Backups not working with "unprivileged" containers.

[Alex Metcalre]

When creating a new container, if the "unprivileged" box is ticked, the container cannot be backed up.

Restoring a container as "unprivileged" means that it won't start.

Backing up VMs and "priviledged" containers works.

Hlep ...

PVE 5.4-6
Clustered.
One node from two has this problem.
Node has been rebooted.

 

[oguz]

hi,

what error do you get while trying to back up the unprivileged container?

 

[Alex Metcalre]

Hi,

The tar / permission denied one.




No problems on another node, no problems with existing (priviledged containers / unprivileged: no) containers, no problems with VM

Just this one very repeatable scenario. I've gone through every related post I can find about containers not backing up, but none fit this scenario.

Help appreciated.

 

[Alex Metcalre]

Hi folks,

Does this ring any bells?

- Alex

 

[ramrot]

This seems like a permissions problem with your /mnt/pve/proxmox-backups. The backup is running as the unprivileged user who has no permissions to write on that path. The privileged containers are not running as a mapped uid/gid. Try to set a more broad permissions on the backup directory and retry the backup

 

[Alex Metcalre]

Hi Ramrot,

Thanks for this, and I know what you mean. The crazy thing is that on the other node it works just fine.

 

[ramrot]

Does this completes successfully on both nodes?

lxc-usernsexec -m u:0:100000:65536 -m g:0:100000:65536 -- touch /mnt/pve/proxmox-backups/testfile

 

[Alex Metcalre]

Thanks Ramrot,

This failed on both nodes.
touch: cannot touch '/mnt/pve/proxmox-backups/testfile': Permission denied

 

[ramrot]

So it seems that you don't have the correct permissions. Are you using an nfs storage for the proxmox-backups directory? If so can you share the /etc/exports file from the nfs server and the /etc/fstab of the nfs client?

 

[Alex Metcalre]

Hi Ramrot,

Sorry for the delay:

/etc/exports
============

/volume2/proxmox-backups

10.30.200.85(rw,async,no_wdelay,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)
10.30.200.60(rw,async,no_wdelay,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)
10.30.200.80(rw,async,no_wdelay,no_root_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)

/etc/fstab
- it's a proxmox node, and so is empty.

This is the row from the cluster storage settings

 

[Alex Metcalre]

The priveldges for /mnt/pve/proxmox-backups are exactly the same on both nodes.

 

[ramrot]

I would remove the no_root_squash option ( which is not a bad thing to remove https://access.redhat.com/documenta...ring_nfs-do_not_use_the_no_root_squash_option ), remount the nfs storage and try again

 

[Alex Metcalre]

Did that. No change.

 

[Kaboom]

Alex, did you solve this problem?