On installing Proxmox Backup Server to unprivileged LXC, I am running into an issue when attempting to create a local directory (zfs dataset) bind mount point via lxc.idmap as per this guide:
Unprivileged LXC containers. Once I create the lxc.idmapping, I am unable to access the webgui.
My setup is a NUC with Proxmox installed to ext4 mSATA SSD and zfs pool created on nVMe SSD.
I installed Debian 13 LXC via CT template to ext4 mSATA and set up Proxmox Backup Server as per:
https://pbs.proxmox.com/docs/
I am able to access the webgui at this stage. Next step is to set up the local directory bind mount point.
Create zfs dataset on zpool:
# zfs pool = store
# zfs dataset = pbs-test
zfs create store/pbs-test
Create bind mount point:
# container id = 19099
pct set 19099 -mp0 /store/pbs-test,mp=/mnt/pbs-test
Modify
etc/subuid and
etc/subgid:
# default backup user uid:gid on PBS is 34:34
root:100000:65536
huis:165536:65536
root:34:1
add lxc.idmapping to
/etc/pve/lxc/19099.conf:
lxc.idmap: u 0 100000 34
lxc.idmap: u 34 34 1
lxc.idmap: u 35 100035 65501
lxc.idmap: g 0 100000 34
lxc.idmap: g 34 34 1
lxc.idmap: g 35 100035 65501
Change ownership of bind mount point directory on the host:
chown -R 34:34 /store/pbs-test
However, once a local directory bind mount point is created, I can no longer access the webgui.
I get the following error messages when running debug command:
lxc-start -F -n 19099
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
Starting proxmox-backup.service - Proxmox Backup API Server...
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
Starting proxmox-backup.service - Proxmox Backup API Server...
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
[ OK ] Started postfix.service - Postfix Mail Transport Agent (main/default instance).
Starting proxmox-backup.service - Proxmox Backup API Server...
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
Starting proxmox-backup.service - Proxmox Backup API Server...
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
[FAILED] Failed to start proxmox-backup.service - Proxmox Backup API Server.
See 'systemctl status proxmox-backup.service' for details.
[FAILED] Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.
See 'systemctl status proxmox-backup-proxy.service' for details.
------------------------------------------------------------------------------
Welcome to the Proxmox Backup Server. Please use your web browser to
configure this server - connect to:
https://192.168.50.52:8007/
------------------------------------------------------------------------------
pbs login:
If I remove the lxc.idmap settings only, I can access the webgui once more. However, I cannot access the mount point from within PBS.
I am able to create a bind mount point if I eschew the lxc-idmap route and follow the steps outlined here:
https://blog.kye.dev/proxmox-zfs-mounts
