Network/Device issue with LXD installation using dhis2-server-tools

mv_evans · 17 July 2025 16:53

This is a sysadmin issue by someone who is not very familiar with sysadmin or LXD, so apologies in advance if this is a very simple question.

I am trying to install a dhis2 using the dhis2-server-tools. When it reaches the creation of the dhis, monitor, postgres, and proxy container creation I get the following error:

fatal: [monitor]: FAILED! => {"actions": [], "changed": false, "msg": "Failed creating instance record: Failed initialising instance: Invalid devices: Device validation failed for \"eth0\": Cannot use manually specified ipv4.address when using unmanaged parent bridge"}

However the network and device seem to exist and are managed:

$ lxc profile show default
config:
  environment.TZ: Africa/Nairobi
description: Default LXD profile
devices:
  eth0:
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by:
- /1.0/instances/test-container

$ lxc network list
+--------+----------+---------+----------------+-------------------------+-------------+---------+---------+
|  NAME  |   TYPE   | MANAGED |      IPV4      |          IPV6           | DESCRIPTION | USED BY |  STATE  |
+--------+----------+---------+----------------+-------------------------+-------------+---------+---------+
| ens5   | physical | NO      |                |                         |             | 0       |         |
+--------+----------+---------+----------------+-------------------------+-------------+---------+---------+
| lxdbr0 | bridge   | YES     | 10.XX.XXX.1/24 | fd42:XXXX:88:aee5::1/64 |             | 2       | CREATED |
+--------+----------+---------+----------------+-------------------------+-------------+---------+---------+

I’ve manually hidden some digits of the IP addresses above, they are not normally X. Is there a config I need to make to my default profile to solve this issue? I’m on Debian 12 using lxd version 5.0.2.

Thank you in advance!

tkipkurgat · 18 July 2025 12:13

Hi Michelle Evans,

The error you’re encountering:

Failed creating instance record: Failed initialising instance: Invalid devices: Device validation failed for "eth0": Cannot use manually specified ipv4.address when using unmanaged parent bridge

typically occurs when LXD tries to use a manually created (unmanaged) bridge while assigning a static IP address.

The dhis2-server-tools setup assumes that all LXD resources, including networking, are managed directly by LXD. It usually sets up a lxdbr1 bridge
Looking at your LXD profile, I see you’re using lxdbr0. Can you confirm the following?

Is lxdbr0 the same interface defined under lxd_bridge_interface in your inventory/hosts file?
Was lxdbr0 created automatically by LXD, or did you create it manually?

You can check the status of your LXD networks using:

lxc network list

On my setup, the output clearly marks lxdbr0 as managed. If the bridge is unmanaged, assigning static IPs in the container config will fail—resulting in the same error you’re seeing.

Let me know what the output of lxc network list shows on your end.

+-----------+----------+---------+---------------+------+-------------+---------+---------+
|   NAME    |   TYPE   | MANAGED |     IPV4      | IPV6 | DESCRIPTION | USED BY |  STATE  |
+-----------+----------+---------+---------------+------+-------------+---------+---------+

| lxdbr1    | bridge   | YES     | 172.19.2.1/24 | none |             | 1       | CREATED |
+-----------+----------+---------+---------------+------+-------------+---------+---------+

mv_evans · 18 July 2025 13:43

I restarted the installation on a new server to ensure that it wasn’t an issue with me having created a network manually in the past and continue to have the same issue. lxc network list shows the bridge as managed, and this is the same bridge as is listed in the inventory/hosts file:

$lxc network list
+--------+----------+---------+----------------+---------------------------+-------------+---------+---------+
|  NAME  |   TYPE   | MANAGED |      IPV4      |           IPV6            | DESCRIPTION | USED BY |  STATE  |
+--------+----------+---------+----------------+---------------------------+-------------+---------+---------+
| enp0s3 | physical | NO      |                |                           |             | 0       |         |
+--------+----------+---------+----------------+---------------------------+-------------+---------+---------+
| lxcbr0 | bridge   | NO      |                |                           |             | 0       |         |
+--------+----------+---------+----------------+---------------------------+-------------+---------+---------+
| lxdbr1 | bridge   | YES     | 10.176.23.1/24 | fd42:9120:380f:c60d::1/64 |             | 1       | CREATED |
+--------+----------+---------+----------------+---------------------------+-------------+---------+---------+

$ cat dhis2-server-tools/deploy/inventory/hosts
# required for connection variables to 127.0.0.1
127.0.0.1
 
# proxy
[web]
proxy  ansible_host=172.19.2.2


# database hosts
[databases]
postgres  ansible_host=172.19.2.20


# dhis2 hosts
[instances]
dhis  ansible_host=172.19.2.11  database_host=postgres  dhis2_version=2.42 proxy_rewrite=True


# monitoring hosts
[monitoring]
monitor   ansible_host=172.19.2.30 


# integration server/container
[integration]

# variables applying to all hosts, 
[all:vars]
# if you do not set fqdn, you dhis2 will be set up with selfsigned certificate
fqdn=
# required for LetsEncrypt certificate notification. 
email=


# timedatectl list-timezones to list timezones
timezone=Africa/Nairobi

# Options: lxd, ssh defaults to lxd. 
ansible_connection=lxd


# Host IP seen by PostgreSQL when DB is on another network (e.g., LXD containers with NAT).
# Needed for pg_hba.conf since LXD container traffic is NATed and appears to be from Host IP, not container IP

# PostgreSQL version to be installed
postgresql_version=16

# monitoring
server_monitoring=munin
app_monitoring=glowroot


# lxd
lxd_network=172.19.2.1/24 
lxd_bridge_interface=lxdbr1
guest_os=22.04
# Options: amd64,arm64,armhf, defaults_to amd64
guest_os_arch=amd64
# lxd_source_server=
# lxd_source_protocol=


# Options: nginx, apache2 defaults to nginx
proxy=nginx


# Options: letsencrypt, customssl, selfsigned, default(letsencrypt if fqdn is defined else selfsigned )
TLS_TYPE=letsencrypt


# instances group variables,
[instances:vars]
database_host=postgres
create_db=yes  
JAVA_VERSION=11 


# NOTE: if dhis2_war_file and dhis2_version are both defined, dhis2_war_file takes precedence  
# dhis2_war_file="https://releases.dhis2.org/40/dhis2-stable-40.4.0.war"
# dhis2_war_file=/full/path/dhis2.war
dhis2_version=2.40


# whether dhis2 should be upgraded automatically to the latest defined version. 
dhis2_auto_upgrade=false
unattended_upgrades=yes

Both are using lxdbr1, which is a managed bridge and in the default profile:

$ lxc profile show default
config: {}
description: Default LXD profile
devices:
  eth0:
    name: eth0
    network: lxdbr1
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by: []

tkipkurgat · 18 July 2025 19:40

Your inventory hosts file specifies the lxd_network with the IP block 172.19.2.1/24, but the output from lxc network list shows lxdbr1 using 10.176.23.1/24. It’s unclear why there’s a mismatch in your environment.

Which OS are you using? We’ve tested the automated deployment on Ubuntu 22.04 and 24.04.

mv_evans · 22 July 2025 05:51

It’s Debian 12.0, so maybe the issue comes from there? I’ll keep investigating and see if I can’t pinpoint the problem. Thanks for your help!

tkipkurgat · 22 August 2025 07:24

Yeah, mostly likely.
The tools have been tested only on ubuntu22.04 and Ubuntu 24.04