juju-core

local provider deploys fail with 'install hook failed'

Bug #1247299 reported by Ben Howard
24
This bug affects 7 people
Affects Status Importance Assigned to Milestone
juju-core
Fix Released
High
Tim Penhey
juju-core 1.17.0
1.16
Fix Released
High
Tim Penhey
juju-core 1.16.3
juju-core (Ubuntu)
Fix Released
Undecided
Unassigned
Saucy
Fix Released
High
Unassigned
Trusty
Fix Released
Undecided
Unassigned

Bug Description

[Impact]
Unable to deploy charms under local provider on Raring/Saucy hosts.

[Test Case]
juju bootstrap
juju deploy mysql
(fails)

[Regression Potential]
Scope limited to local provider so limited.

[Original Bug Report]
From within a LXC container, cgroup-lite failes to install. It appears that apparmor on the parent (Raring and Saucy thus far) is blocking the cgroup mount.

ubuntu@test2:~$ sudo apt-get -y install cgroup-lite
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  cgroup-lite
0 upgraded, 1 newly installed, 0 to remove and 8 not upgraded.
Need to get 3,878 B of archives.
After this operation, 50.2 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu/ precise-updates/main cgroup-lite all 1.1.2 [3,878 B]
Fetched 3,878 B in 0s (29.0 kB/s)
Selecting previously unselected package cgroup-lite.
(Reading database ... 47498 files and directories currently installed.)
Unpacking cgroup-lite (from .../cgroup-lite_1.1.2_all.deb) ...
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-3.2.0-55-virtual
Processing triggers for ureadahead ...
Setting up cgroup-lite (1.1.2) ...
<4>init: cgroup-lite pre-start process (2819) terminated with status 32
start: Job failed to start
invoke-rc.d: initscript cgroup-lite, action "start" failed.
dpkg: error processing cgroup-lite (--configure):
 subprocess installed post-installation script returned error exit status 1
No apport report written because MaxReports is reached already
Errors were encountered while processing:
 cgroup-lite
E: Sub-process /usr/bin/dpkg returned an error code (1)

ubuntu@test2:~$ dmesg | tail -n 10
[ 1065.404885] device vethG0iqqC left promiscuous mode
[ 1065.404887] lxcbr0: port 2(vethG0iqqC) entered disabled state
[ 1150.155838] device vethkiYHDA entered promiscuous mode
[ 1150.155892] IPv6: ADDRCONF(NETDEV_UP): vethkiYHDA: link is not ready
[ 1150.169570] IPv6: ADDRCONF(NETDEV_CHANGE): vethkiYHDA: link becomes ready
[ 1150.169598] lxcbr0: port 2(vethkiYHDA) entered forwarding state
[ 1150.169602] lxcbr0: port 2(vethkiYHDA) entered forwarding state
[ 1165.216112] lxcbr0: port 2(vethkiYHDA) entered forwarding state
[ 1191.444421] type=1400 audit(1383347753.701:34): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=14826 profile="lxc-container-default" name="/sys/fs/cgroup/cpuset/" pid=14834 comm="mount" fstype="cgroup" srcname="cgroup" flags="rw"
[ 1191.445808] type=1400 audit(1383347753.705:35): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=14826 profile="lxc-container-default" name="/sys/fs/cgroup/cpuset/" pid=14834 comm="mount" fstype="cgroup" srcname="cgroup" flags="ro"

See original description

Related branches

lp:~thumper/juju-core/local-provider-machines-no-lxc
Juju Engineering: Pending requested
Diff: 11 lines (+1/-0)
1 file modified
provider/local/environ.go (+1/-0)
lp:~thumper/juju-core/fix-local-lxc-install-1.16
Juju Engineering: Pending requested
Diff: 37 lines (+3/-2)
3 files modified
provider/local/environ.go (+1/-0)
scripts/win-installer/setup.iss (+1/-1)
version/version.go (+1/-1)
lp:ubuntu/saucy-proposed/juju-core
Ben Howard (darkmuggle-deactivatedaccount)
summary: - app armor blocks cgroup-lite from mounting
+ aparmor blocks cgroup-lite from mounting
Seth Arnold (seth-arnold)
summary: - aparmor blocks cgroup-lite from mounting
+ apparmor blocks cgroup-lite from mounting
Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: apparmor blocks cgroup-lite from mounting

This is not a bug. If you need to mount cgroups, then you must use the lxc-container-default-with-nesting profile.

