Problem with Leap 15 beta and systemd-nspawn / machinectl

Hello,

I have problems to start systemd-nspawn containers on Leap 15, newly installed from the latest cd image.
Wanted to post this to opensuse-factory but mail was rejected…

A container that works without problem on Ubuntu 16.04 does not work on the latest Leap beta. It is hard to say exactly what is wrong, one symptom is that I can’t get a shell on container “test” that was imported using machinectl import-raw :

machinectl shell test

Failed to get shell PTY: No machine ‘test’ known

However journalctl complains about a number of things. Below in the email extract from journalctl after

machinectl start test

I notice error messages such as

kernel: cgroup: cgroup2: unknown option “nsdelegate”
Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Couldn’t move remaining userspace processes, ignoring: Input/output error
var-run.mount: Mount process exited, code=exited status=32
[FAILED] Failed to mount Runtime Directory.

etc…

The container was created using mkosi, with the following mkosi.default contents:

[Distribution]
Distribution=opensuse
Release=15

[Output]
Format=raw_btrfs

[Packages]
BuildPackages=
gcc
libacl-devel
libcurl-devel
libzstd-devel
openssl-devel
pkgconfig
wget

Packages=
xauth
xterm
vim
openssh
wget
firewalld
iputils
net-tools
net-tools-deprecated
iproute2
bridge-utils
man
nss-systemd

Is this a problem with the Leap 15 beta? Would be good if someone can confirm machinectl / nspawn works for them

uname -a

Linux linux-boyx 4.12.14-lp150.7-default #1 SMP Thu Mar 22 13:27:06 UTC 2018 (48e5be3) x86_64 x86_64 x86_64 GNU/Linux

systemd-nspawn --version

systemd 234
+PAM -AUDIT +SELINUX -IMA +APPARMOR -SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN default-hierarchy=hybrid

Best regards,

Claes

Apr 07 20:19:19 linux-boyx systemd[1]: Starting Container test…
Apr 07 20:19:19 linux-boyx kernel: loop4: p1
Apr 07 20:19:19 linux-boyx kernel: BTRFS info (device loop4p1): turning on discard
Apr 07 20:19:19 linux-boyx kernel: BTRFS info (device loop4p1): disk space caching is enabled
Apr 07 20:19:19 linux-boyx kernel: BTRFS info (device loop4p1): has skinny extents
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Selected user namespace base 1240662016 and range 65536.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Timezone Europe/Stockholm does not exist in container, not updating container timezone.
Apr 07 20:19:20 linux-boyx systemd-machined[11399]: New machine test.
Apr 07 20:19:20 linux-boyx systemd-udevd[13352]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Apr 07 20:19:20 linux-boyx systemd[1]: Started Container test.
Apr 07 20:19:20 linux-boyx kernel: cgroup: cgroup2: unknown option “nsdelegate”
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: systemd 237 running in system mode. (+PAM -AUDIT +SELINUX -IMA +APPARMOR -SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN -PCRE2 default-hierarchy=hybrid)
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Detected virtualization systemd-nspawn.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Detected architecture x86-64.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: [1B blob data]
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Welcome to openSUSE Tumbleweed!
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: [1B blob data]
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Couldn’t move remaining userspace processes, ignoring: Input/output error
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: File /usr/lib/systemd/system/systemd-journald.service:35 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Dispatch Password Requests to Console Directory Watch.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target Local Encrypted Volumes.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target Paths.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Created slice System Slice.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Listening on /dev/initctl Compatibility Named Pipe.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Listening on Network Service Netlink Socket.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Listening on Device-mapper event daemon FIFOs.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Created slice system-getty.slice.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target Swap.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Listening on Journal Socket (/dev/log).
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target Remote File Systems.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Listening on Journal Socket.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Mounting POSIX Message Queue File System…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting Journal Service…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target Local File Systems (Pre).
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: var-run.mount: Directory /var/run to mount over is not empty, mounting anyway.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Mounting Runtime Directory…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting Apply Kernel Variables…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Created slice User and Session Slice.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target Slices.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Mounted POSIX Message Queue File System.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: var-run.mount: Mount process exited, code=exited status=32
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: var-run.mount: Failed with result ‘exit-code’.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: [FAILED] Failed to mount Runtime Directory.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: See ‘systemctl status var-run.mount’ for details.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target Local File Systems.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting Restore /run/initramfs on shutdown…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Restore /run/initramfs on shutdown.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Apply Kernel Variables.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Journal Service.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting Flush Journal to Persistent Storage…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting Network Service…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Network Service.
Apr 07 20:19:20 linux-boyx kernel: IPv6: ADDRCONF(NETDEV_UP): host0: link is not ready
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Flush Journal to Persistent Storage.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting Create Volatile Files and Directories…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: [FAILED] Failed to start Create Volatile Files and Directories.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: See ‘systemctl status systemd-tmpfiles-setup.service’ for details.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting Update UTMP about System Boot/Shutdown…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Update UTMP about System Boot/Shutdown.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target System Initialization.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Discard unused blocks once a week.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Listening on D-Bus System Message Bus Socket.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target Sockets.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Daily Cleanup of Temporary Directories.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target Timers.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Reached target Basic System.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started D-Bus System Message Bus.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting Login Service…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting Generate issue file for login session…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting wicked DHCPv4 supplicant service…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting wicked DHCPv6 supplicant service…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting wicked AutoIPv4 supplicant service…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started wicked DHCPv4 supplicant service.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started wicked DHCPv6 supplicant service.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Login Service.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started wicked AutoIPv4 supplicant service.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting wicked network management service daemon…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started Generate issue file for login session.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started wicked network management service daemon.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting wicked network nanny service…
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: OK ] Started wicked network nanny service.
Apr 07 20:19:20 linux-boyx systemd-nspawn[13325]: Starting wicked managed network interfaces…
Apr 07 20:19:25 linux-boyx systemd-nspawn[13325]: [136B blob data]
Apr 07 20:19:25 linux-boyx systemd-nspawn[13325]: OK ] Reached target Network.
Apr 07 20:19:25 linux-boyx systemd-nspawn[13325]: OK ] Started Command Scheduler.
Apr 07 20:19:25 linux-boyx systemd-nspawn[13325]: Starting OpenSSH Daemon…
Apr 07 20:19:25 linux-boyx systemd-nspawn[13325]: OK ] Started OpenSSH Daemon.
Apr 07 20:19:25 linux-boyx systemd-nspawn[13325]: Starting Add host ssh key fingerprint to issue file…

