Well, very closely compare your "mp0: ..." line with the one I provided in the tutorial, you should be able to spot the issue on your own.
If you would have just used my commands then the error wouldn't have happened.
I was wondering, do you ever get messages like this when shutting down or rebooting?
Code:
Feb 02 01:38:08 jellyfin systemd[1]: mnt-nas.mount: Mount process exited, code=exited, status=32/n/a
Feb 02 01:38:08 jellyfin systemd[1]: Failed unmounting /mnt/nas.
Rebooting is much slower depending on the number of mounts involved.
I was wondering, do you ever get messages like this when shutting down or rebooting?
Code:
Feb 02 01:38:08 jellyfin systemd[1]: mnt-nas.mount: Mount process exited, code=exited, status=32/n/a
Feb 02 01:38:08 jellyfin systemd[1]: Failed unmounting /mnt/nas.
Rebooting is much slower depending on the number of mounts involved.
I am following this guide as I am struggling with a proxmox, an unpriviledged contailner running a docker compose with both gluetun and qbittorrent. I am close. however at point 2. I am supposed to add the user to the group. unfortunatelly I dont have a user (Plex, Jellyfin, etc) the qbittorrent container doesn't have a user therefore I am at a loss. Any hints on how to solve that would be appreciated.
I am following this guide as I am struggling with a proxmox, an unpriviledged contailner running a docker compose with both gluetun and qbittorrent. I am close. however at point 2. I am supposed to add the user to the group. unfortunatelly I dont have a user (Plex, Jellyfin, etc) the qbittorrent container doesn't have a user therefore I am at a loss. Any hints on how to solve that would be appreciated.
I don't understand where you're stuck? According to TheHellSite Step 1 is create user and shared folder, and add the user and the shared folder into group 1000 ( you do that in the LXC container). Step 2 is to do it in PVE Host , the don't understand your problem. What ever user name you created from step 1, should be the same user you must use in your qbittorrent on other apps. Where is the storage you are trying to mount in lxc? In the proxmox host or from NAS ???
I don't understand where you're stuck? According to TheHellSite Step 1 is create user and shared folder, and add the user and the shared folder into group 1000 ( you do that in the LXC container). Step 2 is to do it in PVE Host , the don't understand your problem. What ever user name you created from step 1, should be the same user you must use in your qbittorrent on other apps. Where is the storage you are trying to mount in lxc? In the proxmox host or from NAS ???
It's alright if you don't understand. I was hoping somebody else was in my situation while following this guide.
I read the instructions carefully. The first step is to create group. Not a user. I don't have any other users setup in my LCX (other than the ones created by the LCX itself. I checked with ~# cat /etc/passwd
is not correct. I haven't created a/another user. The docker LXC where I try to mount the shared CIFS does not have another user. But as somebody mentioned in the thread he used user 0 probably for the same reason. There may be security implications though. So I was wondering what was the correct workaround. I understand you got it working and I congratulate you, though. I got to do some more digging.
It's alright if you don't understand. I was hoping somebody else was in my situation while following this guide.
I read the instructions carefully. The first step is to create group. Not a user. I don't have any other users setup in my LCX (other than the ones created by the LCX itself. I checked with ~# cat /etc/passwd
Your statement:
is not correct. I haven't created a/another user. The docker LXC where I try to mount the shared CIFS does not have another user. But as somebody mentioned in the thread he used user 0 probably for the same reason. There may be security implications though. So I was wondering what was the correct workaround. I understand you got it working and I congratulate you, though. I got to do some more digging.
That’s what I ended up doing, thanks. This was the obvious thing to do. I may redo the configuration at some point.
This container nor the share will be directly exposed to the world.
One more thing that I did and may help someone with an old NAS like mine. In the line with the username and password for the share I added “vers=2” otherwise it would not mount the share. I knew that from previous struggles.
Total linux noob alert!
I'm struggling mounting the share on PVE host, i managed to do it manually using the GUI but when i try using the command in step 3 i get this:
Code:
mount /mnt/lxc_shares/nas_rwx
Couldn't chdir to /mnt/lxc_shares/nas_rwx: No such device
even though i created the mount point with mkdir -p /mnt/lxc_shares/nas_rwx.
Also, when i try to cd /mnt/lxc_shares it works and if i ls in it i see nas_rwx
Code:
/mnt/lxc_shares# ls
nas_rwx
/mnt/lxc_shares# cd /mnt/lxc_shares/nas_rwx
-bash: cd: /mnt/lxc_shares/nas_rwx: No such device
I'm sure i'm missing something stupid..i apologize in advance.