(Hopefully this will all become moot with the nestable cgroup manager in the next ... short while)

Changed in cgroup-lite (Ubuntu):
status: New → Invalid
Tim Penhey (thumper)
Changed in juju-core:
status: New → Triaged
importance: Undecided → High
tags: added: local-provider
Changed in juju-core:
milestone: none → 1.17.0
Revision history for this message
Adam Stokes (adam-stokes) wrote :
Download full text (15.7 KiB)

as asked on irc here is my log output from `juju deploy wordpress` running on Saucy with version 1.16.2-saucy-amd64

environments.yaml

  ## https://juju.ubuntu.com/docs/config-local.html
  local:
    type: local
    admin-secret: 3303a7c433559ea535350fd1e6ac7f22
    # Override the directory that is used for the storage files and database.
    # The default location is $JUJU_HOME/<ENV>.
    # $JUJU_HOME defaults to ~/.juju
    root-dir: /opt/juju
    # Override the storage port if you have multiple local providers, or if the
    # default port is used by another program.
    # storage-port: 8040
    # Override the shared storage port if you have multiple local providers, or if the
    # default port is used by another program.
    # shared-storage-port: 8041
    # Override the network bridge if you have changed the default lxc bridge
    # network-bridge: lxcbr0

juju status

~ » juju status adam@bigboi
environment: local
machines:
  "0":
    agent-state: started
    agent-version: 1.16.2.1
    dns-name: 10.0.3.1
    instance-id: localhost
    series: saucy
  "1":
    agent-state: started
    agent-version: 1.16.2.1
    instance-id: adam-local-machine-1
    instance-state: missing
    series: precise
services:
  wordpress:
    charm: cs:precise/wordpress-20
    exposed: false
    relations:
      loadbalancer:
      - wordpress
    units:
      wordpress/0:
        agent-state: error
        agent-state-info: 'hook failed: "install"'
        agent-version: 1.16.2.1
        machine: "1"
        public-address: 10.0.3.227

/opt/juju/log/machine-1.log

2013-11-04 00:43:45 INFO juju machine.go:109 machine agent machine-1 start
2013-11-04 00:43:45 DEBUG juju.agent agent.go:237 Reading agent config, format: format 1.16
2013-11-04 00:43:45 INFO juju runner.go:253 worker: start "api"
2013-11-04 00:43:45 INFO juju apiclient.go:111 state/api: dialing "wss://10.0.3.1:17070/"
2013-11-04 00:43:45 INFO juju apiclient.go:121 state/api: connection established
2013-11-04 00:43:45 INFO juju runner.go:253 worker: start "machiner"
2013-11-04 00:43:45 INFO juju runner.go:253 worker: start "upgrader"
2013-11-04 00:43:45 INFO juju runner.go:253 worker: start "logger"
2013-11-04 00:43:45 DEBUG juju.worker.logger logger.go:35 initial log config: "<root>=DEBUG"
2013-11-04 00:43:45 DEBUG juju.worker.logger logger.go:60 logger setup
2013-11-04 00:43:45 INFO juju runner.go:253 worker: start "deployer"
2013-11-04 00:43:45 DEBUG juju.worker.logger logger.go:45 reconfiguring logging from "<root>=DEBUG" to "<root>=INFO"
2013-11-04 00:43:45 INFO juju.worker.deployer deployer.go:106 checking unit "wordpress/0"
2013-11-04 00:43:45 INFO juju.worker.deployer deployer.go:146 deploying unit "wordpress/0"
2013-11-04 00:43:45 INFO juju.worker.upgrader upgrader.go:134 desired tool version: 1.16.2.1
2013-11-04 00:43:45 INFO juju.worker.machiner machiner.go:52 "machine-1" started

