Now that ZFS with overlay support is available in ZFS 2.2 and Proxmox 8, I decided to test it out with podman in an lxc container.
Out of the box, it didn't work. Giving the standard message from podman that overlays are not supported on a ZFS file system. FWIW docker gives the same message, but...
impacts percona-server 8.0 (mysql fork) also.
If I add the following to the server config:
[mysqld]
innodb_log_file_size = 4194304
innodb_page_size = 65536
I can get the server to start.
Magic is in the increasing of the innodb_page_size. Smells like a zfs bug.
I checked the zfs-grub git repo, but I don't see any updates since the end of 2019.
Will the Proxmox team be updating the grub packages to address this advisory soon?
If not, is it safe to replace with the upstream non-pve versions if we're not using zfs...
I have had this same problem on two different RHEL 7 container VM's.
The OS shows full memory (4 gig) and exhausts swap, but proxmox shows very little memory used by the VM (400 megabytes).
Only thing that gets it back to normal is to reboot the container and wait for it to happen again... which...
So the new way to do this is using the features option in the pve container config.
I had to make a small patch to get rpc_pipefs support working:
--- a/PVE/LXC/Config.pm 2018-10-22 18:37:14.141835351 +0000
+++ b/PVE/LXC/Config.pm 2018-10-22 18:37:19.117868146 +0000
@@ -283,7 +283,7...
Looks like there is a new "features" option which merges in "supporting" things with a "generated" apparmor profile.
https://forum.proxmox.com/threads/lxc-security-nesting.44726/#post-224873
https://forum.proxmox.com/threads/lxc-security-nesting.44726/#post-225454
See the pct.conf man page...
When re/starting containers I see some new things:
/var/lib/lxc/100/config contains config I've never seen before (automatically added on container restart):
lxc.apparmor.profile = generated
lxc.apparmor.raw = deny mount -> /proc/,
lxc.apparmor.raw = deny mount -> /sys/...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.