Comment 1 for bug 1953563
Revision history for this message
| Maciej Borzecki (maciek-borzecki) wrote | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
I see no evidence of this being caused by cgroups v2. In fact all services are up.
Nested ubuntu 20.04 on 21.10 host:
root@my-
Store ID: not registered
Internal Service Status:
memcached: running
nginx: running
snapauth: not running: 500 Server Error: INTERNAL SERVER ERROR for url: http://
snapdevicegw: not running: getresponse() got an unexpected keyword argument 'buffering'
snapdevicegw-
snapproxy: not running: [Errno 111] Connection refused
snaprevs: not running: 500 Server Error: INTERNAL SERVER ERROR for url: http://
root@my-
Service Startup Current Notes
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
The services are up, some of them appear to be retrying operations and logging that. At the same time I observe denials on the host:
Dec 08 08:25:58 dec080806-781058 kernel: audit: type=1400 audit(163895195
Dec 08 08:25:59 dec080806-781058 audit[10856]: AVC apparmor="DENIED" operation="capable" namespace=
Dec 08 08:25:59 dec080806-781058 kernel: audit: type=1400 audit(163895195
Dec 08 08:25:59 dec080806-781058 audit[10881]: AVC apparmor="DENIED" operation="capable" namespace=
Dec 08 08:25:59 dec080806-781058 kernel: audit: type=1400 audit(163895195
Dec 08 08:26:00 dec080806-781058 audit[10856]: AVC apparmor="DENIED" operation="capable" namespace=
Dec 08 08:26:00 dec080806-781058 kernel: audit: type=1400 audit(163895196
Dec 08 08:26:00 dec080806-781058 audit[10881]: AVC apparmor="DENIED" operation="capable" namespace=
Dec 08 08:26:00 dec080806-781058 kernel: audit: type=1400 audit(163895196
Ubuntu 21.10 on 21.10 host, status is reported as not running for many services:
root@my-ubuntu:~# snap-store-proxy status
Store ID: not registered
Internal Service Status:
memcached: running
nginx: running
snapauth: not running: 500 Server Error: INTERNAL SERVER ERROR for url: http://
snapdevicegw: not running: getresponse() got an unexpected keyword argument 'buffering'
snapdevicegw-
snapproxy: not running: [Errno 111] Connection refused
snaprevs: not running: 500 Server Error: INTERNAL SERVER ERROR for url: http://
But snap services snap-store-proxy reports they are up:
root@my-ubuntu:~# snap services snap-store-proxy
Service Startup Current Notes
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
So the failure mode appears to be similar.
Disabling apparmor in the nested containers and making them privileged:
lxc config set my-ubuntu raw.lxc 'lxc.apparmor.
lxc config set my-ubuntu security.privileged true
Makes the problem go away:
root@my-ubuntu:~# snap-store-proxy status
Store ID: not registered
Internal Service Status:
memcached: running
nginx: running
snapauth: not running: 500 Server Error: INTERNAL SERVER ERROR for url: http://
snapdevicegw: running
snapdevicegw-
snapproxy: running
snaprevs: not running: 500 Server Error: INTERNAL SERVER ERROR for url: http://
root@my-ubuntu:~# snap services snap-store-proxy
Service Startup Current Notes
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
No more denials at this point. I would suspect there is something wrong with apparmor 3 handling here (stacking maybe?) that is only seen on hosts with new kernels.