{"id":2817,"date":"2017-12-17T19:32:12","date_gmt":"2017-12-17T18:32:12","guid":{"rendered":"https:\/\/kudzia.eu\/b\/?p=2817"},"modified":"2017-12-17T19:40:54","modified_gmt":"2017-12-17T18:40:54","slug":"lxc-broken-after-upgrade-from-linux-image-4-12-0-0-bpo-1-amd64-to-linux-image-4-13-0-0-bpo-1-amd64","status":"publish","type":"post","link":"https:\/\/kudzia.eu\/b\/2017\/12\/lxc-broken-after-upgrade-from-linux-image-4-12-0-0-bpo-1-amd64-to-linux-image-4-13-0-0-bpo-1-amd64\/","title":{"rendered":"lxc broken after upgrade from linux-image-4.12.0-0.bpo.1-amd64 to linux-image-4.13.0-0.bpo.1-amd64"},"content":{"rendered":"<p>lxc containers no longer start after i&#8217;ve upgraded debian stretch server from 4.12 kernel from stretch-backports repository to 4.13 also from backports.<\/p>\n<p>symptoms in \/var\/log\/syslog:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nDec 17 16:34:30 lxc1 systemd-udevd&#x5B;3303]: Could not generate persistent MAC address for veth6X3OHV: No such file or directory\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.666014] br.10: port 2(veth106L33) entered blocking state\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.666016] br.10: port 2(veth106L33) entered disabled state\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.666069] device veth106L33 entered promiscuous mode\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.666170] IPv6: ADDRCONF(NETDEV_UP): veth106L33: link is not ready\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.698224] eth0: renamed from veth6X3OHV\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.729446] IPv6: ADDRCONF(NETDEV_CHANGE): veth106L33: link becomes ready\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.729500] br.10: port 2(veth106L33) entered blocking state\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.729502] br.10: port 2(veth106L33) entered forwarding state\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.848353] br.10: port 2(veth106L33) entered disabled state\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.848734] device veth106L33 left promiscuous mode\r\nDec 17 16:34:30 lxc1 kernel: &#x5B;  244.848737] br.10: port 2(veth106L33) entered disabled state\r\n<\/pre>\n<p>that was resolved by creating \/etc\/systemd\/network\/99-default.link with:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n&#x5B;Link]\r\nNamePolicy=kernel database onboard slot path\r\nMACAddressPolicy=none\r\n<\/pre>\n<p>via <a href=\"https:\/\/github.com\/systemd\/systemd\/issues\/3374#issuecomment-339258483\">this<\/a> comment.<\/p>\n<p>then there was nothing interesting in syslog but the lxc guest still would not start &#8211; <b>lxc-start -F -n serverName<\/b> gave quite messy:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nlxc-start: cgroups\/cgfsng.c: create_path_for_hierarchy: 1306 Path &quot;\/sys\/fs\/cgroup\/systemd\/\/lxc\/serverName&quot; already existed.\r\n                                                                                                                         lxc-start: cgroups\/cgfsng.c: cgfsng_create: 1363 No such file or directory - Failed to create \/sys\/fs\/cgroup\/systemd\/\/lxc\/serverName: No such file or directory\r\n                                         lxc-start: lsm\/apparmor.c: apparmor_process_label_set: 220 If you really want to start this container, set\r\n                                                                                                                                                   lxc-start: lsm\/apparmor.c: apparmor_process_label_set: 221 lxc.aa_allow_incomplete = 1\r\n                                                                                                                                                                                                                                         lxc-start: lsm\/apparmor.c: apparmor_process_label_set: 222 in your container configuration file\r\n                                                                                           lxc-start: sync.c: __sync_wait: 57 An error occurred in another process (expected sequence number 5)\r\n                                                                                                                                                                                               lxc-start: start.c: __lxc_start: 1346 Failed to spawn container &quot;serverName&quot;.\r\n                             lxc-start: cgroups\/cgfsng.c: recursive_destroy: 1270 Error destroying \/sys\/fs\/cgroup\/systemd\/\/lxc\/serverName-1\r\nlxc-start: cgroups\/cgfsng.c: recursive_destroy: 1270 Error destroying \/sys\/fs\/cgroup\/perf_event\/\/lxc\/serverName-1\r\n&#x5B;..]\r\nlxc-start: tools\/lxc_start.c: main: 366 The container failed to start.\r\nlxc-start: tools\/lxc_start.c: main: 370 Additional information can be obtained by setting the --logfile and --logpriority options.\r\n<\/pre>\n<p>which was fixed by editing all of the \/var\/lib\/lxc\/<i>serverName<\/i>\/config and adding there:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nlxc.aa_profile = unconfined\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>lxc containers no longer start after i&#8217;ve upgraded debian stretch server from 4.12 kernel from stretch-backports repository to 4.13 also from backports. symptoms in \/var\/log\/syslog: Dec 17 16:34:30 lxc1 systemd-udevd&#x5B;3303]: Could not generate persistent MAC address for veth6X3OHV: No such file or directory Dec 17 16:34:30 lxc1 kernel: &#x5B; 244.666014] br.10: port 2(veth106L33) entered blocking [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,51],"tags":[85],"class_list":["post-2817","post","type-post","status-publish","format-standard","hentry","category-tech","category-unimportant","tag-lxc"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2817","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=2817"}],"version-history":[{"count":4,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2817\/revisions"}],"predecessor-version":[{"id":2821,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2817\/revisions\/2821"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=2817"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=2817"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=2817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}