Bug 1135762 - unable to start secure container
Summary: unable to start secure container
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: iproute
Version: 21
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Pavel Šimerda (pavlix)
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-31 10:26 UTC by Gene Czarcinski
Modified: 2014-10-07 19:37 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-07 17:15:31 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Gene Czarcinski 2014-08-31 10:26:26 UTC
Description of problem:
Created a simple secure container with:

virt-sandbox-service create -N dhcp,source=net18 -C -u httpd.service web1
Created sandbox container dir /var/lib/libvirt/filesystems/web1
Created unit file /etc/systemd/system/web1_sandbox.service
Created sandbox config /etc/libvirt-sandbox/services/web1/config/sandbox.cfg

I then did:
systemctl enable web1_sandbox.service
systemctl start  web1_sandbox.service

These are the messages in /var/log/messages:


Aug 31 06:12:31 crow systemd: Failed to reset devices.list on /system.slice: Invalid argument
Aug 31 06:12:32 crow journal: internal error: Failed to allocate free veth pair after 10 attempts
Aug 31 06:12:32 crow virt-sandbox-service-util: Unable to start container: Unable to start domain: internal error: Failed to allocate free veth pair after 10 attempts
Aug 31 06:12:32 crow systemd: web1_sandbox.service: main process exited, code=exited, status=1/FAILURE
Aug 31 06:12:32 crow virsh: error: Failed to destroy domain web1
Aug 31 06:12:32 crow virsh: error: Requested operation is not valid: Domain is not running
Aug 31 06:12:32 crow systemd: web1_sandbox.service: control process exited, code=exited status=1
Aug 31 06:12:32 crow systemd: Unit web1_sandbox.service entered failed state.

Version-Release number of selected component (if applicable):
live Xfce install TC5
yum install lighttpd, httpd, libvirt-sandbox plus dependencies

How reproducible:
everytime

Comment 1 Gene Czarcinski 2014-09-10 18:01:36 UTC
TC6 but still libvirt-sandbox-v0.5.1-4

Sep 10 13:50:16 crow journal: internal error: Failed to allocate free veth pair after 10 attempts
Sep 10 13:50:16 crow virt-sandbox-service-util: Unable to start container: Unable to start domain: internal error: Failed to allocate free veth pair after 10 attempts
Sep 10 13:50:16 crow systemd: test_sandbox.service: main process exited, code=exited, status=1/FAILURE
Sep 10 13:50:17 crow virsh: error: Failed to destroy domain test
Sep 10 13:50:17 crow virsh: error: Requested operation is not valid: Domain is not running
Sep 10 13:50:17 crow systemd: test_sandbox.service: control process exited, code=exited status=1
Sep 10 13:50:17 crow systemd: Unit test_sandbox.service entered failed state.

Comment 2 Gene Czarcinski 2014-09-20 19:06:49 UTC
OK, installed RC1 and got the same error.  This time I simplified things and the results were:
[root@crow:~]#virt-sandbox -c lxc:/// -m ram:/tmp=500M -N \
address=192.168.18.95/24,source=net18 /bin/sh
Unable to start sandbox: Failed to create domain: internal error: Failed to allocate free veth pair after 10 attempts


[root@crow:~]#virt-sandbox -c lxc:/// -N dhcp,source=default /bin/sh
Unable to start sandbox: Failed to create domain: internal error: Failed to allocate free veth pair after 10 attempts


[root@crow:~]#virt-sandbox -c lxc:/// /bin/sh
sh-4.3#

Fedora 21 Alpha RC1, libvirt-sandbox-0.5.1-4, libvirt-1.2.8-4

Comment 3 Gene Czarcinski 2014-09-25 16:19:14 UTC
Note:  I am running the fedora-virt-preview rpms on Fedora 20.  The problems described here do not occur on the Fedora 20 system.

Question:  Are there some things in libvirt and frends which will take different code paths depending on it being a Fedora 21 versus a Fedora 20 system?

Comment 4 Cole Robinson 2014-09-25 16:26:30 UTC
containers heavily rely on kernel tech, so it could be different behavior on different kernel, or some other f21 library that we don't distribute in virt-preview

Comment 5 Daniel Berrangé 2014-09-25 16:30:41 UTC
> Unable to start sandbox: Failed to create domain: internal error: Failed to allocate free veth pair after 10 attempts

This error message is something that actually comes from libvirt, so more generally LXC/libvirt related than sandbox.

Comment 6 Gene Czarcinski 2014-10-07 17:15:31 UTC
OK, whatever the problem was, it is "gone."

1. It never happened on F20 with fedora-virt-preview and

2.  With F21-beta-TC1 and then yum update, the problem no longer occurs.

I am closing this.

Comment 7 Gene Czarcinski 2014-10-07 19:37:12 UTC
OK, I believe that I have found to update that fixed things.  I had a F22 installation where the problem existed but after doing yum-update earlier today, the problem "disappeared."  There were just not that many updates.  The only one which could possibly be the one was iproute.

Sure enoung, from the changelog:
* Sat Oct 04 2014 Lubomir Rintel <lkundrak> - 3.16.0-3
- Backport fix for ip link add name regression that broke libvirt


Note You need to log in before you can comment on or make changes to this bug.