Restore unprivileged container to LVM

[oliwel]

Hi,

I use LVM as backend storage and try to restore a backup of an unprivileged container but I get a permission problem: "tar: ./bin: Cannot mkdir: Permission denied".

I think that I need to mount/create the LVM storage with some extra option to allow write access for the mapped user but don't know what is missing. I was unable to get "pct restore" to create the LVM device itself, so I created it from the Shell (the lvm is backed from a fibrechannel SAN which causes a slight delay till the device appears, perhaps this is a problem?):

lvcreate -n slow/vm-2106-disk-1 -L25G
lvchange -ay slow/vm-2106-disk-1
mkfs.ext4 /dev/mapper/slow-vm--2106--disk--1

After this, I use pct restore with the expected machine options:

pct restore 2106 vzdump-lxc-2106-2018_03_18-13_59_25.tar.lzo --arch amd64 --cores 4 --hostname testme --memory 2048 --net0 name=eth0,bridge=vmbr0,gw=192.168.200.1,hwaddr=96:3EF:29:AD:5E,ip=192.168.200.199/24,type=veth --ostype debian --swap 2048 -ignore-unpack-errors 1 --unprivileged 1

The command spits out a line like "tar: ./bin: Cannot mkdir: Permission denied" for any item in the archive and finally terminates with an error.

Can anybody please point me to the right way to restore this container?

best regards

Oliver

 

[dcsapak]

I was unable to get "pct restore" to create the LVM device itself

what exactly was the problem? this should work (run pct as root)

The command spits out a line like "tar: ./bin: Cannot mkdir: Permission denied" for any item in the archive and finally terminates with an error.

make sense since the filesystem root root as owner and not the correct permissions (it uses the user with id '100000' )

 

[oliwel]

what exactly was the problem? this should work (run pct as root)

The device is just not created (or at least not found, perhaps due to a delay introduced by the SAN driver?) - the pcr restore fails with "volume not found". I just recognized that above command was not the complete one I used - I set the rootfs with

--rootfs volume=san-slow-1:vm-2106-disk-1,size=25G

I also tried to add the name of the volume group

--storage san-slow-1

make sense since the filesystem root root as owner and not the correct permissions (it uses the user with id '100000' )

Yes thats the obvious - but how do I tell pct restore to mount the volume with approprate permissions?

Oliver

 

[oliwel]

This is the exact error message:

can't activate LV '/dev/slow/vm-2199-disk-1': Failed to find logical volume "slow/vm-2199-disk-1"

it also does not appear using "lvs", so I think it is not created. Is the notation I used for the volume correct?

Oliver

 

[dcsapak]

The device is just not created (or at least not found, perhaps due to a delay introduced by the SAN driver?) - the pcr restore fails with "volume not found". I just recognized that above command was not the complete one I used - I set the rootfs with

the complete task log would be helpful

Yes thats the obvious - but how do I tell pct restore to mount the volume with approprate permissions?

after creating the ext4, just mount it and 'chown 100000:100000 /path/to/the/mount/point'

 

[dcsapak]

it also does not appear using "lvs", so I think it is not created. Is the notation I used for the volume correct?

--rootfs volume=san-slow-1:vm-2106-disk-1,size=25G

no, you have to give it just a size, e.g.

--rootfs san-slow-1:25

this is special syntax to create a volume instead of using an existing one

 

[oliwel]

Thank you for the fast reply, creating it with this syntax works and mounting the rootfs first also does the job.

Would be nice to have this mentioned in the docs more clearly.