Lxd Manjaro
Posted on
LXD is a container and virtual-machine "hypervisor" and a new user experience for Linux Containers. Ya sepemahaman bodohku sih lxd ini frontend buat LXC. Install lxd di Manjaro juga gampang banget, tinggal install lewat pacman.
sudo pacman -S lxc lxd
sudo systemctl enable --now lxc lxd
Masalahnya adalah ketika aku coba bikin satu kontainer Debian 10 64bit.
lxc launch images:debian/10/amd64 debian
Muncul error:
Creating debian
Starting debian
Error: Failed to run: /usr/bin/lxd forkstart debian /var/lib/lxd/containers /var/log/lxd/debian/lxc.conf:
Try `lxc info --show-log local:debian` for more info
Hmmm, baru mau mulai sudah error. Haha. Aku cek log sesuai petunjuk:
lxc info --show-log local:debian
# outputnya
Name: debian
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/09/24 02:08 UTC
Status: Stopped
Type: container
Profiles: default
Log:
lxc debian 20200924020852.963 WARN cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1152 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.monitor.debian"
lxc debian 20200924020852.964 WARN cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1152 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.payload.debian"
lxc debian 20200924020852.971 ERROR conf - conf.c:lxc_map_ids:2817 - newuidmap failed to write mapping "": newuidmap 2678 0 1000000 1000000000
lxc debian 20200924020852.971 ERROR start - start.c:lxc_spawn:1732 - Failed to set up id mapping.
lxc debian 20200924020852.971 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:849 - Received container state "ABORTING" instead of "RUNNING"
lxc debian 20200924020852.972 ERROR start - start.c:__lxc_start:1999 - Failed to spawn container "debian"
lxc debian 20200924020852.972 WARN start - start.c:lxc_abort:1018 - No such process - Failed to send SIGKILL via pidfd 30 for process 2678
lxc debian 20200924020853.812 ERROR conf - conf.c:lxc_map_ids:2817 - newuidmap failed to write mapping "": newuidmap 2696 1000000000 0 1 0 1000000 1000000000
lxc debian 20200924020853.812 ERROR conf - conf.c:userns_exec_1:4023 - Error setting up {g,u}id mappings for child process "2696"
lxc debian 20200924020853.818 WARN cgfsng - cgroups/cgfsng.c:cgfsng_payload_destroy:1048 - No such file or directory - Failed to destroy cgroups
lxc debian 20200924020853.100 WARN cgfsng - cgroups/cgfsng.c:cgfsng_monitor_destroy:1109 - Success - Failed to initialize cpuset /sys/fs/cgroup/cpuset//lxc.pivot/lxc.pivot
lxc 20200924020853.101 WARN commands - commands.c:lxc_cmd_rsp_recv:122 - Connection reset by peer - Failed to receive response for command "get_state"
Oh... error gara-gara gagal set uid+gid map. Lanjut cek, si container debian ini masu set uid berapa dan guid berapa.
sudo cat /var/log/lxd/debian/lxc.conf
# outputnya
lxc.log.file = /var/log/lxd/debian/lxc.log
lxc.log.level = warn
lxc.console.buffer.size = auto
lxc.console.size = auto
lxc.console.logfile = /var/log/lxd/debian/console.log
lxc.mount.auto = proc:rw sys:rw cgroup:mixed
lxc.autodev = 1
lxc.pty.max = 1024
lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file,optional 0 0
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file,optional 0 0
lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/kernel/config sys/kernel/config none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none rbind,create=dir,optional 0 0
lxc.mount.entry = /sys/kernel/tracing sys/kernel/tracing none rbind,create=dir,optional 0 0
lxc.mount.entry = /dev/mqueue dev/mqueue none rbind,create=dir,optional 0 0
lxc.include = /usr/share/lxc/config/common.conf.d/
lxc.arch = linux64
lxc.hook.version = 1
lxc.hook.pre-start = /proc/4342/exe callhook /var/lib/lxd 2 start
lxc.hook.stop = /usr/bin/lxd callhook /var/lib/lxd 2 stopns
lxc.hook.post-stop = /usr/bin/lxd callhook /var/lib/lxd 2 stop
lxc.tty.max = 0
lxc.uts.name = debian
lxc.mount.entry = /var/lib/lxd/devlxd dev/lxd none bind,create=dir 0 0
lxc.apparmor.profile = lxd-debian_</var/lib/lxd>//&:lxd-debian_<var-lib-lxd>:
lxc.seccomp.profile = /var/lib/lxd/security/seccomp/debian
lxc.idmap = u 0 1000000 1000000000
lxc.idmap = g 0 1000000 1000000000
lxc.mount.auto = shmounts:/var/lib/lxd/shmounts/debian:/dev/.lxd-mounts
lxc.net.0.name = eth0
lxc.net.0.type = phys
lxc.net.0.flags = up
lxc.net.0.link = vethf945f880
lxc.rootfs.path = dir:/var/lib/lxd/containers/debian/rootfs
Yang aku butuhkan adalah baris:
lxc.idmap = u 0 1000000 1000000000
lxc.idmap = g 0 1000000 1000000000
Langsung saja aku set uid+gid map tersebut. Pertama aku set uid
sudo nano /etc/subuid
# isinya
root:1000000:1000000000
lxd:1000000:1000000000
Kedua gid map
sudo nano /etc/subgid
# isinya
root:1000000:1000000000
lxd:1000000:1000000000
Lanjut aku restart service lxc dan lxd
sudo systemctl restart lxc lxd
Cek daftar container
lxc list
# outputnya
+--------+---------+------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+--------+---------+------+------+-----------+-----------+
| debian | STOPPED | | | CONTAINER | 0 |
+--------+---------+------+------+-----------+-----------+
Start container tersebut
lxc start debian
lxc list
# outputnya
+--------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+--------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| debian | RUNNING | 10.201.30.227 (eth0) | fd42:678f:b042:ffc6:216:3eff:fe8d:3b14 (eth0) | CONTAINER | 0 |
+--------+---------+----------------------+-----------------------------------------------+-----------+-----------+
Cool~