Can I install MicroStack in an LXD Container?

I am interested in experimenting with MicroStack prior to installing it on bare metal. I would like to install the snap on an LXD container.

I have an empty/new Ubuntu 20.10 container on an ubuntu 20.10 host. When I attempt to run the command: snap install microstack --beta, I receive the following errors.

error: cannot perform the following tasks:

- Start snap “microstack” (222) services ([start snap.microstack.load-modules.service] failed with exit status 1: Job for snap.microstack.load-modules.service failed because the control process exited with error code.
See “systemctl status snap.microstack.load-modules.service” and “journalctl -xe” for details.
)

I see the following errors in the logs:

Dec 23 21:48:32 microstack systemd[1]: /lib/systemd/system/plymouth-start.service:17: Unit configured to use KillMode=none. This is unsafe, as it disables systemd’s process lifecycle management for the service. Please update your service to use a safer KillMode=, such as ‘mixed’ or ‘control-group’. Support for KillMode=none is deprecated and will eventually be removed.
Dec 23 21:48:32 microstack systemd[1]: /lib/systemd/system/dbus.service:12: Unit configured to use KillMode=none. This is unsafe, as it disables systemd’s process lifecycle management for the service. Please update your service to use a safer KillMode=, such as ‘mixed’ or ‘control-group’. Support for KillMode=none is deprecated and will eventually be removed.
Dec 23 21:48:33 microstack systemd[1]: systemd-udevd.service: Attaching egress BPF program to cgroup /sys/fs/cgroup/unified/system.slice/systemd-udevd.service failed: Invalid argument
Dec 23 21:48:33 microstack systemd[1]: systemd-hostnamed.service: Attaching egress BPF program to cgroup /sys/fs/cgroup/unified/system.slice/systemd-hostnamed.service failed: Invalid argument
Dec 23 21:48:33 microstack systemd[1]: systemd-logind.service: Attaching egress BPF program to cgroup /sys/fs/cgroup/unified/system.slice/systemd-logind.service failed: Invalid argument
Dec 23 21:48:33 microstack systemd[1]: systemd-journald.service: Attaching egress BPF program to cgroup /sys/fs/cgroup/unified/system.slice/systemd-journald.service failed: Invalid argument

Does anyone have experience running microstack under LXD?

Okay - more information. It appears that I may not have the right kernel modules installed on the host…

root@microstack:~# systemctl status snap.microstack.load-modules.service
● snap.microstack.load-modules.service
Loaded: not-found (Reason: Unit snap.microstack.load-modules.service not found.)
Active: failed (Result: exit-code) since Tue 2020-12-29 17:30:41 UTC; 2min 46s ago
Main PID: 4928 (code=exited, status=1/FAILURE)

Dec 29 17:30:41 microstack microstack.load-modules[5021]: modprobe: WARNING: Module vfio not found in directory /lib/modules/5.8.0-33-generic
Dec 29 17:30:41 microstack microstack.load-modules[5021]: modprobe: WARNING: Module nbd not found in directory /lib/modules/5.8.0-33-generic
Dec 29 17:30:41 microstack microstack.load-modules[5021]: modprobe: WARNING: Module dm-mod not found in directory /lib/modules/5.8.0-33-generic
Dec 29 17:30:41 microstack microstack.load-modules[5021]: modprobe: WARNING: Module dm-thin-pool not found in directory /lib/modules/5.8.0-33-generic
Dec 29 17:30:41 microstack microstack.load-modules[5021]: modprobe: WARNING: Module dm-snapshot not found in directory /lib/modules/5.8.0-33-generic
Dec 29 17:30:41 microstack microstack.load-modules[5021]: modprobe: WARNING: Module iscsi-tcp not found in directory /lib/modules/5.8.0-33-generic
Dec 29 17:30:41 microstack microstack.load-modules[5021]: modprobe: WARNING: Module target-core-mod not found in directory /lib/modules/5.8.0-33-generic
Dec 29 17:30:41 microstack systemd[1]: snap.microstack.load-modules.service: Main process exited, code=exited, status=1/FAILURE
Dec 29 17:30:41 microstack systemd[1]: snap.microstack.load-modules.service: Failed with result ‘exit-code’.
Dec 29 17:30:41 microstack systemd[1]: Failed to start Service for snap application microstack.load-modules.

Hi @robert-sherwood. Thank you for the question!

MicroStack can run in a virtual machine (we do a lot of internal testing with vms spun up with multipass), but it cannot trivially be run in a container. In addition to the missing kernel modules, which could be solved by running a privileged container, there are various app armor rules that MicroStack triggers. You’d need to set up a custom profile to turn off those rules. And at that point, you’ve given the application as much access to the system as it has when simply installed as a snap.

~ PeteVG

Peter, thanks for the reply. I will try Multipass or bare metal.

This is very old topic but in case if you can not found a solution yet, I would like to share my solution:
first: you need to install lxd from snap repository.
then;
launch a container with:

lxc launch ubuntu:20.04 name-of-your-container -c security.privileged=true -c security.nesting=true -c “linux.kernel_modules=iptable_nat, ip6table_nat, ebtables, openvswitch”

login with lxc shell name-of-your-container and proceed with apt update & upgrade.

the trick is making this symbolic link:

ln -s /bin/true /usr/local/bin/udevadm

without this link microstack will not be installed fully.

final step installing microstack:

snap install microstack --devmode --beta

then you can go with:

microstack add-compute

after that you can add compute node or use it as it is.

ps. for UI login
username: admin
and you will get your password with:
snap get microstack config.credentials.keystone-password
command.

I hope this info can help someone to keep their hairs on…