/opt/juju/log/unit-wordpress-0.log

2013-11-04 00:43:45 DEBUG juju.agent agent.go:237 Reading agent config, format: format 1.16
2013-11-04 00:43:45 INFO juju.jujud unit.go:73 unit agent unit-wordpress-0 sta...

Revision history for this message
Richard Harding (rharding) wrote :

I get this issue when attempting to use juju to deploy my charm into an lxc container. cgroups comes in as part of the build-essential meta-package and will not allow me to do things like pip install python packages that require a compilation step.

My in-progress charm is located at: https://github.com/bookieio/bookie-charm/tree/start-config

Attached the log for the unit.

Revision history for this message
Tim Penhey (thumper) wrote :

cgroups doesn't come in with build-essential, but it is being brought in by mistake because the lxc package was being installed by mistake in the local provider machines.

Tim Penhey (thumper)
Changed in juju-core:
status: Triaged → In Progress
assignee: nobody → Tim Penhey (thumper)
Tim Penhey (thumper)
Changed in juju-core:
status: In Progress → Fix Committed
summary: - apparmor blocks cgroup-lite from mounting
+ local provider deploys fail with 'install hook failed'
Revision history for this message
Brandon Clark (web-brandon) wrote :

Hope the fix works. I noticed it happens when using -y and -qq options for apt-get.

James Page (james-page)
Changed in juju-core (Ubuntu Trusty):
status: New → Fix Released
James Page (james-page)
description: updated
Changed in juju-core (Ubuntu Saucy):
importance: Undecided → High
Serge Hallyn (serge-hallyn)
no longer affects: cgroup-lite (Ubuntu)
no longer affects: cgroup-lite (Ubuntu Saucy)
no longer affects: cgroup-lite (Ubuntu Trusty)
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Ben, or anyone else affected,

Accepted juju-core into saucy-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/juju-core/1.16.3-0ubuntu0.13.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in juju-core (Ubuntu Saucy):
status: New → Fix Committed
tags: added: verification-needed
James Page (james-page)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package juju-core - 1.16.3-0ubuntu0.13.10.1

---------------
juju-core (1.16.3-0ubuntu0.13.10.1) saucy-proposed; urgency=low

  * New upstream stable point release:
    - MAAS: juju destroy-environment also destroys nodes that are not
      controlled by juju/in different juju environments
      (LP: #1229275, #1081247).
    - MAAS: LXC container provisioning broken due to missing secrets
      in API calls (LP: #1246556).
    - MAAS: disambiguate use of environment uuid between state server
      and environment configuration (LP: #1240423).
    - local: provider fails to start due to missing setup of bootstrap
      storage (LP: #1240709).
    - local: local provider deploys fail due to inclusion of lxc package
      within LXC containers (LP: #1247299).
    - Azure: bootstrap fails due to old API version headers (LP: #1246320).
    - client: os.rename does not work on Windows (LP: #1240927).
    - simplestreams: cannot create simplestreams data for Ubuntu Trusty
      (LP: #1241666).
    - cloud-init: Embed full cloud-archive keyring in metadata to avoid
      calls to keyserver.ubuntu.com which fail in egress restricted
      data center environments (LP: #1243861).
    - core: regression - relation name regex is to restrictive (LP: #1245004).
 -- James Page <email address hidden> Thu, 21 Nov 2013 10:30:39 +0000

Changed in juju-core (Ubuntu Saucy):
status: Fix Committed → Fix Released
Revision history for this message
Stéphane Graber (stgraber) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Curtis Hovey (sinzui)
Changed in juju-core:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.