[SRU] avahi fails in containers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
High
|
Unassigned | ||
avahi (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Precise |
Fix Released
|
Critical
|
Unassigned | ||
Saucy |
Fix Released
|
Critical
|
Unassigned | ||
Trusty |
Fix Released
|
Critical
|
Unassigned |
Bug Description
installed a brand new maas server on suacy into an lxc container from archive and http://<ip>/MAAS is not accessible although http://<ip> is accessible
http://<ip>/MAAS is getting logged to /var/log/
<roaksoax> danwest: can you please pastebin apache2's error and access.log
<danwest> http://
<danwest> http://
<roaksoax> danwest: I know what it is
<roaksoax> danwest: dbus/avahi
<roaksoax> danwest: try to restart whatever avahi service there is
<andreas> "dbus" reminds me of https:/
<andreas> but that was about the units, not maas itself
<danwest> https:/
<danwest> same problem
<roaksoax> danwest: yeah the avahi daemon is failing to start, causing maas to fail
<roaksoax> danwest: maybe restart whatever dbus serviice it is, and then the avahi-daemon
<matsubara> danwest, restart dbus and avahi-daemon, see https:/
<roaksoax> danwest: did avahi-daemon restart corrrectly?
<danwest> nope
<roaksoax> danwest: i guess then an issue with dbus is preventing avahi from working... hence maas failing
<danwest> roaksoax: should not matter but the only thing that is a little unique is that this is in a saucy container
<roaksoax> danwest: ah so then thats the issue...
<danwest> what, the container?
<roaksoax> yeah
<danwest> how so?
<roaksoax> avahi might have issues running in a container
<danwest> hallyn: roaksoax: what should I file that lxc/avahi /maas bug that I hit this morning against?
<hallyn> danwest: i think maas should work around it by unsetting rlimit-nproc
<hallyn> (and/or by running on trusty in a private user ns
<hallyn> smoser: fwiw the problem is that avahi sets its nproc rlimit to exaclty 3, but in a container it's using a uid that is in use on the host - so it exceeds 3 tasks
<hallyn> (i.e. it's reusing uid which is ntp on the host, and ntp is running; or just another avahi)
<smoser> ok...
<smoser> so that doesn't seem like maas's problem to me
<smoser> nor juju's really.
<hallyn> smoser: it is. it needs to pick a unique uid, or configure avahi to ignore the rlimit
<smoser> maas isn't running avahi
<smoser> is it ?
<hallyn> i duno what's actually running it :) it's *for* maas, but it probably is juju
<smoser> what if there was a bug in php, and a user used maas to deploy php.
<smoser> should we fix that in maas ?
<hallyn> you're talking about a bug. i'm talking about a resource conflict
<hallyn> having avahi alwasy run without nprocs, for protection, would be wrong for this.
fix is still up for debate on this one...
[Impact]
Avahi sets the rlimit_nproc to 3, causing avahi to fail running in containers. This This option should not be set in containers at all. This causes avahi-daemon to fail, hence all the applications that use avahi will also fail. In this particular case, MAAS fails because of this.
[Test Case]
1. Install a container.
2. Install MAAS
3. Check apache2 log for errors, such as those in [1].
[Regression Potential]
Minimal. This has been tested and works as expected.
Related branches
- Julian Edwards (community): Approve
-
Diff: 535 lines (+7/-373)15 files modifiedHACKING.txt (+3/-3)
buildout.cfg (+0/-4)
contrib/maas-http.conf (+1/-2)
docs/nodes.rst (+0/-9)
docs/troubleshooting.rst (+2/-8)
required-packages/base (+0/-3)
required-packages/dev (+0/-1)
setup.py (+0/-2)
src/maasserver/maasavahi.py (+0/-56)
src/maasserver/start_up.py (+0/-4)
src/maasserver/tests/test_maasavahi.py (+0/-119)
src/maasserver/tests/test_start_up.py (+0/-8)
src/maasserver/tests/test_zeroconfservice.py (+0/-84)
src/maasserver/views/nodes.py (+1/-1)
src/maasserver/zeroconfservice.py (+0/-69)
- Julian Edwards (community): Approve
-
Diff: 39 lines (+4/-4)2 files modifieddebian/changelog (+3/-0)
debian/control (+1/-4)
Changed in avahi (Ubuntu): | |
importance: | Undecided → Critical |
Changed in avahi (Ubuntu Saucy): | |
importance: | Undecided → Critical |
Changed in maas: | |
status: | Triaged → Invalid |
status: | Invalid → Confirmed |
status: | Confirmed → Triaged |
description: | updated |
summary: |
- MAAS install in lxc fails due to avahi issues + [SRU] avahi fails in containers |
Changed in avahi (Ubuntu Precise): | |
importance: | Undecided → Critical |
no longer affects: | maas/1.4 |
If you can run without avahi (as someone suggested) that would be ideal.
Otherwise, assuming juju is being used to set up avahi (even indirectly through dependencies), juju should sed -i '/rlimit-nproc/d' /etc/avahi/ avahi-daemon. conf.