[TUTORIAL] Homeserver - How to make a LXC based Xubuntu 20.04 Desktop Enviroment Container with SNAP and "GPU Passthru" VA-API (Intel i915)

PSteinberg

New Member
Nov 28, 2019
7
5
3
36
Hey folks,

So i try to write a tutorial as good as I can do now.

We start with a Use Case

The Use Case: Did not want to loose the grapics power of my i5 3xxx (Ivy Bridge)
an could not use a Virtual Graphics Card, neither did vifo + iommu work in a VM. ( I tried very very hard)
I WANTED TO HAVE AT LEAST ONE VM WHICH WAS NOT KILLING MY PROCESSOR WHEN I OPEN A Openbox WIndow ;)

Research:
So long story short: i found an entry article about someone wo solved it quiet nice
link: Cool HowTo by Konpat Preechakul

Anyways because of the "xrdp-pulseaudio-installer", which is availabe as a package at Ubuntu 18.04, i kept it this way (in short: you have sound via RDP Session to linux client) . Until I found out Ubuntu 18 is only capable of h.264 with this setup.

On the other way there was a new cool xrdp v 1.2 script by c-nergy.be - which made it possible to compile the xrdp-pulseaudio-installer within Ubuntu 20.04

So as you get bored of stories here finally all the steps I made, to have a "LXC based Xubuntu 20.04 Desktop Enviroment Container with SNAP and VAPI (Intel i915)"
(Which was big pain in my a55. )

1. Make a new privileged (means not unpriviliged) CT in your Proxmox with an Ubuntu 20.04 template and do NOT boot it up immediatly

2. login to your PVE 6.x either local via Webinterface (Shell) or via ssh

apt install nano
#<ID> is the Number of your PV Container e.g. 101
#nano /etc/pve/lxc/<ID>.conf
nano /etc/pve/lxc/101.conf
Code:
arch: amd64
cores: 2
features: mount=fuse,fuse=1,nesting=1
hostname: morpheus-desktop
memory: 1536
net0: name=eth0,bridge=vmbr0,hwaddr=AB:CD:EF:12:34:00,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-101-disk-0,size=8G
swap: 512
lxc.apparmor.raw: mount,
lxc.mount.entry: /dev/fuse dev/fuse none bind,create=file 0 0
lxc.cap.drop:
lxc.cap.drop: mac_override sys_time sys_module sys_rawio
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: c 226:0 rwm
lxc.cgroup.devices.allow: c 226:128 rwm
lxc.cgroup.devices.allow: c 4:7 rwm
lxc.cgroup.devices.allow: c 29:0 rwm
lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
lxc.mount.entry: /dev/tty7 dev/tty7 none bind,optional,create=file
lxc.mount.entry: /dev/fb0 dev/fb0 none bind,optional,create=file

#It should look like this


3. login in locally via proxomox and do he usual update procedure, an installation of tasksel and the xubuntu-desktop enviroment (exact this way, I had problems when i mixed things up here)
Code:
apt update
apt upgrade -y
apt install i965-va-driver
apt install tasksel
taksel install xubuntu-desktop

4. Add Sudo User (because no ssh to root in ubuntu by default)
Code:
adduser morpheus
usermod -aG sudo morpheus
su morpheus

5. Download c-nergy script v 1.2, install unzip, unzip the script, give it exexution rights, execute it
Code:
wget http://c-nergy.be/downloads/xRDP/xrdp-installer-1.2.zip
sudo apt instal unzip xrdp-installer-1.2.zip
sudo chmod +x xrdp-installer-1.2.sh
./xrdp-installer-1.2.sh -s
# the -s is for the sound option aka the xrdp-pulse-audio blah
sudo shutdown -f now
Afterwards you have to go to
Autostart (in AFCE)
Add Programm -> Terminal Options -> Run in Temrinal -> /usr/bin/pulseaudio -k

-> "pulseaudio -k" loads the modul after the Desktop is available


6. Start the CT 101 / Container again via Proxmox.
-> If everything is set up right you should see a Picture via HDMI or Displayport of your Proxmox 6.x Hypervisor - the xfce4 login screen to be exact
-> lmod | grep i915 should generate output on your continer

