After a brief chat with the snap team we found out that while lxd
supports multiple levels of nesting, the same does not apply to
apparmor. The nested container cannot install its own apparmor profiles
and shares the ones installed at its host.
To this end, snapd will not work (snap install will fail with "system
does not fully support snapd: apparmor detected but insufficient
permissions to use") and therefore eoan/focal images cannot be used for
nested lxd use-cases.
The current workaround is to deploy bionic workloads when using nested
lxd containers. Since there isn't much that Juju can do at this point in
time to fix this, I will mark this as wontfix for now.
Note that while this problem has been affecting 2.6.10, 2.7.x and will also be
affecting 2.8, no users seem to have bumped into it, yet. Possible reasons for
this include:
- nested lxd container scenarios are not that common
- most charms support bionic and have not been updated to support eoan/focal.
** Also affects: juju (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: juju (Ubuntu)
** Also affects: juju/2.6
Importance: Undecided
Status: New
** Also affects: juju/2.8
Importance: Undecided
Status: New
** Also affects: juju/2.7
Importance: Undecided
Status: New
** Changed in: juju
Status: Triaged => Won't Fix
** Changed in: juju/2.6
Status: New => Won't Fix
** Changed in: juju/2.7
Status: New => Won't Fix
** Changed in: juju/2.8
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1874118
Title:
Nested lxd workloads cause container-based units to get stuck in
pending state
To manage notifications about this bug go to:
https://bugs.launchpad.net/juju/+bug/1874118/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
