Why do bind mounts prevent snapshots?

[karypid]

Hello,

I'm new to proxmox. Today I tried to take my first snapshot of an unprivileged container. Instead I found the button disabled and the message "The current guest configuration does not support taking new snapshots". After reading up in these forums, I saw references to this storage documentation indicating it was due mounting directories from the host into mount points in my container:

This backend assumes that the underlying directory is POSIX compatible, but nothing else. This implies that you cannot create snapshots at the storage level.

I find this restriction strange. I ended up stopping the container, removing the mount points, taking a snapshot and finally re-adding the container.

Can anyone explain why this was designed like this? I'd expect snapshots to work, but just ignore the "external" directories. Similar to how if you were taking a snapshot of a VM that has a CIFS or NFS mount inside it, its content would just be ignored.

 

[fiona]

Hi,
some people would be surprised if the snapshot would just silently exclude things. The difference with an internal VM mount point is that that's not a PVE configuration, while bind mounts are. There is an open feature request to allow explicitly setting bind mounts to be excluded from snapshots.

 

[Moxxorp]

"Skip replication"
"No backup"
...
"Skip snapshots"

In the meantime, we have to remove pass-through data drives to do snapshot, then add them again.

 

[Moxxorp]

To snapshot,
1. Shutdown machine
2. Backup /etc/pve/nodes/eno/qemu-server/ VMID .conf
3. Detatch the offending drives
4. Snapshot
5. Add detached drive entries into conf
6. Boot

 

[Dunuin]

I also would like to see a checkbox to ignore the bind-mounted folders. Because unprivileged LXCs can't mount SMB shares I need to mount them on the host and bind-mount the SMB mountpoints into the LXC. So there is really no need to snapshot the bind-mounts and even if it would be possible to include them I wouldn't want that, because the SMB shares are already snapshoted on my TrueNAS server.

 

[MountainMan]

I'm new to Proxmox also and just ran into this do to a bind mount I need between a couple containers. TBH it's making me re-think things a bit, as I definitely want automated snapshots/backups of the containers themselves. Personally I wouldn't find it odd that the bind mount isn't included, as I had to add it manually to begin with. (no way in the UI I could see?) and that xfs dataset can be taken care of on its own. Is signing on to that Bugzilla ticket the best way to show support?

Thanks!

 

[servada]

We would also really appreciate being able to create snapshots from containers with bind mounts. I guess adding the no-snapshot option as suggested above inside storage settings per bind-mount and then allowing to do so if all mp's have such switch set seems like a good compromise.

 

[leesteken]

A work-around is to not use bind mount points but add lxc.mount.entry: /directory/on/host directory/in/container none bind,rw 0 0 to the container configuration file. Then you can do snapshots and the mounted directory is exempt and ignored.

 

[servada]

A work-around is to not use bind mount points but add lxc.mount.entry: /directory/on/host directory/in/container none bind,rw 0 0 to the container configuration file. Then you can do snapshots and the mounted directory is exempt and ignored.

That sounds like a valid workaround. Does this workaround not mess with things like ACL?

 

[LnxBil]

Does this workaround not mess with things like ACL?

It's technically the same, so no.

 

[servada]

A work-around is to not use bind mount points but add lxc.mount.entry: /directory/on/host directory/in/container none bind,rw 0 0 to the container configuration file. Then you can do snapshots and the mounted directory is exempt and ignored.

This workaround does not seem to work for me. I get an LXC attach error if I leave out the slash just before the second directory (in container), if I include the forward slash the container starts but does not contain the directory/bind mount.

I am trying to mount two cephfses and one tmpfs on two separate unprivileged containers. So I guess it's not a regular directory/mount and requires some more trickery to get going.

 

[leesteken]

This workaround does not seem to work for me. I get an LXC attach error if I leave out the slash just before the second directory (in container), if I include the forward slash the container starts but does not contain the directory/bind mount.

I don't know what to say. lxc.mount.entry: /srv/mythtv var/lib/mythtv none bind 0 0 works for me on PVE 7.2. Make sure both directories exist (and have the right owner).

I am trying to mount two cephfses and one tmpfs on two separate unprivileged containers. So I guess it's not a regular directory/mount and requires some more trickery to get going.

If the tmpfs is already mounted on the Proxmox host, it works exactly the same: just bind mount (as above) the location where the tmpfs is mounted. I have no experience with cephfs.

 

[adalle]

It seems like it would be better for Proxmox to support snapshots with bind mounts, even if they have to introduce a new skip_snapshot flag or something. I do already have backup=0 for shared mounts, since I'd only want to back it up (or snapshot it) on the host system for which it is native.

The downside to this workaround is that it is not evident that a container is using those shared resources when looking at the Resources tab in the UI or API, but only when you look at the lxc config file, or mounted filesystems in the running container.

However, it is working well for me in PVE 7.3, and I have auto-snapshotting working for these containers now, which is the main thing.