LXC writeable shared storage - best practice

linum

Renowned Member
Sep 25, 2011
99
3
73
How do you add writeable and shared storage to an unpriviled LXC Container?

We want to start several (so called build) nodes (on different proxmox servers) that simply said will create the binaries for our open source projects (https://nettworks.org). These binaries need to be stored on a shared storage (another server, a dedicated storage server). Since you can't easily mount a nfs/cifs/whatever share inside an unpriviled lxc container we need a generic solution that is somewhat "supported". What is recommended way for this requirement?
 
How do you add writeable and shared storage to an unpriviled LXC Container?

We want to start several (so called build) nodes (on different proxmox servers) that simply said will create the binaries for our open source projects (https://nettworks.org). These binaries need to be stored on a shared storage (another server, a dedicated storage server). Since you can't easily mount a nfs/cifs/whatever share inside an unpriviled lxc container we need a generic solution that is somewhat "supported". What is recommended way for this requirement?

mount it on the host, bind mount it into the container (see PVE Admin Guide). add uid/gid mappings if needed for write access (see other forum threads concerning exactly this problem)
 
Your hint "(see other forum threads concerning exactly this problem)" is exactly why I'm asking this with the "best practice" suffix. I spend the last weekend searching for an easy and recommended solution to this problem. But I didn't find one that seems to adress all issues. It seems the LXC container subsystem is missing a generic uid/gid mapping solution. And with "generic" I mean one that is capable of mapping several uid/gid inside a container so several other uid/gid outside.
 
Your hint "(see other forum threads concerning exactly this problem)" is exactly why I'm asking this with the "best practice" suffix. I spend the last weekend searching for an easy and recommended solution to this problem. But I didn't find one that seems to adress all issues. It seems the LXC container subsystem is missing a generic uid/gid mapping solution. And with "generic" I mean one that is capable of mapping several uid/gid inside a container so several other uid/gid outside.

not sure what you mean with generic, but LXC uses regular user name spaces, and has a config key for adding maps. PVE will respect lxc.idmap and pass it a long to LXC. any maps you add need to be valid according to /etc/subuid and /etc/subgid . more details can be found in the lxc.container.conf , subuid, subgid, user_namespaces man pages ;)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!