How to add hard drive attached to host to an LXC

S

Smoochii

New Member
Jun 2, 2024
24
7
3
Hello,

I have a hard drive that is attached to the host that I've been using for backups. I mounted it with fstab to be at /home/backups on the host. I then created a Directory on the node to be able to store backups in. Now I created an LXC with turnkey to add an SMB share and what I want to do now is give this hard drive to the LXC so that I can use it for file share. I want to be able to create directories for specific things (documents, videos, etc...) but I also want to have a folder for backups since this directory will now be gone for proxmox to use. Is it possible for the LXC to use the drive and then proxmox load it is a samba share to use for backups? Is this advised?

Basically I just want to allow the drive to be accessible to both the host and the LXC (the LXC is really for my iPad and laptop to access) if possible.

The file structure will probably be something like

drive
|-- Storage
|-- Backups
|-- Documents
|-- Videos
 
You can mount the /home/backups directory from the host into the container with a bind mount.
Code: 
pct set <container_id> -mp0 /home/backup,mp=/path/in/container

However, if you are using an unprivileged container, you will run into the problem that all files show up as being owned by nobody in the container. To fix this, you need to configure UID/GID mapping as explained here:
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers#Using_local_directory_bind_mount_points
 
Last edited:
Hi Filip -- I am trying to do something similar, but instead of a separate hard drive or a network share, I want to store database files from influxdb in my /mnt/glusterfs filesystem on the host, to take advantage of the zfs raid + HA. I'd rather not size the LXC to how large the database might grow, so just using a directory under /mnt/glusterfs seemed like a way to go. I've tried suggestions from a number of sources, and in each case I'm not able to get permission to do anything in the mount within the LXC. I'd like to try the approach in the thread you linked above, but frankly the way it jumps into the UID mapping is extremely hard for me to comprehend. Could I ask for an example of how to do that for my (I think) simple case where I want the user influxdb with UID 999 and GID 996 in the LXC to be able to read and write into a glusterfs directory on the host? (Sorry to hijack this thread, but regardless of whether the mount is a network share, a hard disk, or an existing file store, the confusion seems to be with the UID mapping, so maybe this can help.) Thanks, Johh
 
So you want to map UID 999 and GID 996 in the container to a UID and GID on the host that has access to /mnt/glusterfs. Let us say that /mnt/glusterfs is owned by UID 999 and GID 996 on the host.
Code: 
chown -R 999:996 /mnt/glusterfs

Then you have to map
- UID 999 in the container to UID 999 on the host
- GID 996 in the container to GID 996 on the host

First map UIDs 0-998 in the container to 100000-100998 on the host:
Code: 
lxc.idmap = u 0 100000 999

Then map UID 999 in the container to 999 on the host:
Code: 
lxc.idmap = u 999 999 1

And finally map the remaining UIDs 1000-65535 in the container to 101000-165535 on the host:
Code: 
lxc.idmap = u 1000 101000 64536

Repeat this for GID 996:
Code: 
lxc.idmap = g 0 100000 996
lxc.idmap = g 996 996 1
lxc.idmap = g 997 100997 64539

Remember to allow the mapping of UID 999 in /etc/subuid:
Code: 
root:999:1

And allow the mapping of GID 996 in /etc/subgid:
Code: 
root:996:1
 
Thank you, Filip! One clarification -- in /etc/subuid and /etc/subgid there are already lines for root (in subuid, "root:100000:65536". Do I replace the existing line, add a new one (so there are now two "root" lines)?

I've tried this adding the lines and it "works" except that it seems that within the container the influxdb user is treated as "other" rather than owner or group -- e.g., with permissions set as 775 on the host, the container can only read but can't write. If I set permissions to 777, then I can read/write/delete in the LXC. Does that indicate a problem with my mapping?

Thanks!
 
Last edited:
You add a new line, so there are two.
 
While I think I've done this correctly, host permissions act strangely. e.g., root cannot change ownership of files in the mounted directory, though "sudo -u influxdb touch fred" will create the file owned by influxdb.

In case I copied something wrong, here are relevent bit of the lxc conf file:
Code: 
mp0: /mnt/glusterfs/influxdb_data,mp=/mnt/influxdb_data
lxc.idmap: u 0 100000 999
lxc.idmap: u 999 999 1
lxc.idmap: u 1000 101000 64536
lxc.idmap: g 0 100000 996
lxc.idmap: g 996 996 1
lxc.idmap: g 997 100997 64539
Here are subuid and subgid:
Code: 
root@pve-1-1:/etc/pve/lxc# cat /etc/subuid
root:100000:65536
root:999:1
jra:165536:65536
root@pve-1-1:/etc/pve/lxc# cat /etc/subgid
root:100000:65536
root:996:1
jra:165536:65536
Here are the permissions of the directory on the host (I'd rather have it be 755, but for testing I opened up):
Code: 
root@pve-1-1:/etc/pve/lxc# ls -dn /mnt/glusterfs/influxdb_data
drwxrwxrwx 3 999 996 5 Oct 22 11:58 /mnt/glusterfs/influxdb_data
And here are the lines in /etc/passwd and /etc/group on the container:
Code: 
influxdb:x:999:996::/var/lib/influxdb:/bin/false
influxdb:x:996:

I am so close, yet so far. :)
 
Last edited:
n8ur said:
While I think I've done this correctly, host permissions act strangely. e.g., root cannot change ownership of files in the mounted directory, though "sudo -u influxdb touch fred" will create the file owned by influxdb.

In case I copied something wrong, here are relevent bit of the lxc conf file:
Code: 
mp0: /mnt/glusterfs/influxdb_data,mp=/mnt/influxdb_data
lxc.idmap: u 0 100000 999
lxc.idmap: u 999 999 1
lxc.idmap: u 1000 101000 64536
lxc.idmap: g 0 100000 996
lxc.idmap: g 996 996 1
lxc.idmap: g 997 100997 64539
Here are subuid and subgid:
Code: 
root@pve-1-1:/etc/pve/lxc# cat /etc/subuid
root:100000:65536
root:999:1
jra:165536:65536
root@pve-1-1:/etc/pve/lxc# cat /etc/subgid
root:100000:65536
root:996:1
jra:165536:65536
Here are the permissions of the directory on the host (I'd rather have it be 755, but for testing I opened up):
Code: 
root@pve-1-1:/etc/pve/lxc# ls -dn /mnt/glusterfs/influxdb_data
drwxrwxrwx 3 999 996 5 Oct 22 11:58 /mnt/glusterfs/influxdb_data
And here are the lines in /etc/passwd and /etc/group on the container:
Code: 
influxdb:x:999:996::/var/lib/influxdb:/bin/false
influxdb:x:996:

I am so close, yet so far. :)
Click to expand...
Did you ever figure this out? I'm having the worst time trying to understand this.
 
You must log in or register to reply here.
Top Bottom