, the nginx.conf is a empty file without any content, it's also my first question, whether we need to manually configure nginx.conf or nginx.test.example.org.conf in the container? thanks.


[root@dell-op790-03 ~]# ll /var/lib/libvirt/filesystems/test.example.org/etc/nginx/
total 4
drwxr-xr-x. 2 root root 4096 Jun 13 16:44 conf.d
-rw-r--r--. 1 root root    0 Jun 13 16:44 fastcgi.conf
-rw-r--r--. 1 root root    0 Jun 13 16:44 fastcgi.conf.default
-rw-r--r--. 1 root root    0 Jun 13 16:44 fastcgi_params
-rw-r--r--. 1 root root    0 Jun 13 16:44 fastcgi_params.default
-rw-r--r--. 1 root root    0 Jun 13 16:44 koi-utf
-rw-r--r--. 1 root root    0 Jun 13 16:44 koi-win
-rw-r--r--. 1 root root    0 Jun 13 16:44 mime.types
-rw-r--r--. 1 root root    0 Jun 13 16:44 mime.types.default
-rw-r--r--. 1 root root    0 Jun 13 16:44 nginx.conf
-rw-r--r--. 1 root root    0 Jun 13 16:44 nginx.conf.default
-rw-r--r--. 1 root root    0 Jun 13 16:44 scgi_params
-rw-r--r--. 1 root root    0 Jun 13 16:44 scgi_params.default
-rw-r--r--. 1 root root    0 Jun 13 16:44 uwsgi_params
-rw-r--r--. 1 root root    0 Jun 13 16:44 uwsgi_params.default
-rw-r--r--. 1 root root    0 Jun 13 16:44 win-utf

Comment 5 Daniel Walsh 2013-06-18 13:23:43 UTC
Yes you would need to configure the service within the container just like you would need to configure it if it was on the host.

Comment 6 Fedora End Of Life 2013-09-16 14:10:26 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20

Comment 7 Fedora End Of Life 2015-05-29 09:07:12 UTC
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 8 Fedora End Of Life 2015-06-29 12:00:44 UTC
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.