lxc

keyserver workarounds in templates/lxc-download.in not accessible

Bug #1331920 reported by Mike Spreitzer
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
lxc
Fix Released
Undecided
Unassigned

Bug Description

I am on a machine where I need to use the HTTP proxy for the keyserver. I found no way to engage line 59 of https://github.com/lxc/lxc/blob/master/templates/lxc-download.in --- which reads

    DOWNLOAD_KEYSERVER="hkp://p80.pool.sks-keyservers.net:80"

I tried

http_proxy=True lxc-create ...

but I still got a failure fetching the key. (Manually issuing the gpg command computed for the proxy works.)

I also tried adding -keyserver <keyserver> to the template options on my lxc-create command line, as line 192 suggests, but got a complaint that --keyserver is not a valid option; indeed, the option parsing in lines 217--237 does not handle that one.

Revision history for this message
mahmoh (mahmoh) wrote :
Download full text (5.7 KiB)

Hi Mike, did you ever resolve this problem by any chance as a configuration problem or is this still and issue?

I'm hitting this symptom in a proxy environment myself with Juju+MAAS+lxc:

1) " curl https://cloud-images.ubuntu.com/ " works on the node (assumed using the predefined proxy setting)

2) Keys fail though but should work given the download.in code:

  sudo lxc-create --template download --name u1
  Setting up the GPG keyring
  ERROR: Unable to fetch GPG key from keyserver.
  lxc_container: lxccontainer.c: create_run_template: 1125 container creation template for u1 failed
  lxc_container: lxc_create.c: main: 271 Error creating container u1

3) Here's my failure but the failure may actually be caused by the proxy I just noticed 46 lines in:

environment: maas
machines:
  "0":
    agent-state: started
    agent-version: 1.23.3.1
    dns-name: 05.maas
    instance-id: /MAAS/api/1.0/nodes/node-b91e178a-e308-11e4-835d-001e6708f9f4/
    series: trusty
    containers:
      0/lxc/0:
        agent-state-info: 'failed to retrieve the template to clone: container failed
          to start'
        instance-id: pending
        series: trusty
    hardware: arch=amd64 cpu-cores=80 mem=1048576M
    state-server-member-status: has-vote
  "1":
...
  "6":
    agent-state: started
    agent-version: 1.23.3.1
    dns-name: 01.maas
    instance-id: /MAAS/api/1.0/nodes/node-821b00ca-e2fb-11e4-b806-001e6708f9f4/
    series: trusty
    containers:
      6/lxc/0:
        agent-state-info: 'failed to retrieve the template to clone: lxc container
          creation failed: error executing "lxc-create": + ''['' amd64 = i686 '']'';
          + ''['' 0 = 0 '']''; + case "$hostarch:$arch" in; + :; + ''['' tryreleased
          ''!='' daily -a tryreleased ''!='' released -a tryreleased ''!='' tryreleased
          '']''; + ''['' -z /var/lib/lxc/juju-trusty-lxc-template '']''; ++ id -u;
          + ''['' 0 ''!='' 0 '']''; + config=/var/lib/lxc/juju-trusty-lxc-template/config;
          + ''['' -z /var/lib/lxc/juju-trusty-lxc-template/rootfs '']''; + type ubuntu-cloudimg-query;
          ubuntu-cloudimg-query is /usr/bin/ubuntu-cloudimg-query; + type wget; wget
          is /tmp/wget264411543/wget; + cache=/var/cache/lxc/cloud-trusty; + ''[''
          0 -eq 1 '']''; + mkdir -p /var/cache/lxc/cloud-trusty; + ''['' tryreleased
          = tryreleased '']''; + stream=released; + ubuntu-cloudimg-query trusty released
          amd64; + ''['' -n https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz
          '']''; + url2=https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz;
          ++ basename https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz;
          + filename=ubuntu-14.04-server-cloudimg-amd64-root.tar.gz; + ''['' -n https://10.125.4.241:17070/environment/29f9e545-51b0-4ff6-83d1-9ff5f7d13ce2/images/lxc/trusty/amd64/ubuntu-14.04-server-cloudimg-amd64-root.tar.gz
          '']''; + d...

Read more...

Revision history for this message
Mike Spreitzer (mike-spreitzer) wrote :

It has been so long that I do not clearly remember. I do not think I made much progress beyond the bug report you see.

Revision history for this message
Lucio Menzel (lucio-menzel-a) wrote :

Dear all, kindly please provide a fix ASAP.

In my view, OpenStack value is mostly as a Private Cloud environment, and would expect most private cloud customers would have a proxy to allow downloading content from the Internet, right?

Isn't this a big issue for ALL private cloud customers?

Furthermore, once Ubuntu is installed and the proxy settings are defined centrally in one place. Then apps should not need to be 'told' about the proxy settings individually but rather use the proxy settings that defined globally at the OS level.

Revision history for this message
yetang (yeweitang) wrote :

Hi Friends,
Is there a solution to this issue? I am trying to create my first container
and encountered exact same error:

$ lxc-create -t download -n yetang-1st
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver.
lxc_container: lxccontainer.c: create_run_template: 1125 container creation template for yetang-1st failed
lxc_container: lxc_create.c: main: 271 Error creating container yetang-1st

$ uname -a
Linux ubuntu-docker 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Thanks!

Revision history for this message
h (hernst-o) wrote :

Hi there,

I had the same problems. I had to disable IPv6 to get it working.

best regards
HE

Revision history for this message
Mukul (myadav64) wrote :

Please append --no-validate flag to skip gpg validation.
Refer https://github.com/lxc/lxc/blob/master/templates/lxc-download.in#L240

Revision history for this message
Stéphane Graber (stgraber) wrote :

The download template respects the http_proxy and https_proxy environment variable, set those to a valid http proxy and everything will work fine.

export http_proxy=http://some-proxy:8080
export https_proxy=http://some-proxy:8080

This has now been supported for quite some time.

Changed in lxc:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.