systemd-resolved not functioning in Bookworm containers

Question

systemd-resolved not functioning in Bookworm containers

twrightsman opened this issue a year ago · comments

@ximion I don't think the workaround in 222dadb for #26 works for using debos in Debian Bookworm containers:

$ debspawn create bookworm
$ debspawn run --allow=kvm,read-kmods --cachekey=bookworm-resolved --external-command --init-command=prepare_container.sh --build-dir="$PWD" --artifacts-out="$PWD" bookworm build_image.sh

I get the following error while preparing the container:

┌─────────────────────────────┐
│  Preparing container        │
└─────────────────────────────┘
Ign:1 http://deb.debian.org/debian bookworm InRelease
Ign:1 http://deb.debian.org/debian bookworm InRelease
Ign:1 http://deb.debian.org/debian bookworm InRelease
Err:1 http://deb.debian.org/debian bookworm InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists...
W: Download is performed unsandboxed as root as file '/var/lib/apt/lists/partial/deb.debian.org_debian_dists_bookworm_InRelease' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
E: Failed to fetch http://deb.debian.org/debian/dists/bookworm/InRelease  Temporary failure resolving 'deb.debian.org'
E: Some index files failed to download. They have been ignored, or old ones used instead.
Command `apt-get -uyq -o Dpkg::Options::="--force-confnew" update` failed.
ERROR: Container setup failed.

I was able to get the container to build by following the suggestion in #26 and removing /etc/resolv.conf at the end of prepare_container.sh.

`prepare_container.sh`

#!/bin/sh

set \
    -o errexit \
    -o nounset

export DEBIAN_FRONTEND=noninteractive

apt-get install --yes --quiet \
        debos \
        kmod \
        udev \
        parted \
        cryptsetup \
        binfmt-support \
        systemd-resolved \
        ca-certificates

`build_image.sh`

#!/bin/bash

set \
  -o errexit \
  -o nounset \
  -o pipefail

debos \
  --fakemachine-backend=kvm \
  rootfs.yml

`rootfs.yml`

architecture: amd64

actions:
  - action: debootstrap
    suite: bookworm
    components:
      - main
    mirror: https://deb.debian.org

Matthias Klumpp · Answer 1 · Thu Jul 13 2023 04:01:31 GMT+0800 (China Standard Time)

Just to be sure: Which OS is debspawn running on, and what version of it are you running (debspawn --version)?

Travis Wrightsman · Answer 2 · Thu Jul 13 2023 06:43:26 GMT+0800 (China Standard Time)

D'oh! Sorry about that.

debspawn --version is 0.6.2, with Debian Bookworm as the host OS.

Matthias Klumpp · Answer 3 · Thu Jul 13 2023 07:34:52 GMT+0800 (China Standard Time)

Can you try the Git master version? There was an odd DNS issue with containers of this type (bookworm-on-bookworm) where /etc/hosts was missing but required. That could cause the issue you are seeing.

Travis Wrightsman · Answer 4 · Thu Jul 13 2023 08:28:45 GMT+0800 (China Standard Time)

Unfortunately, the error is the same using the Git master branch.

Side note: ./debspawn.py ls doesn't seem to find any container base images even though I ran ./debspawn.py create bookworm. Neither does the system-installed debspawn.

Matthias Klumpp · Answer 5 · Thu Jul 13 2023 08:42:34 GMT+0800 (China Standard Time)

Side note: ./debspawn.py ls doesn't seem to find any container base images even though I ran ./debspawn.py create bookworm. Neither does the system-installed debspawn.

That can't be, something must be wrong with your system... You would have to recreate the image for the changes in master to work, so using update --recreate or just create was right.
What does ls /var/lib/debspawn/images/ and cat /etc/debspawn/global.toml give you? Is there anything unusual about the setup?

Travis Wrightsman · Answer 6 · Thu Jul 13 2023 09:53:21 GMT+0800 (China Standard Time)

In my test I made sure to delete then create a bookworm image using the Git master version before trying ./debspawn.py run.

$ ./debspawn.py create bookworm
$ sudo ls -alh /var/lib/debspawn/images
total 158M
drwxr-x--- 3 root root 4.0K Jul 12 21:45 .
drwxr-x--- 5 root root 4.0K Oct 14  2022 ..
-rw-r----- 1 root root  202 Jul 12 21:45 bookworm-buildd-amd64.json
-rw-r----- 1 root root 158M Jul 12 21:45 bookworm-buildd-amd64.tar.zst
drwxr-x--- 2 root root 4.0K Jul 12 21:41 dcache
$ ./debspawn.py list
No container base images have been found!
$ sudo cat /etc/debspawn/global.toml
AllowUnsafePermissions=true

As for something wrong/unusual with my system/setup? Maybe. The umask 027 in my bashrc tends to cause package building surprises. Maybe debspawn list doesn't find anything because without gaining root it doesn't have permission to read the image directory.

Matthias Klumpp · Answer 7 · Sun Dec 10 2023 05:05:08 GMT+0800 (China Standard Time)

Odd... I thought I really fixed it with e455894 and can't reproduce it here anymore - I will leave this bug open though, and conduct a bit more edge-case and automated testing, especially since there are a few other issues that also have to be dealt with.