Ubuntu Snaps inside LXC container on Proxmox

Discussion in 'Proxmox VE: Installation and configuration' started by UrkoM, Aug 21, 2017.

  1. UrkoM

    UrkoM New Member

    Joined:
    Oct 15, 2014
    Messages:
    17
    Likes Received:
    0
    Hi,
    I am trying to test Snap applications inside an Ubuntu 16.04 LXC container in Proxmox, and I am running into problems.
    I found this link:
    https://stgraber.org/2017/01/31/ubuntu-core-in-lxd-containers/
    And it seems snapd needs "unprivileged FUSE mounts and AppArmor namespacing and stacking"'.

    Am I trying the impossible here? Has anyone looked into this or has any idea if/when this will be possible on Proxmox?

    I could run Ubuntu 16.04 as QEMU VM, but I really like the (maybe theoretical in this case?) performance advantage of LXC for this.

    Thanks!
     
  2. Eric Fossum

    Eric Fossum New Member

    Joined:
    Mar 30, 2018
    Messages:
    3
    Likes Received:
    0
  3. rmundel

    rmundel New Member

    Joined:
    May 9, 2015
    Messages:
    18
    Likes Received:
    1
  4. rmundel

    rmundel New Member

    Joined:
    May 9, 2015
    Messages:
    18
    Likes Received:
    1
    Trying to install on PVE5.2-1 on a ubuntu 18.04 LXC and after the install i got some message about kernel needing AppArmor 2.4 compatibility patch or something like that.
    I never was able to found a solution do snaps on LXC. I'm running VMs for services like, Rocket.Chat, Wekan, and so on.
     
  5. Carlos Estrada

    Carlos Estrada New Member

    Joined:
    Feb 18, 2016
    Messages:
    3
    Likes Received:
    1
    I was trying to install nextcloud as snap inside an ubuntu xenial container when I faced with this problem. Is my understanding that the problem is related to missing features in the PVE Kernel.

    Is this a problem with Proxmox? or the packaged containers? Is this a bug?
     
    dbayer likes this.
  6. rmundel

    rmundel New Member

    Joined:
    May 9, 2015
    Messages:
    18
    Likes Received:
    1
    Until this very day, I'm completely clueless.
     
    Carlos Estrada likes this.
  7. rmundel

    rmundel New Member

    Joined:
    May 9, 2015
    Messages:
    18
    Likes Received:
    1
    Can some share some light on this topic please?
     
  8. dbayer

    dbayer New Member
    Proxmox Subscriber

    Joined:
    Apr 15, 2016
    Messages:
    29
    Likes Received:
    1
    Bump!!
     
    Anders Johansen likes this.
  9. t.lamprecht

    t.lamprecht Proxmox Staff Member
    Staff Member

    Joined:
    Jul 28, 2015
    Messages:
    1,264
    Likes Received:
    181
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. davidg1982

    davidg1982 New Member

    Joined:
    May 26, 2017
    Messages:
    12
    Likes Received:
    2
  11. t.lamprecht

    t.lamprecht Proxmox Staff Member
    Staff Member

    Joined:
    Jul 28, 2015
    Messages:
    1,264
    Likes Received:
    181
    You maybe lucky, this got applied :)
    With the pve-container package in version 2.0-28 (or newer) you should be able to set the 'mount' and 'nesting' features and it should work.

    This is currently not exposed over the GUI, but you can create a CT as usual there and then open a shell on PVE and do something alike:
    Code:
    pct set VMID --features mount=1,nesting=1
    
    Edit, above did not work with mount, as this needs a list on accepted file systems, e.g.:
    Code:
    pct set VMID --features mount=fuse;nfs,nesting=1
    
    on the stopped CT and then, on the next start it should work.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #11 t.lamprecht, Oct 22, 2018
    Last edited: Nov 28, 2018
  12. davidg1982

    davidg1982 New Member

    Joined:
    May 26, 2017
    Messages:
    12
    Likes Received:
    2
    That's helpful. Thank you.
    Is pve-container version 2.0-28 in the test repository? Because I am running pve-container 2.0-25 and that seems to be the only version available. I have this in my source.list:
    Code:
    deb http://enterprise.proxmox.com/debian/pve stretch pve-enterprise
     
  13. tom

    tom Proxmox Staff Member
    Staff Member

    Joined:
    Aug 29, 2006
    Messages:
    13,551
    Likes Received:
    405
    Its in the repository but you have a typo in your sources.list entry (you need https instead of http):

    > deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. davidg1982

    davidg1982 New Member

    Joined:
    May 26, 2017
    Messages:
    12
    Likes Received:
    2
    I must be doing something incorrectly.
    Code:
    david@proxmox:~$ sudo apt update
    Ign:1 http://ftp.us.debian.org/debian stable InRelease
    Hit:2 http://repo.zabbix.com/zabbix/3.4/debian stretch InRelease                     
    Hit:3 http://security.debian.org stable/updates InRelease                           
    Hit:4 http://ftp.us.debian.org/debian stable Release                   
    Get:5 https://enterprise.proxmox.com/debian/pve stretch InRelease [2,081 B]
    Hit:5 https://enterprise.proxmox.com/debian/pve stretch InRelease
    Reading package lists... Done                         
    Building dependency tree     
    Reading state information... Done
    All packages are up to date.
    david@proxmox:~$ apt-cache policy pve-container
    pve-container:
      Installed: 2.0-25
      Candidate: 2.0-25
      Version table:
     *** 2.0-25 100
            100 /var/lib/dpkg/status
    david@proxmox:~$
    
