lxc.hook.pre-start clarification

[almku]

According to lxc.container.conf manual page lxc.hook.pre-start is "A hook to be run in the host's namespace".
But from what I see it's not quite so:

1. /etc/pve/lxc/125.conf contains the following line

lxc.hook.pre-mount: /etc/pve/lxc/${LXC_NAME}.mount​

2. /etc/pve/lxc/125.mount is a shell script:

#!/bin/sh
share="10.1.9.254:/nfs/mail
mntpoint="/mnt/nfs/mail"
echo ip -4 a >&2
/sbin/ip -4 a >&2
/sbin/showmount -e 10.1.9.254 >&2
/sbin/mount.nfs4 -vo rw,soft,nosuid,noacl,nolock,nocto,noatime,nodiratime,noac $share $mntpoint​

Executing lxc-start -Fn 125 gives the following output:

ip -4 a
clnt_create: RPC: Port mapper failure - Unable to send: errno 101 (Network is unreachable)
/sbin/mount.nfs4 -vvvo rw,soft,nosuid,noacl,nolock,nocto,noatime,nodiratime,noac 10.1.9.254:/mnt/raidpool/nfs/mail /mnt/nfs/mail
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting 10.1.9.254:/mnt/raidpool/nfs/mail
lxc-start: conf.c: run_buffer: 342 Script exited with status 32
lxc-start: conf.c: do_rootfs_setup: 3805 failed to run pre-mount hooks for container '125'.
lxc-start: conf.c: lxc_setup: 3892 Error setting up rootfs mount after spawn
lxc-start: start.c: do_start: 736 failed to setup the container
lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 2
lxc-start: start.c: __lxc_start: 1211 failed to spawn '125'​

Note that actual running of "/sbin/ip -4 a" produces no output. Looks like the mount script has been put into the container's network namespace, which is created but not set up yet.

I want to make my nfs mounting task a scalable solution. I do not want to edit fstab on each and every Proxmox host within my cluster (though their number is not so big). I just don't know how else can I do it.
Any ideas?

 

[dietmar]

You cannot use the lxc.hook.pre-start directly with pct. We use that hook internally.

 

[dietmar]

Maybe you want to define a NFS storage, then use the mountpoint feature (--mp0 ...)?

Although that is not exactly the same because it mounts a raw image on NFS ...

 

[almku]

Well, I can accept NFS storage as a work-around. Thank you.

Can I hope your team will ever implement pre-start hook functionality for pct?

 

[almku]

I mistakenly replaced "pre-start" with "pre-mount" which gave the described result.
pre-start shows network configured and even shows exports on remote hosts. But little did it help mounting:

ip -4 a
[snip]
7: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
inet 10.1.9.56/24 brd 10.1.9.255 scope global eth1
valid_lft forever preferred_lft forever
Export list for 10.1.9.254:
/mnt/raidpool/nfs/mail 10.1.9.0
/sbin/mount.nfs4 -vvvo rw,soft,nosuid,noacl,nolock,nocto,noatime,nodiratime,noac 10.1.9.254:/mnt/raidpool/nfs/mail /mnt/nfs/mail
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting 10.1.9.254:/mnt/raidpool/nfs/mail​

I'm sorry I edited previous output (like rename nfs share, etc). I tried to keep it tidy

 

[dietmar]

You could also mount the NFS share on the host side, then use a bind mount:

# pct set <VMID> --mp0 /path/on/host,mp=/path/inside/guest

 

[almku]

Yeah. I understand that. Using the bind mounting of storage is the most simple and transparent way. Thank you

 

[wbumiller]

General note: actually a adding a pre-start hook should be fine since any hooks added to the container config should run after ours.
About the script: Note that if you want to mount something into your container you'll want to mount it relative to $LXC_ROOTFS_PATH.
As for the permission error - are you sure your host has access to the NFS via the 10.1.9.254 ip (as in, do you also mount it on the host with that IP or do you have a separate subnet for your containers where when mounting from the host's network namespace the source IP might not match the permissions of your nfs exports file?)

 

[almku]

In my case it doesn't matter where I mount nfs share. At least for now.
Yes. I'm absolutely sure this script works when it is called from hosts command line. This share can be mounted as storage at Datacenter level.