Thank you for this. Working great.
Had to do one minor edit (due to me playing around ).
The Lxc container needs the setting set to Protection: No. otherwise you will get a Permission Denied error when writing to the share.
Since unprivileged LXCs are not allowed to mount CIFS shares and priviliged LXCs are considered unsafe (for a reason) I was scraping my head around how to still have my NAS shares available in my LXCs, f.e. (Jellyfin, Plex, ...).
How does it work?
By default CIFS shares are mounted as user root(uid=0) and group root(gid=0) on the PVE host which makes them inaccessible to other users,groups and LXCs.
This is because UIDs/GIDs on the PVE host and LXC guests are both starting at 0. But a UID/GID=0 in an unprivileged LXC is actually a UID/GID=100000 on the PVE host. See the above Proxmox Wiki link for more information on this. @Jason Bayton's solution was to mount the share on the PVE host with the UID/GID of the LXC-User that is going to access the share. While this is working great for a single user it would not work for different LXCs with different users having different UIDs and GIDs. I mean it would work, but then you would have to create a single mount entry for your CIFS share for each UID/GID.
My solution is doing this slightly different and more effective I think.
You simply mount the CIFS share to the UID that belongs to the unprivileged LXC root user, which by default is always uid=100000.
But instead of also mounting it to the GID of the LXC root user, your are going to create a group in your LXC called lxc_cifs_shares with a gid=10000 which refers to gid=110000 on the PVE host. PVE host (UID=100000/GID=110000) <--> unprivileged LXC (UID=0/GID=10000)
How to configure it
1. In the LXC (run commands as root user)
Create the group "lxc_shares" with GID=10000 in the LXC which will match the GID=110000 on the PVE host. groupadd -g 10000 lxc_shares
Add the user(s) that need access to the CIFS share to the group "lxc_shares".
f.e.: jellyfin, plex, ... (the username depends on the application) usermod -aG lxc_shares USERNAME
Shutdown the LXC.
2. On the PVE host (run commands as root user)
Create the mount point on the PVE host. mkdir -p /mnt/lxc_shares/nas_rwx
Add NAS CIFS share to /etc/fstab.
_netdev Forces systemd to consider the mount unit a network mount. x-systemd.automount Automatically remounts the CIFS share in case the NAS went offline for some time. noatime Access timestamps are not updated when a file/folder is read. uid=100000,gid=110000 See part "How does it work?" paragraph two for explanation. dir_mode=0770,file_mode=0770 Only that uid/gid will have rwx access to the share. (PVE root user always has rwx to everything.)
!!! Adjust //NAS/nas/ in the middle of the command to match your CIFS hostname (or IP) //NAS/ and the share name /nas/. !!!
!!! Adjust user=smb_username,pass=smb_password at the end of the command. !!!
Code:
{ echo '' ; echo '# Mount CIFS share on demand with rwx permissions for use in LXCs (manually added)' ; echo '//NAS/nas/ /mnt/lxc_shares/nas_rwx cifs _netdev,x-systemd.automount,noatime,uid=100000,gid=110000,dir_mode=0770,file_mode=0770,user=smb_username,pass=smb_password 0 0' ; } | tee -a /etc/fstab
Mount the share on the PVE host. mount /mnt/lxc_shares/nas_rwx
Add a bind mount of the share to the LXC config. !!! Adjust the LXC_ID at the end of the command. !!!
Code:
You can mount it in the LXC with read+write+execute (rwx) permissions.
{ echo 'mp0: /mnt/lxc_shares/nas_rwx/,mp=/mnt/nas' ; } | tee -a /etc/pve/lxc/LXC_ID.conf
You can also mount it in the LXC with read-only (ro) permissions.
{ echo 'mp0: /mnt/lxc_shares/nas_rwx/,mp=/mnt/nas,ro=1' ; } | tee -a /etc/pve/lxc/LXC_ID.conf
I get stuck with step 3 and it get "resource busy error", any one else getting this?
I can go in to the NAS_rwx folder and can see the files from my nas share, does that mean that the mount already exists and probably why I am getting this error?
I can go in to the NAS_rwx folder and can see the files from my nas share, does that mean that the mount already exists and probably why I am getting this error?
Thanks for all the help, I finally sort it.
I deleted the container and started again.
Made the directory as suggest
I went to the fstab file and deleted the existing entry and re-run the command from point 3 above. Went into the lxc_share folder and checked the folders were pulling through from the share
Mounted the share and went into pve/lxc to check. I mistake I was making here was the LXC_ID, I was just changing the ID to match the ID of container and not replacing "LXC_ID".
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