    Here is the rest of my pveversion -v
    Code:
    proxmox-ve: 5.2-2 (running kernel: 4.15.18-2-pve)
    pve-manager: 5.2-7 (running version: 5.2-7/8d88e66a)
    pve-kernel-4.15: 5.2-5
    pve-kernel-4.15.18-2-pve: 4.15.18-20
    pve-kernel-4.15.17-1-pve: 4.15.17-9
    pve-kernel-4.13.13-5-pve: 4.13.13-38
    pve-kernel-4.4.98-4-pve: 4.4.98-104
    pve-kernel-4.4.79-1-pve: 4.4.79-95
    pve-kernel-4.4.59-1-pve: 4.4.59-87
    corosync: 2.4.2-pve5
    criu: 2.11.1-1~bpo90
    glusterfs-client: 3.8.8-1
    ksm-control-daemon: 1.2-2
    libjs-extjs: 6.0.1-2
    libpve-access-control: 5.0-8
    libpve-apiclient-perl: 2.0-5
    libpve-common-perl: 5.0-38
    libpve-guest-common-perl: 2.0-17
    libpve-http-server-perl: 2.0-10
    libpve-storage-perl: 5.0-24
    libqb0: 1.0.1-1
    lvm2: 2.02.168-pve6
    lxc-pve: 3.0.2+pve1-1
    lxcfs: 3.0.0-1
    novnc-pve: 1.0.0-2
    openvswitch-switch: 2.6.2~pre+git20161223-3
    proxmox-widget-toolkit: 1.0-19
    pve-cluster: 5.0-29
    pve-container: 2.0-25
    pve-docs: 5.2-8
    pve-firewall: 3.0-13
    pve-firmware: 2.0-5
    pve-ha-manager: 2.0-5
    pve-i18n: 1.0-6
    pve-libspice-server1: 0.12.8-3
    pve-qemu-kvm: 2.11.2-1
    pve-xtermjs: 1.0-5
    pve-zsync: 1.6-16
    qemu-server: 5.0-32
    smartmontools: 6.5+svn4324-1
    spiceterm: 3.0-5
    vncterm: 1.5-3
    
     
  15. rmundel

    rmundel New Member

    Joined:
    May 9, 2015
    Messages:
    18
    Likes Received:
    1
    I'm on PVE 5.2-11 with pve-container 2.0.29 and I'm must be missing something.
    On a Ubuntu 18.04 container and the nesting and mouting features enabled.
    Installed snapd and bam:

    -- Unit snapd.service has finished shutting down.
    Nov 27 15:50:31 gsm systemd[1]: snapd.service: Start request repeated too quickly.
    Nov 27 15:50:31 gsm systemd[1]: snapd.service: Failed with result 'exit-code'.
    Nov 27 15:50:31 gsm systemd[1]: Failed to start Snappy daemon.
    -- Subject: Unit snapd.service has failed
    -- Defined-By: systemd
    -- Support: http://www.ubuntu.com/support
    --
    -- Unit snapd.service has failed.
    --
    -- The result is RESULT.
    Nov 27 15:50:31 gsm systemd[1]: snapd.socket: Failed with result 'service-start-limit-hit'.
    Nov 27 15:50:35 gsm snap[2814]: error: cannot communicate with server: Get http://localhost/v2/snaps/system/conf?keys=seed.loaded: dial unix /run/snapd.socket: connect: co
    Nov 27 15:50:35 gsm systemd[1]: snapd.seeded.service: Main process exited, code=exited, status=1/FAILURE
    Nov 27 15:50:35 gsm systemd[1]: snapd.seeded.service: Failed with result 'exit-code'.
    Nov 27 15:50:35 gsm systemd[1]: Failed to start Wait until snapd is fully seeded.
     
  16. wbumiller

    wbumiller Proxmox Staff Member
    Staff Member

    Joined:
    Jun 23, 2015
    Messages:
    643
    Likes Received:
    82
    Snap requires a bit more work. There may soon be a 'fuse' flag for the features option, but fuse can be dangerous. For now you have to do this:

    - For unprivileged containers:
    1) Put this in /etc/pve/lxc/$vmid.conf:
    Code:
    ...
    features: mount=fuse,nesting=1
    lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file 0 0
    
    2) Inside the container: `apt install squashfuse`

    - For privileged containers, also add:
    Code:
    ...
    # EDIT:
    # We need to allow apparmor administration, by default mac_admin is dropped for privileged containers.
    # Note that you do not want this for un-trusted containers...
    lxc.cap.drop =
    lxc.cap.drop = mac_override sys_time sys_module sys_rawio
    
    Alternatively to squashfuse, privileged containers could use loop devices, but I wouldn't recommend it...


    Note that enabling `fuse` in a container does not play well with backups, or anything that causes an `lxc-freeze` command to be executed on the container, as this can cause deadlocks in the kernel...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #16 wbumiller, Nov 28, 2018
    Last edited: Nov 28, 2018
  17. rholighaus

    rholighaus Member
    Proxmox Subscriber

    Joined:
    Dec 15, 2016
    Messages:
    50
    Likes Received:
    2
    Hi Wolfgang,

    Is there any progress on integrating snap into LXC containers? So far, if I'd like to e.g. install wekan, I'll need a VM which is not my favourite way to run Linux software on Proxmox.

    Any suggestions?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice