[Bug 2095203] [NEW] `netplan apply` fails in LXD container with physical NIC passthrough
Wesley Hershberger
2095203 at bugs.launchpad.net
Fri Jan 17 21:52:39 UTC 2025
Public bug reported:
Hello,
When using physical NIC passthrough in LXD containers [1], netplan fails
when trying to run `udevadm`.
Using these LXD devices for the container, where enp6s0 is a spare physical NIC:
```
devices:
eth0:
name: eth0
nictype: physical
parent: enp6s0
type: nic
root:
path: /
pool: default
type: disk
```
This happens when netplan is run in the container:
```
$ sudo netplan apply
eth0: Failed to write 'move' to '/sys/devices/pci0000:00/0000:00:01.5/0000:06:00.0/virtio11/net/eth0/uevent': Permission denied
Traceback (most recent call last):
File "/usr/sbin/netplan", line 23, in <module>
netplan.main()
File "/usr/share/netplan/netplan_cli/cli/core.py", line 58, in main
self.run_command()
File "/usr/share/netplan/netplan_cli/cli/utils.py", line 332, in run_command
self.func()
File "/usr/share/netplan/netplan_cli/cli/commands/apply.py", line 62, in run
self.run_command()
File "/usr/share/netplan/netplan_cli/cli/utils.py", line 332, in run_command
self.func()
File "/usr/share/netplan/netplan_cli/cli/commands/apply.py", line 255, in command_apply
subprocess.check_call(['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle'])
File "/usr/lib/python3.12/subprocess.py", line 413, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle']' returned non-zero exit status 1.
$ apt-cache policy netplan.io
netplan.io:
Installed: 1.1.1-1~ubuntu24.04.1
Candidate: 1.1.1-1~ubuntu24.04.1
Version table:
*** 1.1.1-1~ubuntu24.04.1 500
500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
100 /var/lib/dpkg/status
1.0-2ubuntu1.2 500
500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
1.0-2ubuntu1 500
500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages
```
This occurs in Jammy and Noble containers.
A few things here:
udevadm changed its return code logic in Feb 2021 to return errors when
it fails to trigger devices. LXD does not handle udev in containers the
way systemd upstream recommends [2][3] (/sys is mounted rw), so udevadm
will trigger some devices and fail on others in a LXD container.
Snapd ran into this problem when the udevadm change made its way into
Ubuntu 21.10. They have a reasonable summary of the issue & their fix
[4]. This boils down to snapd simply ignoring errors from `udevadm
trigger`.
It should be pretty straightforward to do the same fix for netplan [5],
but I'd like someone with a little more exposure to the codebase to
weigh in on this.
Thanks!
[1] https://documentation.ubuntu.com/lxd/en/latest/reference/devices_nic/#nictype-physical
[2] https://github.com/systemd/systemd/issues/14431#issuecomment-570198194
[3] https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
[4] https://github.com/canonical/snapd/pull/11056#pullrequestreview-806332045
[5] https://github.com/canonical/netplan/blob/main/netplan_cli/cli/commands/apply.py#L255
** Affects: netplan
Importance: Undecided
Status: New
** Affects: netplan.io (Ubuntu)
Importance: Undecided
Status: New
** Affects: netplan.io (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: netplan.io (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: netplan.io (Ubuntu)
Importance: Undecided
Status: New
** Also affects: netplan.io (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: netplan.io (Ubuntu Noble)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to netplan.io in Ubuntu.
Matching subscriptions: foundations-bugs
https://bugs.launchpad.net/bugs/2095203
Title:
`netplan apply` fails in LXD container with physical NIC passthrough
Status in Netplan:
New
Status in netplan.io package in Ubuntu:
New
Status in netplan.io source package in Jammy:
New
Status in netplan.io source package in Noble:
New
Bug description:
Hello,
When using physical NIC passthrough in LXD containers [1], netplan
fails when trying to run `udevadm`.
Using these LXD devices for the container, where enp6s0 is a spare physical NIC:
```
devices:
eth0:
name: eth0
nictype: physical
parent: enp6s0
type: nic
root:
path: /
pool: default
type: disk
```
This happens when netplan is run in the container:
```
$ sudo netplan apply
eth0: Failed to write 'move' to '/sys/devices/pci0000:00/0000:00:01.5/0000:06:00.0/virtio11/net/eth0/uevent': Permission denied
Traceback (most recent call last):
File "/usr/sbin/netplan", line 23, in <module>
netplan.main()
File "/usr/share/netplan/netplan_cli/cli/core.py", line 58, in main
self.run_command()
File "/usr/share/netplan/netplan_cli/cli/utils.py", line 332, in run_command
self.func()
File "/usr/share/netplan/netplan_cli/cli/commands/apply.py", line 62, in run
self.run_command()
File "/usr/share/netplan/netplan_cli/cli/utils.py", line 332, in run_command
self.func()
File "/usr/share/netplan/netplan_cli/cli/commands/apply.py", line 255, in command_apply
subprocess.check_call(['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle'])
File "/usr/lib/python3.12/subprocess.py", line 413, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle']' returned non-zero exit status 1.
$ apt-cache policy netplan.io
netplan.io:
Installed: 1.1.1-1~ubuntu24.04.1
Candidate: 1.1.1-1~ubuntu24.04.1
Version table:
*** 1.1.1-1~ubuntu24.04.1 500
500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
100 /var/lib/dpkg/status
1.0-2ubuntu1.2 500
500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
1.0-2ubuntu1 500
500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages
```
This occurs in Jammy and Noble containers.
A few things here:
udevadm changed its return code logic in Feb 2021 to return errors
when it fails to trigger devices. LXD does not handle udev in
containers the way systemd upstream recommends [2][3] (/sys is mounted
rw), so udevadm will trigger some devices and fail on others in a LXD
container.
Snapd ran into this problem when the udevadm change made its way into
Ubuntu 21.10. They have a reasonable summary of the issue & their fix
[4]. This boils down to snapd simply ignoring errors from `udevadm
trigger`.
It should be pretty straightforward to do the same fix for netplan
[5], but I'd like someone with a little more exposure to the codebase
to weigh in on this.
Thanks!
[1] https://documentation.ubuntu.com/lxd/en/latest/reference/devices_nic/#nictype-physical
[2] https://github.com/systemd/systemd/issues/14431#issuecomment-570198194
[3] https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
[4] https://github.com/canonical/snapd/pull/11056#pullrequestreview-806332045
[5] https://github.com/canonical/netplan/blob/main/netplan_cli/cli/commands/apply.py#L255
To manage notifications about this bug go to:
https://bugs.launchpad.net/netplan/+bug/2095203/+subscriptions
More information about the foundations-bugs
mailing list