[systemd-devel] Removing image from /var/lib/machines

Peter Paule systemd-devel at fedux.org
Thu Feb 19 05:58:34 PST 2015 

Hi Lennart,

I reformatted my partition and tried again. :-) Importing now works,  
if I disabled the
verification.

   Feb 19 :52 host systemd-importd[483]: (transfer1) Pulling  
'https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz', saving as  
'tr
   Feb 19 :53 host systemd-importd[483]: (transfer1) Downloading  
177.7M for  
https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz.
   Feb 19 :53 host systemd-importd[483]: (transfer1) Got 1% of  
https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz.
   [...]
   Feb 19 :13 host systemd-importd[483]: (transfer1) Got 97% of  
https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz. 631ms left  
a
   Feb 19 :13 host systemd-importd[483]: (transfer1) Download of  
https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz  
complete.
   Feb 19 :14 host systemd-importd[483]: (transfer1) Created new local  
image 'trusty-server-cloudimg-amd64-root'.
   Feb 19 :14 host systemd-importd[483]: (transfer1) Operation  
completed successfully.
   Feb 19 :14 host systemd-importd[483]: (transfer1) Exiting.

With the verification enabled, I still get the following error. Is this a
problem of my setup or a systemd-problem?

   Feb 19 :19 host systemd-importd[454]: (transfer1) SHA256 checksum  
of  
https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz is  
va
   Feb 19 :19 host systemd-importd[454]: (transfer1) gpg: Signature  
made Thu 19 Feb 2015 08:09:48 AM UTC using RSA key ID 7DB87C81
   Feb 19 :19 host systemd-importd[454]: (transfer1) gpg: can't access  
'/root/.gnupg/trustdb.gpg': Permission denied
   Feb 19 :19 host systemd-importd[454]: (transfer1) gpg: Fatal: can't  
init trustdb: Trust DB error
   Feb 19 :19 host systemd-importd[454]: (transfer1) gpg failed with  
error code 2.
   Feb 19 :19 host systemd-importd[454]: (transfer1) Signature  
verification failed.

The trustdb exist:

# ls -al ~/.gnupg/trustdb.gpg
-rw------- 1 root root 40 Feb 18 :56 /root/.gnupg/trustdb.gpg

And changing permissions does not help either. The error still occures.

# ls -al ~/.gnupg/trustdb.gpg
-rw-r--r-- 1 root root 40 Feb 18 :56 /root/.gnupg/trustdb.gpg


Another problem occures, when I try to remove an image.

   # machinectl list-images
   NAME                              TYPE      RO  USAGE  CREATED       
                MODIFIED
   trusty-server-cloudimg-amd64-root subvolume no  342.1M Thu  
2015-02-19 :55 UTC n/a

It fails with "Access Denied".

   # machinectl remove trusty-server-cloudimg-amd64-root
   Could not remove image: Access denied

What works is to delete the sub-volumes with `btrfs`:

   btrfs subvolume delete /var/lib/machines/middleman-presentation/ -c

I'm new to btrfs. Anything I did wrong?

   cat /etc/fstab
   UUID=<uuid> /var/lib/machines btrfs  
defaults,noatime,autodefrag,compress=lzo,space_cache 0 0

This is the output of mount

   mount
   /dev/vda2 on /var/lib/machines type btrfs  
(rw,noatime,compress=lzo,space_cache,autodefrag)


This is my partition table

   # lsblk -f
   NAME       FSTYPE LABEL    UUID           MOUNTPOINT
   sr0
   vda
   ├─vda1     ext4   ROOT     96f6d71f-[...] /
   └─vda2     btrfs  vol_data 3c7d72be-[...] /var/lib/machines

These are the permissions of /var/lib/machines

   # ls -al /var/lib/machines/
   drwxr-xr-x  1 root root  152 Feb 19 :49  
.tar-https:\x2f\x2fcloud-images\x2eubuntu\x2ecom\x2ftrusty\x2fcurrent\x2ftrusty-server-cloudimg-amd64-root\x2etar\x2egz.\x221480894-b1b5eac-50f67d4b17100\x22
   drwxr-xr-x  1 root root  152 Feb 19 :49 trusty-server-cloudimg-amd64-root

   # ls -al /var/lib/machines/ -d
   drwxr-xr-x 1 root root 380 Feb 19 :53 /var/lib/machines/

On log message comes up when issuing the command

   Feb 19 :35 host kernel: BTRFS: could not find root 8

I fixed this by enabling quotas, but the error message mentioned above still
occures. Maybe the quota stuff should be mentioned in the readme?

   # btrfs quota enable /var/lib/machines/

   # btrfs qgroup show /var/lib/machines/
   qgroupid         rfer         excl
   --------         ----         ----
   0/5          16.00KiB     16.00KiB
   0/259       346.54MiB    656.00KiB
   0/260       346.34MiB    452.00KiB

With the btrfs-filesystem download docker images now works fine:

   # machinectl pull-dkr maxmeyer/middleman-presentation --verify=no  
--dkr-index-url=https://index.docker.io

   Enqueued transfer job 1. Press C-c to continue download in background.
   Pulling 'maxmeyer/middleman-presentation' with tag 'latest', saving  
as 'middleman-presentation'.
   Download of  
https://index.docker.io/v1/repositories/maxmeyer/middleman-presentation/images  
complete.
   Index lookup succeeded, directed to registry registry-1.docker.io.
   Downloading 66B for  
https://registry-1.docker.io/v1/repositories/maxmeyer/middleman-presentation/tags/latest.
   Download of  
https://registry-1.docker.io/v1/repositories/maxmeyer/middleman-presentation/tags/latest  
complete.
   [..]
   Pulling layer  
22c10b421ad6ddd39f4575d986a5746a8937643f411aeff165e191f64badc824...
   Downloading 921B for  
https://registry-1.docker.io/v1/images/22c10b421ad6ddd39f4575d986a5746a8937643f411aeff165e191f64badc824/layer.
   Downloading 32B for  
https://registry-1.docker.io/v1/images/22c10b421ad6ddd39f4575d986a5746a8937643f411aeff165e191f64badc824/layer.
   Download of  
https://registry-1.docker.io/v1/images/22c10b421ad6ddd39f4575d986a5746a8937643f411aeff165e191f64badc824/layer  
complete.
   Completed writing to layer  
/var/lib/machines/.dkr-22c10b421ad6ddd39f4575d986a5746a8937643f411aeff165e191f64badc824.
   Pulling layer  
0b96aecef60ef11b68fb1d88618af4a412a357e65f2671e7c26b77eec38261e4...
   Downloading 921B for  
https://registry-1.docker.io/v1/images/0b96aecef60ef11b68fb1d88618af4a412a357e65f2671e7c26b77eec38261e4/layer.
   Downloading 32B for  
https://registry-1.docker.io/v1/images/0b96aecef60ef11b68fb1d88618af4a412a357e65f2671e7c26b77eec38261e4/layer.
   Download of  
https://registry-1.docker.io/v1/images/0b96aecef60ef11b68fb1d88618af4a412a357e65f2671e7c26b77eec38261e4/layer  
complete.
   Completed writing to layer  
/var/lib/machines/.dkr-0b96aecef60ef11b68fb1d88618af4a412a357e65f2671e7c26b77eec38261e4.
   Created new local image 'middleman-presentation'.
   Operation completed successfully.
   Exiting.

Running them looks good! Maybe you want to add a warning, that CMD and
ENTRYPOINT from Dockerfile are ignored. At least it looks like that.

Thanks a lot,

Cheers
/pp

More information about the systemd-devel mailing list