7. Congrats, half way thru

8. install stuff you willl need later on your continer
Code:
sudo apt install xfc4 xfce4-goodies

9. Set your Applications for your Applications Menu right (Nearly no App was working properly, when I install Xubuntu and logged in via XRDP - Setting were nearly not possible)
Code:
#cp /usr/share/applications/*.desktop /home/<USERNAME>/.local/share/applications/
cp /usr/share/applications/*.desktop /home/morpheus/.local/share/applications/

10. Make Application entries work - This is a fix for a non fully functional working XRDP Enviroment under XFCE
cd /home/morpheus/.local/share/applications/
sed -i.bak '10d;11d;12d' *.desktop

TIP: In case you still have problems, and need to do settings
-> open console and type "xfce4-settings-manager"

11. Set polkit right so you can reboot and shutdown in xour RDP Session
Link: HowTo set polkit right for XRDP Shutdown and Reboot CLICK ME
Code:
nano /usr/share/polkit-1/actions/org.freedesktop.login1.policy
<action id="org.freedesktop.login1.power-off-multiple-sessions">
  <description>Power off the system while other users are logged in</description>
  <message>Authentication is required for powering off the system while other users are logged in.</message>
  <defaults>
    <allow_any>yes</allow_any>
    <allow_inactive>yes</allow_inactive>
    <allow_active>yes</allow_active>
  </defaults>
  <annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.power-off</annotate>
</action>

and a bit beow
Code:
<action id="org.freedesktop.login1.reboot-multiple-sessions">
  <description>Reboot the system while other users are logged in</description>
  <message>Authentication is required for rebooting the system while other users are logged in.</message>
  <defaults>
    <allow_any>yes</allow_any>
    <allow_inactive>yes</allow_inactive>
    <allow_active>yes</allow_active>
  </defaults>
  <annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.reboot</annotate>
</action>

12. Solve SNAP Problems in LXC with Proxmox -

I dunno if I really needed that, but iI installed it
Code:
sudo apt install squashfuse
see step 2.
Code:
lxc.apparmor.raw: mount,
lxc.mount.entry: /dev/fuse dev/fuse none bind,create=file 0 0
lxc.cap.drop:
lxc.cap.drop: mac_override sys_time sys_module sys_rawio
lxc.apparmor.profile: unconfined


13. check vapi support
Code:
sudo apt install vainfo
sudo vainfo

error: XDG_RUNTIME_DIR not set in the environment.
error: can't connect to X server!
libva info: VA-API version 1.7.0
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so
libva info: Found init function __vaDriverInit_1_7
libva error: /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so init failed
libva info: va_openDriver() returns 1
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so
libva info: Found init function __vaDriverInit_1_6
libva info: va_openDriver() returns 0
vainfo: VA-API version: 1.7 (libva 2.6.0)
vainfo: Driver version: Intel i965 driver for Intel(R) Ivybridge Mobile - 2.4.0
vainfo: Supported profile and entrypoints
      VAProfileMPEG2Simple            : VAEntrypointVLD
      VAProfileMPEG2Simple            : VAEntrypointEncSlice
      VAProfileMPEG2Main              : VAEntrypointVLD
      VAProfileMPEG2Main              : VAEntrypointEncSlice
      VAProfileH264ConstrainedBaseline: VAEntrypointVLD
      VAProfileH264ConstrainedBaseline: VAEntrypointEncSlice
      VAProfileH264Main               : VAEntrypointVLD
      VAProfileH264Main               : VAEntrypointEncSlice
      VAProfileH264High               : VAEntrypointVLD
      VAProfileH264High               : VAEntrypointEncSlice
      VAProfileH264StereoHigh         : VAEntrypointVLD
      VAProfileVC1Simple              : VAEntrypointVLD
      VAProfileVC1Main                : VAEntrypointVLD
      VAProfileVC1Advanced            : VAEntrypointVLD
      VAProfileNone                   : VAEntrypointVideoProc
      VAProfileJPEGBaseline           : VAEntrypointVLD


14. (sorry i forgot)

Code:
sudo apt install xserver-xorg-video-intel
sudo mkdir /etc/X11/xorg.conf.d/
sudo nano  /etc/X11/xorg.conf.d/20-intel.conf

##ADD Following
 Section "Device"
  Identifier   "Intel Graphics"
  Driver   "intel"
  Option   "AccelMethod" "sna"
  Option   "TearFree" "true"
EndSection
#SAVE&EXIT

inxi -G

Graphics:
  Device-1: Intel 3rd Gen Core processor Graphics driver: i915 v: kernel 
  Display: x11 server: X.Org 1.20.8 driver: intel resolution: 1920x1080~50Hz 
  OpenGL: renderer: llvmpipe (LLVM 10.0.0 256 bits) v: 3.3 Mesa 20.0.8

^^ if it shows that, Xorg is runing on intel :)
TIP: In case you wann run GTK (GUI) programs as sudo/root

Code:
export XAUTHORITY="$XDG_RUNTIME_DIR"/Xauthority
xhost +SI:localuser:root
xhost +SI:localuser:morpheus


NOW connect with any RDP Client to your VM and enjoy the GPU working with your Desktop Enviroment and you can use your CPU power for more useful stuff.

I hope the tuorial is exact and you can have some fun :) - BTW you can use your hypervisor now to watch movies on your TV for example if you install x11vnc

(UPDATE 25.09.2020)
Tests:
1920 x 1080@25Hz Youtube Video with 0 Drops out of 1000 with 30% utilization @ 2 x 2,1 GHz cores
2560 x 1440@25Hz Youtube Video with 1 Drop out of 1000 with 67% utilization @ 2 x 2,1 GHz cores
3840 x 2160@25Hz Youtube Video with 30 Drops out of 1000 with 100% utilization @ 2 x 2,1 GHz cores (i could give th LXC Container mores cores now, but I do not really ned 4k right now)

+ XRDP is using some CPU for the transfer - i would be still lag free on the HDMI Output of the server.

Cheers PSteinberg
 
Last edited:

PSteinberg

New Member
Nov 28, 2019
7
5
3
36
@ChristG661: I reply before the original reply is accepted :D - yes - it is working on CTRL+ 7 (Terminal Output 7 ) on the HDMI of the Proxmox hypervisor - read "Cool HowTo by Konpat Preechakul" for further infromation.

Worked with Ubuntu 18.04 - there i connected the local hardware mouse and keyboard and worked with this desktop.
Now I only tried output on Ubuntu 20.04 without login- it was working, because the hypervisor is in a remote area (other side of the living room ;) )

Good Luck!
 
Last edited:

ChrisG661

New Member
May 12, 2020
4
0
1
40
@PSteinberg, somehow my messages are deleted and some icons are disappearing here(totally unrelated). Anyway, HDMI output from LXC works on my laptop and i am able to run graphical app and control it with my keyboard and touchpad. However, the snap is not working, and it appears to be a bug(?). Searching through the forum gave the same settings as yours, so i'm not sure what is the problem. When installing snap app in the container, i get this error:
Code:
error: cannot perform the following tasks:
- Setup snap "moonlight" (975) security profiles (cannot setup udev for snap "moonlight": cannot reload udev rules: exit status 1
udev output:
Failed to send reload request: No such file or directory
)
- Setup snap "moonlight" (975) security profiles (cannot reload udev rules: exit status 1
udev output:
Failed to send reload request: No such file or directory
)
- Setup snap "moonlight" (975) security profiles for auto-connections (cannot reload udev rules: exit status 1
udev output:
Failed to send reload request: No such file or directory
)
And in host dmesg theres this:
Code:
audit: type=1400 audit(1602761155.114:204): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.moonlight.moonlight" pid=12293 comm="apparmor_parser"
audit: type=1400 audit(1602761155.114:204): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.moonlight.moonlight" pid=12293 comm="apparmor_parser"
 

ChrisG661

New Member
May 12, 2020
4
0
1
40
@PSteinberg,
I do already have those in my config and my config only slightly differs in input and sound mount entry.
Here is my config
Code:
arch: amd64
cores: 2
features: mount=fuse,fuse=1,nesting=1
hostname: xubuntu-lxc
memory: 1536
net0: name=eth0,bridge=vmbr0,hwaddr=8E:8E:81:77:8D:1D,ip=dhcp,type=veth
ostype: ubuntu
rootfs: vm-data:vm-102-disk-0,size=80G
swap: 1024
lxc.apparmor.profile: unconfined
lxc.apparmor.raw: mount,
lxc.cap.drop:
lxc.cap.drop: mac_override sys_time sys_module sys_rawio
lxc.cgroup.devices.allow: c 226:0 rwm
lxc.cgroup.devices.allow: c 226:128 rwm
lxc.cgroup.devices.allow: c 4:7 rwm
lxc.cgroup.devices.allow: c 29:0 rwm
lxc.cgroup.devices.allow: c 116:* rwm
lxc.cgroup.devices.allow: c 13:* rwm
lxc.mount.entry: /dev/fuse dev/fuse none bind,create=file 0 0
lxc.mount.entry: /dev/dri/card0 dev/dri/card0 none bind,optional,create=file
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
lxc.mount.entry: /dev/tty7 dev/tty7 none bind,optional,create=file
lxc.mount.entry: /dev/fb0 dev/fb0 none bind,optional,create=file
lxc.mount.entry: /dev/snd dev/snd none bind,optional,create=dir
lxc.mount.entry: /dev/input dev/input none bind,optional,create=dir

I have also tried the steps you mentioned and in addition using latest kernel and reverting the apparmor features to stock.
The audit log has changed slightly though.
Code:
[  451.419417] audit: type=1400 audit(1602926160.387:44): apparmor="STATUS" operation="profile_load" profile="unconfined" name="snap.moonlight.moonlight" pid=7259 comm="apparmor_parser"
[  451.434794] audit: type=1400 audit(1602926160.403:45): apparmor="STATUS" operation="profile_load" profile="unconfined" name="snap-update-ns.moonlight" pid=7261 comm="apparmor_parser"
 

PSteinberg

New Member
Nov 28, 2019
7
5
3
36
@ChrisG661 :

1. Post Output of snap --version - this is my output
Code:
$ snap --version
snap    2.47
snapd   2.47
series  16
ubuntu  20.04
kernel  5.4.60-1-pve

2. I tested it with moonlight and super tux cart - and guess what - no snap installs possible with these anymore

The funny thing is, i have snaps installed.

Code:
$ snap list
Name               Version                     Rev    Tracking       Publisher     Notes
bluez              5.48-1                      229    latest/stable  canonical*    -
core               16-2.47                     10126  latest/stable  canonical*    core
core18             20200724                    1885   latest/stable  canonical*    base
core20             20                          634    latest/stable  canonical*    base
gnome-3-28-1804    3.28.0-19-g98f9e67.98f9e67  145    latest/stable  canonical*    -
gtk-common-themes  0.1-36-gc75f853             1506   latest/stable  canonical*    -
ncdu               1.11.8                      6      latest/stable  kz6fittycent  -
snapd              2.47                        9607   latest/stable  canonical*    snapd

so :) either it is the proxmox kernel update or there needs to be done some finetuning to the settings


3. please install $snap hello-world via console
Code:
$snap install hello-world

^^ that is also still working for me.

I test for myself and write if there is an update.
 
Last edited:

ChrisG661

New Member
May 12, 2020
4
0
1
40
My snap version is the very same as yours, except my kernel has been updated to 5.4.65-1-pve. I tried the hack in the bug report, and it fixed it
Code:
ln -s /bin/true /usr/local/bin/udevadm
It forces udev to always return 0 so it is not a proper fix.
 

ChrisG661

New Member
May 12, 2020
4
0
1
40
Installing the snaps works, it runs (i only tested running moonlight so far), although it can't access the IGD.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!