First,
You have me at a bit of a disadvantage since systemd-nspawn is something I’ve generally played with (not getting too serious), I haven’t used mkosi or machinectl before.

But,
A quick read of the mkosi github project page suggests that’s where you should start.
I don’t notice any way that a mkosi-created image is really portable from one machine to another, but there are clear instructions how to create <and run> an image, all you need to do is provide the required configuration.

You don’t need machinectl to start your newly created mkosi image, and when you create your image it looks like it’s automatically listed in your HostOS’s directory of nspawn supported images.

That should address what perhaps is the most fundamental error that you posted.

And, only after that is fixed, then you can optionally try using machinectl to manage your images.

As for the output you posted that follows your signature,
Since it doesn’t seem to contain any errors, I assume that’s not from running on openSUSE, perhaps from when you’re running on Ubuntu.

Finally…
In order to make posts more readable, we encourage all posts to use the

 tags liberally for all types of stdout, logs, code and more. When you use the Forum Post Editor, it's the button with the hash (#).

And one more...
I think you're missing some packages from your mkosi config, and that's aside from

zypper
make

And, I don't know your complete mkosi config file, but note the requirement to specify all necessary dependencies if you don't use distribution packages to build your images.

HTH,
TSU

I am unsure actually if it is the mkosi image itself that is the problem actually, given that the same image worked on Ubuntu 16.04. But I should not rule it out, and intend to test with another image vs nspawn and machinectl first. Thanks for the input!

Two things…
The actual act of creating the image using mkosi appears to register the image for use.
That’s possibly the most fundamental error you posted, that the name of the container wasn’t found.

The other is that although I haven’t actually created an image using mkosi, I’ve seen many other situations (especially chroot which is a close cousin in some ways of containers and was often seen in LXC containers) that HostOS resources might be integrated into the result… eg shared mount points. This is one of the main reasons for docker success… At the cost of a larger image, you can specify a complete OS build that contains a fully working, independent OS stub so that the entire image can be copied from one machine or distro to another. LXC doesn’t always do this, shared mount points were commonly configured, the result was that although the image was much smaller it broke portability.

Not knowing for sure how mkosi works, I can only point out that without knowing in detail how it works, there is precedent for images not being portable and need to be re-built each time on a different HostOS.

TSU