Passing a LSI 9266-8i RAID array to unprivileged LXC

Sandbo

Active Member
Jul 4, 2019
84
10
28
33
Sorry if I missed the tutorial in the Wiki, I tried to find the method but couldn't seem to see it.

I have a RAID 6 array under a PCI-E LSI 9266-8i RAID card. The RAID array forms a single 21 TB volume which is encrypted with LUKS, and it is normally locked in Proxmox host.

At the moment, I have a VM where I passed the RAID card to, and the decryption was done inside that VM, everything works fine in that case.

I wonder if the same can be done with LXC, as it can save me some resource. That is, can I pass the RAID array to LXC, and use cryptsetup to unlock it?
Within the LXC container, running lsblk I can see the target drive already:
Code:
root@CSCS:~# lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    0  21.9T  0 disk
sdb           8:16   0 465.8G  0 disk
|-sdb1        8:17   0 465.8G  0 part
`-sdb9        8:25   0     8M  0 part
sdc           8:32   0 465.8G  0 disk
|-sdc1        8:33   0 465.8G  0 part
`-sdc9        8:41   0     8M  0 part
nvme0n1     259:0    0   477G  0 disk
|-nvme0n1p1 259:1    0  1007K  0 part
|-nvme0n1p2 259:2    0   512M  0 part
`-nvme0n1p3 259:3    0 476.4G  0 part
However, when I try to unlock it, it failed:
Code:
root@CSCS:~# cryptsetup luksOpen /dev/sda targetRAIDArray
Device /dev/sda doesn't exist or access denied.
root@CSCS:~# cryptsetup luksOpen /sda targetRAIDArray
Device /sda doesn't exist or access denied.
root@CSCS:~#

Meanwhile, in Proxmox host it works:
Code:
root@pve:~# cryptsetup luksOpen /dev/sda nSpacetime
Enter passphrase for /dev/sda:

May I know what needs to be done to allow the access from LXC?




Update: (just an attempt, not working yet)
I tried to find the device to pass by
Code:
root@pve:/etc/pve/lxc# ls -al /dev
...
...
c---------  1 root root    242,   0 Aug 13 11:05 megaraid_sas_ioctl_node
...
...
brw-rw----  1 root disk      8,   0 Aug 13 11:05 sda
brw-rw----  1 root disk      8,  16 Aug 13 11:05 sdb
brw-rw----  1 root disk      8,  17 Aug 13 11:05 sdb1
brw-rw----  1 root disk      8,  25 Aug 13 11:05 sdb9
...
...
It looks like b 8:0 is what I need to allow. I then tried to add this line in the LXC's config:
lxc.cgroup.devices.allow: b 8:0 rwm
but it didn't work; I still cannot open the RAID array within the LXC.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!