Bug #1331920 “keyserver workarounds in templates/lxc-download.in...” : Bugs : lxc

Revision history for this message

mahmoh (mahmoh) wrote on 2015-06-03:

#1

Download full text (5.7 KiB)

Hi Mike, did you ever resolve this problem by any chance as a configuration problem or is this still and issue?

I'm hitting this symptom in a proxy environment myself with Juju+MAAS+lxc:

1) " curl https://cloud-images.ubuntu.com/ " works on the node (assumed using the predefined proxy setting)

2) Keys fail though but should work given the download.in code:

  sudo lxc-create --template download --name u1
  Setting up the GPG keyring
  ERROR: Unable to fetch GPG key from keyserver.
  lxc_container: lxccontainer.c: create_run_template: 1125 container creation template for u1 failed
  lxc_container: lxc_create.c: main: 271 Error creating container u1

3) Here's my failure but the failure may actually be caused by the proxy I just noticed 46 lines in:

environment: maas
machines:
  "0":
    agent-state: started
    agent-version: 1.23.3.1
    dns-name: 05.maas
    instance-id: /MAAS/api/1.0/nodes/node-b91e178a-e308-11e4-835d-001e6708f9f4/
    series: trusty
    containers:
      0/lxc/0:
        agent-state-info: 'failed to retrieve the template to clone: container failed
          to start'
        instance-id: pending
        series: trusty
    hardware: arch=amd64 cpu-cores=80 mem=1048576M
    state-server-member-status: has-vote
  "1":
...
  "6":
    agent-state: started
    agent-version: 1.23.3.1
    dns-name: 01.maas
    instance-id: /MAAS/api/1.0/nodes/node-821b00ca-e2fb-11e4-b806-001e6708f9f4/
    series: trusty
    containers:
      6/lxc/0:
        agent-state-info: 'failed to retrieve the template to clone: lxc container
          creation failed: error executing "lxc-create": + ''['' amd64 = i686 '']'';
          + ''['' 0 = 0 '']''; + case "$hostarch:$arch" in; + :; + ''['' tryreleased
          ''!='' daily -a tryreleased ''!='' released -a tryreleased ''!='' tryreleased
          '']''; + ''['' -z /var/lib/lxc/juju-trusty-lxc-template '']''; ++ id -u;
          + ''['' 0 ''!='' 0 '']''; + config=/var/lib/lxc/juju-trusty-lxc-template/config;
          + ''['' -z /var/lib/lxc/juju-trusty-lxc-template/rootfs '']''; + type ubuntu-cloudimg-query;
          ubuntu-cloudimg-query is /usr/bin/ubuntu-cloudimg-query; + type wget; wget
          is /tmp/wget264411543/wget; + cache=/var/cache/lxc/cloud-trusty; + ''[''
          0 -eq 1 '']''; + mkdir -p /var/cache/lxc/cloud-trusty; + ''['' tryreleased
          = tryreleased '']''; + stream=released; + ubuntu-cloudimg-query trusty released
          amd64; + ''['' -n https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz
          '']''; + url2=https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz;
          ++ basename https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz;
          + filename=ubuntu-14.04-server-cloudimg-amd64-root.tar.gz; + ''['' -n https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz
          '']''; + d...

Hi Mike, did you ever resolve this problem by any chance as a configuration problem or is this still and issue?

I'm hitting this symptom in a proxy environment myself with Juju+MAAS+lxc:

1) " curl https://cloud-images.ubuntu.com/ " works on the node (assumed using the predefined proxy setting)

2) Keys fail though but should work given the download.in code:

sudo lxc-create --template download --name u1
  Setting up the GPG keyring
  ERROR: Unable to fetch GPG key from keyserver.
  lxc_container: lxccontainer.c: create_run_template: 1125 container creation template for u1 failed
  lxc_container: lxc_create.c: main: 271 Error creating container u1

3) Here's my failure but the failure may actually be caused by the proxy I just noticed 46 lines in:

