How to share bulk storage across guests using Samba or mount points?

[pancakes]

I've setup my hardware storage layer using LVM/LVM thin, and now I'm trying to figure out how to share bulk storage across guests (e.g. between a Debian server and a Jellyfin container) in such a way that it's not included in container back-ups. I've found two approaches:

1. Samba on Proxmox host / mount in guest. Problem: auto-mount & security.
2. Using Proxmox bind mount points. Problem: Looks clean, but don't understand ownership mapping.

For Samba, what doesn't work somehow is is auto-mounting. In /etc/fstab, I have:

//pve.lan/bulk /mnt/bulk   cifs    credentials=/root/.smbcredentials,rw,uid=pancakes,gid=users,auto,x-systemd.automount,_netdev      0       0

however I get the error at boot stating "Starting of mnt-bulk.automount not supported.", which I understand is due to some container restrictions. Any idea how to solve this in an unprivileged container? Running mount -a does magically work. A hack would be to crontab this with @reboot, but there must be a better solution.

Also, for Samba I'd prefer to run the service in a guest instead of on the Proxmox host for security reasons. Is this possible at all while keeping the contents out of a Proxmox backup? I had the idea this is principally impossible, and I'm stuck running Samba on the Proxmox host.

For Proxmox bind mount points, it works when I use:

pct set 200 -mp0 /mnt/bulk,mp=/mnt/bulk

except I don't fully understand the working of this:

1. Can I use a bind mount point in multiple containers simultaneously at all?
2. Host and container have the same UID/GID, how to ensure this makes sense? Do I need the same users/uid on host and container? (E.g. 'backupuser' with uid 1010 on both Proxmox host and guest?). One idea I had was to use UID/GID mapping.
3. How can I unmount a mountpoint from commandline? pct unset doesn't exist, pct set 200 -mp0 doesn't work.

Hope somebody can point me in the right direction, thanks!

 

[alexskysilk]

Can I use a bind mount point in multiple containers simultaneously at all?

Yes

Host and container have the same UID/GID, how to ensure this makes sense? Do I need the same users/uid on host and container? (E.g. 'backupuser' with uid 1010 on both Proxmox host and guest?). One idea I had was to use UID/GID mapping.

You have a decision to make, and it depends on whether you need to do anything to the data FROM THE HOST. if you dont, just make the mapping the same for all guests and ignore the host.

How can I unmount a mountpoint from commandline? pct unset doesn't exist, pct set 200 -mp0 doesn't work.

I expect you'd need to do that inside the container, but why?

 

[pancakes]

Thanks @alexskysilk . I've set it up on one host and it seems to work the /etc/subuid and /etc/subgid files were a bit tricky but this tool helped.

The reason for unmounting was because I wanted to test different configs in my guest.

 

[pkr]

Thanks @alexskysilk . I've set it up on one host and it seems to work the /etc/subuid and /etc/subgid files were a bit tricky but this tool helped.

The reason for unmounting was because I wanted to test different configs in my guest.

thanks for sharing this tool
are you able to point me to a good resource to further learn the host UID/GID and guest UID/GID
also, how do i find out what are my host & guest UID/GID