containers won't start after lxc and apparmor upgrades in trusty
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
On January 19 lxc and apparmor were upgraded on our VPN servers:
2017-01-19 06:30:36 upgrade libdbus-1-3:amd64 1.6.18-0ubuntu4.4 1.6.18-0ubuntu4.5
2017-01-19 06:30:37 upgrade python3-lxc:amd64 1.0.8-0ubuntu0.4 1.0.9-0ubuntu2
2017-01-19 06:30:38 upgrade libapparmor1:amd64 2.8.95~
2017-01-19 06:30:38 upgrade libapparmor-
2017-01-19 06:30:38 upgrade apparmor:amd64 2.8.95~
2017-01-19 06:30:39 upgrade lxc-templates:amd64 1.0.8-0ubuntu0.4 1.0.9-0ubuntu2
2017-01-19 06:30:40 upgrade liblxc1:amd64 1.0.8-0ubuntu0.4 1.0.9-0ubuntu2
2017-01-19 06:30:40 upgrade lxc:amd64 1.0.8-0ubuntu0.4 1.0.9-0ubuntu2
2017-01-19 06:30:41 upgrade libseccomp2:amd64 2.1.0+dfsg-1 2.1.1-1ubuntu1~
2017-01-19 06:30:42 upgrade dbus:amd64 1.6.18-0ubuntu4.4 1.6.18-0ubuntu4.5
The day after, the servers were rebooted and the application containers running the OpenVPN instances failed to start:
+ lxc-execute -n network-vpn -f /server/
lxc-execute: utils.c: safe_mount: 1391 No such file or directory - Failed to mount proc onto /proc
lxc-execute: conf.c: tmp_proc_mount: 4132 No such file or directory - failed to mount /proc in the container.
lxc-execute: lsm/apparmor.c: apparmor_
lxc-execute: lsm/apparmor.c: apparmor_
lxc-execute: sync.c: __sync_wait: 57 An error occurred in another process (expected sequence number 5)
lxc-execute: start.c: __lxc_start: 1149 failed to spawn 'network-vpn'
lxc-execute: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_
lxc-execute: cgmanager.c: cgm_remove_cgroup: 525 Error removing hugetlb:
lxc-execute: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_
lxc-execute: cgmanager.c: cgm_remove_cgroup: 525 Error removing perf_event:
lxc-execute: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_
lxc-execute: cgmanager.c: cgm_remove_cgroup: 525 Error removing blkio:lxc/
lxc-execute: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_
lxc-execute: cgmanager.c: cgm_remove_cgroup: 525 Error removing freezer:
lxc-execute: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_
lxc-execute: cgmanager.c: cgm_remove_cgroup: 525 Error removing devices:
lxc-execute: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_
lxc-execute: cgmanager.c: cgm_remove_cgroup: 525 Error removing memory:
lxc-execute: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_
lxc-execute: cgmanager.c: cgm_remove_cgroup: 525 Error removing name=systemd:
lxc-execute: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_
lxc-execute: cgmanager.c: cgm_remove_cgroup: 525 Error removing cpuacct:
lxc-execute: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_
lxc-execute: cgmanager.c: cgm_remove_cgroup: 525 Error removing cpu:lxc/network-vpn
lxc-execute: cgmanager.c: cgm_remove_cgroup: 523 call to cgmanager_
lxc-execute: cgmanager.c: cgm_remove_cgroup: 525 Error removing cpuset:
We had to downgrade lxc, apparmor and related packages to the latest version from trusty-security instead of trusty-updates to get the VPN up and running again.
Details:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty
3.13.0-107-generic #154-Ubuntu SMP Tue Dec 20 09:57:27 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Any clue about what's going on?
Thanks,
Alex
Changed in lxc (Ubuntu): | |
status: | Incomplete → Fix Released |
lxc.conf with obfuscated IP addresses.