environment: maas
machines:
  "0":
    agent-state: started
    agent-version: 1.23.3.1
    dns-name: 05.maas
    instance-id: /MAAS/api/1.0/nodes/node-b91e178a-e308-11e4-835d-001e6708f9f4/
    series: trusty
    containers:
      0/lxc/0:
        agent-state-info: 'failed to retrieve the template to clone: container failed
          to start'
        instance-id: pending
        series: trusty
    hardware: arch=amd64 cpu-cores=80 mem=1048576M
    state-server-member-status: has-vote
  "1":
...
  "6":
    agent-state: started
    agent-version: 1.23.3.1
    dns-name: 01.maas
    instance-id: /MAAS/api/1.0/nodes/node-821b00ca-e2fb-11e4-b806-001e6708f9f4/
    series: trusty
    containers:
      6/lxc/0:
        agent-state-info: 'failed to retrieve the template to clone: lxc container
          creation failed: error executing "lxc-create": + ''['' amd64 = i686 '']'';
          + ''['' 0 = 0 '']''; + case "$hostarch:$arch" in; + :; + ''['' tryreleased
          ''!='' daily -a tryreleased ''!='' released -a tryreleased ''!='' tryreleased
          '']''; + ''['' -z /var/lib/lxc/juju-trusty-lxc-template '']''; ++ id -u;
          + ''['' 0 ''!='' 0 '']''; + config=/var/lib/lxc/juju-trusty-lxc-template/config;
          + ''['' -z /var/lib/lxc/juju-trusty-lxc-template/rootfs '']''; + type ubuntu-cloudimg-query;
          ubuntu-cloudimg-query is /usr/bin/ubuntu-cloudimg-query; + type wget; wget
          is /tmp/wget264411543/wget; + cache=/var/cache/lxc/cloud-trusty; + ''[''
          0 -eq 1 '']''; + mkdir -p /var/cache/lxc/cloud-trusty; + ''['' tryreleased
          = tryreleased '']''; + stream=released; + ubuntu-cloudimg-query trusty released
          amd64; + ''['' -n https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz
          '']''; + url2=https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz;
          ++ basename https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz;
          + filename=ubuntu-14.04-server-cloudimg-amd64-root.tar.gz; + ''['' -n https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz
          '']''; + do_extract_rootfs; + cd /var/cache/lxc/cloud-trusty; + ''['' 0
          -eq 1 '']''; + trap wgetcleanup EXIT SIGHUP SIGINT SIGTERM; + ''['' ''!''
          -f ubuntu-14.04-server-cloudimg-amd64-root.tar.gz '']''; + wget https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz;
          --2015-06-01 22:31:12--  https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz;
          Connecting to 10.48.127.168:8080... connected.; Proxy tunneling failed:
          ForbiddenUnable to establish SSL connection.; + build_root_tgz ubuntu-14.04-server-cloudimg-amd64-root.tar.gz;
          + url=ubuntu-14.04-server-cloudimg-amd64-root.tar.gz; + filename=; ++ mktemp
          -d -p .; + xdir=./tmp.SFcwKmDlpI; ++ basename ubuntu-14.04-server-cloudimg-amd64-root.tar.gz;
          + tarname=ubuntu-14.04-server-cloudimg-amd64-root.tar.gz; + imgname=''trusty-*-cloudimg-amd64.img'';
          + trap buildcleanup EXIT SIGHUP SIGINT SIGTERM; + ''['' 0 -eq 1 -o ''!''
          -f /var/cache/lxc/cloud-trusty/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz
          '']''; + rm -f ubuntu-14.04-server-cloudimg-amd64-root.tar.gz; + echo ''Downloading
          cloud image from ubuntu-14.04-server-cloudimg-amd64-root.tar.gz''; Downloading
          cloud image from ubuntu-14.04-server-cloudimg-amd64-root.tar.gz; + wget
          ubuntu-14.04-server-cloudimg-amd64-root.tar.gz; --2015-06-01 22:31:12--  http://ubuntu-14.04-server-cloudimg-amd64-root.tar.gz/;
          Connecting to 10.48.127.168:8080... connected.; Proxy request sent, awaiting
          response... 404 Not Found; 2015-06-01 22:31:12 ERROR 404: Not Found.; +
          echo ''Couldn''\''''t find cloud image ubuntu-14.04-server-cloudimg-amd64-root.tar.gz.'';
          Couldn''t find cloud image ubuntu-14.04-server-cloudimg-amd64-root.tar.gz.;
          + exit 1; + buildcleanup; + cd /var/lib/lxc/juju-trusty-lxc-template/rootfs;
          + umount -l /var/cache/lxc/cloud-trusty/./tmp.SFcwKmDlpI; umount: /var/cache/lxc/cloud-trusty/./tmp.SFcwKmDlpI:
          not mounted; + true; + rm -rf /var/cache/lxc/cloud-trusty; lxc_container:
          lxccontainer.c: create_run_template: 1125 container creation template for
          juju-trusty-lxc-template failed; lxc_container: lxc_create.c: main: 271
          Error creating container juju-trusty-lxc-template'
        instance-id: pending
        series: trusty
    hardware: arch=amd64 cpu-cores=80 mem=1048576M

Revision history for this message

Mike Spreitzer (mike-spreitzer) wrote on 2015-06-03:

#2

It has been so long that I do not clearly remember. I do not think I made much progress beyond the bug report you see.

Revision history for this message

Lucio Menzel (lucio-menzel-a) wrote on 2015-07-02:

#3

Dear all, kindly please provide a fix ASAP.

In my view, OpenStack value is mostly as a Private Cloud environment, and would expect most private cloud customers would have a proxy to allow downloading content from the Internet, right?

Isn't this a big issue for ALL private cloud customers?

Furthermore, once Ubuntu is installed and the proxy settings are defined centrally in one place. Then apps should not need to be 'told' about the proxy settings individually but rather use the proxy settings that defined globally at the OS level.

Revision history for this message

yetang (yeweitang) wrote on 2015-10-20:

#4

Hi Friends,
Is there a solution to this issue? I am trying to create my first container
and encountered exact same error:

$ lxc-create -t download -n yetang-1st
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver.
lxc_container: lxccontainer.c: create_run_template: 1125 container creation template for yetang-1st failed
lxc_container: lxc_create.c: main: 271 Error creating container yetang-1st

$ uname -a
Linux ubuntu-docker 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Thanks!

Revision history for this message

h (hernst-o) wrote on 2015-11-30:

#5

Hi there,

I had the same problems. I had to disable IPv6 to get it working.

best regards
HE

Revision history for this message

Mukul (myadav64) wrote on 2016-02-02:

#6

Please append --no-validate flag to skip gpg validation.
Refer https://github.com/lxc/lxc/blob/master/templates/lxc-download.in#L240

Revision history for this message

Stéphane Graber (stgraber) wrote on 2016-02-19:

#7

The download template respects the http_proxy and https_proxy environment variable, set those to a valid http proxy and everything will work fine.

export http_proxy=http://some-proxy:8080
export https_proxy=http://some-proxy:8080

This has now been supported for quite some time.

Changed in lxc:
status:	New → Fix Released

lxc

keyserver workarounds in templates/lxc-download.in not accessible

Bug Description

Other bug subscribers

Remote bug watches