Installing Ubuntu packages in LXD container fails

Installation
1

Hello,

In a LXD container (Ubuntu Server 20.04) I tried to install privacyIDEA using the Python Package Index method and, with some struggles, it worked. However, I just don’t understand how to move further in making the server available to my LDAP server manager (LAM, ldap-account-manager.org). Basically, I assume I should install and configure apache, but I’m not sure what that config should look like. So…

I tried installing using the Ubuntu packages. It seemed to be working so well and then this:

Errors were encountered while processing:
 privacyidea-apache2
E: Sub-process /usr/bin/dpkg returned an error code (1)

Now, whenever I try to run apt again (like for installing something), it again tries to complete the install of PI and presents this:

rngd: no process found
dpkg: error processing package privacyidea-apache2 (--configure):
 installed privacyidea-apache2 package post-installation script subprocess returned error exit status 1
Processing triggers for man-db (2.9.1-1) ...
Errors were encountered while processing:
 privacyidea-apache2
E: Sub-process /usr/bin/dpkg returned an error code (1)

This is what I get when I tail the logs:

Oct 25 11:14:54 idea systemd[1]: Stopping The Apache HTTP Server...
Oct 25 11:14:54 idea systemd[1]: apache2.service: Succeeded.
Oct 25 11:14:54 idea systemd[1]: Stopped The Apache HTTP Server.
Oct 25 11:14:54 idea systemd[1]: Starting The Apache HTTP Server...
Oct 25 11:14:54 idea systemd[1]: Started The Apache HTTP Server.
Oct 25 11:14:55 idea rngd: RNDADDENTROPY failed: Operation not permitted
Oct 25 11:14:56 idea dbus-daemon[192]: [system] Activating via systemd: service name='org.freedesktop.PackageKit' unit='packagekit.service' requested by ':1.25' (uid=0 pid=7989 comm="/usr/bin/gdbus call --system --dest org.freedeskto" label="unconfined")
Oct 25 11:14:56 idea systemd[1]: Starting PackageKit Daemon...
Oct 25 11:14:56 idea PackageKit: daemon start
Oct 25 11:14:56 idea dbus-daemon[192]: [system] Successfully activated service 'org.freedesktop.PackageKit'
Oct 25 11:14:56 idea systemd[1]: Started PackageKit Daemon.
Oct 25 11:15:01 idea CRON[8030]: (privacyidea) CMD (/opt/privacyidea/bin/privacyidea-cron run_scheduled -c)

Can anyone shed some light on this or guide me in some way?

Thanks much.
John

2

It looks like this could address (maybe not fix) my problem.

Is there a way I can essentially insert this, given that I’m use apt?

John

3

So, I discovered (or at least believe) that the installation of the apt package privacyidea-apache2 eventually calls rngd and attempts to add entropy to the kernel. This might be fine on bare hardware, but unprivileged LXD containers can’t do that. So the install was failing.

I still don’t know if this action is wise, but I discovered that I can configure an existing LXD container to be a privileged container, install privacyidea-apache2, and revert the container back to an unprivileged container, and the install and subsequent functioning of privacyIDEA works fine. Experimentation will continue.

4

There was a problem that some (virtual) machines got stuck during the creation of RSA-keys because they ran out of entropy. IIRC the problem is that not all VM-manager/Container-manager allow accessing the hosts random-pool.
Generating the PGP-key for the token-seed exchange uses the blocking /dev/random which blocks the installation. We might skip this step in the future and generate the key on demand.