Hello,
I am trying to make an Ubuntu container in my Manjaro system. To do this, I am following the LXD tutorial in the Arch wiki. I’ve done the following:
- Installed lxd package and enabled lxd.service
- Added the following lines to /etc/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
- Created /etc/subuid and /etc/subgid with the following:
root:100000:65536
- Created /etc/systemd/system/user@1000.service.d/delegate.conf witht eh following:
[Service]
Delegate=cpu cpuset io memory pids
- ran lxd-init as root (sudo)
- Added my user to the lxd group
Then I created an ubuntu container called “ubuntu-ros”. However, this is what I get when I try to start it
[the9a3eedi@9a3eedi-laptop ~]$ lxc start ubuntu-ros
Error: Failed to run: /usr/bin/lxd forkstart ubuntu-ros /var/lib/lxd/containers /var/log/lxd/ubuntu-ros/lxc.conf:
Try `lxc info --show-log ubuntu-ros` for more info
[the9a3eedi@9a3eedi-laptop ~]$ lxc info --show-log ubuntu-ros
Name: ubuntu-ros
Status: STOPPED
Type: container
Architecture: x86_64
Created: 2022/05/24 23:06 BST
Last Used: 2022/05/30 19:15 BST
Log:
lxc ubuntu-ros 20220530181517.923 ERROR conf - conf.c:lxc_map_ids:3668 - newuidmap failed to write mapping "newuidmap: uid range [0-1000000000) -> [1000000-1001000000) not allowed": newuidmap 6371 0 1000000 1000000000
lxc ubuntu-ros 20220530181517.964 ERROR start - start.c:lxc_spawn:1791 - Failed to set up id mapping.
lxc ubuntu-ros 20220530181517.165 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:877 - Received container state "ABORTING" instead of "RUNNING"
lxc ubuntu-ros 20220530181517.301 ERROR start - start.c:__lxc_start:2074 - Failed to spawn container "ubuntu-ros"
lxc ubuntu-ros 20220530181517.304 WARN start - start.c:lxc_abort:1039 - No such process - Failed to send SIGKILL via pidfd 17 for process 6371
lxc 20220530181522.368 ERROR af_unix - af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20220530181522.372 ERROR commands - commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors for command "get_state"
[the9a3eedi@9a3eedi-laptop ~]$
Note, the above steps I’ve done a little bit at a time in between reboots as I tried to figure out the instructions. So maybe there’s something I’ve missed.
Also, here is the output of lxc-checkconfig
LXC version 4.0.12
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Warning: newuidmap is not setuid-root
Warning: newgidmap is not setuid-root
Network namespace: enabled
--- Control groups ---
Cgroups: enabled
Cgroup namespace: enabled
Cgroup v1 mount points:
Cgroup v2 mount points:
/sys/fs/cgroup
Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup ns_cgroup: required
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded
--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities:
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
I notice that it’s complaining that some Cgroup things are missing, but I’m not sure what they are and what to do next. Can anyone help?
on a side note, I never used a container before, but I am under the impression that they’re much lighter than VMs. If I understand correctly, you don’t need to allocate a hard disk image or a chunk of RAM for them, and they just run as if they’re somewhat part of the OS. What I’m trying to recreate here is something similar to WSL or WSL2 on Windows, where I had a nice Ubuntu environment inside of Windows, and the envrionment only took as much RAM and disk space as it needed. Is this possible with containers? Because my understanding is that it is, and that’s why I’m taking the harder route of using them vs just using a VM.