Proxmox LXC, Docker, NFS, and the beast.

G

geist325

New Member
Jan 9, 2023
7
0
1
Howdy! I'm sure what I'd like to do is possible, however I'm not having any luck so far.
I have a Debian 11 based unprivileged LXC, pretty much everything works fine. Many of my Docker configs however, I'd like to offload to an NFS share.
I'd followed this guide,
https://forum.proxmox.com/threads/tutorial-mounting-nfs-share-to-an-unprivileged-lxc.138506/

, and have the NFS shares mounted on the Proxmox host (via FSTAB), and they are present on the LXC container as well.
Getting a console on the LXC, I have full permissions on the share to create, modify, and delete files/folders.
I've installed Docker on this LXC, following this guide:
https://benheater.com/proxmox-run-docker-on-linux-containers-lxc/

I've modified the *.conf to reflect:
mp0: /directory/,mp=/directory
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
(I also run Tailscale within the container)

Now here's where the problem happens:

Creating Docker containers/volumes is just fine, however, when I attempt to bind the config directory in my Docker container to a directory on the NFS share, I get:
chmod: changing permissions of '/config': Operation not permitted
chown: changing ownership of '/config': Operation not permitted

I'm missing something here, I'm just not sure where!
Any guidance would be greatly appreciated, thanks guys!
 
Last edited:
Hmm, that did not seem to do the trick for me unfortunately. I've verified the appropriate changes both on the host and within the LXC config.
subuid.png

LXC.png

I still get errors when trying to start the Docker container (running from the LXC), pointing to a storage config bind on the NFS share.
init.png
 
I'm replying from my phone, so my apologies if my initial response wasn't clear. That second link I posted with the Proxmox LXC workaround pertains more to joining LXC to an Active Directory domain and allowing users with high numbered uids and gids to authenticate. I was simply trying to give you some references where I've had to come up with some workarounds to the uid/gid mismatch in various scenarios with unprivileged LXC.

The first link I shared would be more relevant as it pertains to allowing a LXC to map a NFS share where the LXC root user uid/gid doesn't map to root's uid/gid on the host.

Adding the uid/gid mapping as you've shown in your screenshot probably won't help in any way. You can remove those uid /gid mappings from your lxc.conf file. Try checking out that first link where you might have to use a NFS squash option to allow the mapping given the uid/gid mismatch.
 
Last edited:
Gotcha, I appreciate it!

I think I understand what the issue is, but unsure how to take a corrective measure relevant to my particulat setup here.
 
I did try that, does not seem to care. It's a little complex, with a network share, Proxmox mount, translation to the LXC, and then Docker.
I have now tried the same with mounting via SSHFS via the pve host, same results, it has to be the way that the pve host is handing the NFS/SSHFS mount to the LXC.
 
Okay! I have it working with CIFS. I suppose I missed a part, it just has to be this way, with CIFS.

fstab on pve host:
//sambaserver/share/ /localdirectory cifs _netdev,x-systemd.automount,noatime,uid=100000,gid=110000,dir_mode=0777,file_mode=0777,user=myuser,pass=mypass) 0 0

Done!
 
Last edited:
What did you do differently this time that wasn't done before? Would be great to know the solution for future folks exploring the forums.

Was it just a matter of passing an explicit uid+gid?
 
I'm still pretty new, and not intimately familiar with Proxmox.
It seems to be a matter of requiring the specific options given in a CFS/Samba share, as I've tried just about everything else I can think of I've typically found NFS to have the best performance, but with my knowledge could not make it work with that protocol.
I have one container that's being a bit problematic, but that one's not even important.
My 15 Docker containers are up and running, in an LXC (Debian 12), with their config/storage directory located on a CFS share/mount.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back