Trusty is technically not directly affected by the container proc issue as there was an Ubuntu patch dropped in xenial to skip setting rlimit- nproc when /run/container_type=lxc
Could happen if that doesn't exist though, and the memory issue can still occur, so still recommend upload. ** Description changed: [Original Description] The bug, and workaround, are clearly described in this mailing list thread: https://lists.linuxcontainers.org/pipermail/lxc- users/2016-January/010791.html I'm trying to install MAAS in a LXD container, but that's failing due to avahi package install problems. I'm tagging all packages here. [Issue] Avahi sets a number of rlimits on startup including the maximum number of processes (nproc=2) and limits on memory usage. These limits are hit in a number of cases - specifically the maximum process limit is hit if you run lxd containers in 'privileged' mode such that avahi has the same uid in multiple containers and large networks can trigger the memory limit. The fix is to remove these default rlimits completely from the configuration file. [Impact] - * Avahi is unable to start inside of containers without UID namespace isolation because an rlimit on the maximum number of processes is set by default to 2. When a container launches Avahi, the total number of processes on the system in all containers exceeds this limit and Avahi is killed. It also fails at install time, rather than runtime due to a failure to start the service. - * Some users also have issues with the maximum memory allocation causing Avahi to exit on networks with a large number of services as the memory limit was quite small (4MB). Refer LP #1638345 + * Avahi is unable to start inside of containers without UID namespace isolation because an rlimit on the maximum number of processes is set by default to 2. When a container launches Avahi, the total number of processes on the system in all containers exceeds this limit and Avahi is killed. It also fails at install time, rather than runtime due to a failure to start the service. + * Some users also have issues with the maximum memory allocation causing Avahi to exit on networks with a large number of services as the memory limit was quite small (4MB). Refer LP #1638345 [Test Case] - * setup lxd (apt install lxd, lxd init, get working networking) - * lxc launch ubuntu:16.04 avahi-test --config security.privileged=true - * lxc exec avahi-test sudo apt install avahi-daemon + * setup lxd (apt install lxd, lxd init, get working networking) + * lxc launch ubuntu:16.04 avahi-test --config security.privileged=true + * lxc exec avahi-test sudo apt install avahi-daemon This will fail if the parent host has avahi-daemon installed, however, if it does not you can setup a second container (avahi-test2) and install avahi there. That should then fail (as the issue requires 2 copies of avahi-daemon in the same uid namespace to fail) [Regression Potential] - * The fix removes all rlimits configured by avahi on startup, this is + * The fix removes all rlimits configured by avahi on startup, this is an extra step avahi takes that most programs did not take (limiting memory usage, running process count, etc). It's possible an unknown bug then consumes significant system resources as a result of that limit no longer being in place, that was previously hidden by Avahi crashing instead. However I believe this risk is significantly reduced as this change has been shipping upstream for many months and have not seen any reports of new problems - however it has fixed a number of existing crashes/problems. [Other Info] - - * This change already exists upstream in 0.7 which is in bionic. SRU required to artful, xenial, trusty. - * The main case this may not fix the issue is if they have modified their avahi-daemon.conf file - but it will fix new installs and most installs as most users don't modify the file. And users may be prompted on upgrade to replace the file. + + * This change already exists upstream in 0.7 which is in bionic. SRU required to artful, xenial, trusty. + * The main case this may not fix the issue is if they have modified their avahi-daemon.conf file - but it will fix new installs and most installs as most users don't modify the file. And users may be prompted on upgrade to replace the file. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1661869 Title: maas install fails inside of a 16.04 lxd container due to avahi problems To manage notifications about this bug go to: https://bugs.launchpad.net/maas/+bug/1661869/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
