zfs snapshotting and backups in lxc container?

kyriazis

Well-Known Member
Oct 28, 2019
96
5
48
Austin, TX
Hello,

I am planning on using sanoid/syncoid or something similar to perform snapshots and backups of my zfs pool(s).

I understand that I can add packages and/or do whatever I need in the host debian environment, but I was wondering if I can do the same inside an lxc container with the host zfs pools mounted with mpX: in the conf files. My reasoning is that I don't want to pollute the host environment (I want to keep things compartmentalized)z, and also taking backups of containers is much easier than backing up specific setups on the host.

Any thoughts?

Thank you!

George
 
I don't think that will work. ZFS snapshots are deeply buildin into the filesystem itself working on block level and you can only create them running the zfs command on your host. If you bind-mount a mountpoint of a dataset into a LXC that is all done on the file level.
 
Did you every find an answer to this? I am at the same stage, trying to setup sanoid in a privileged LXC on Proxmox, to not dirty the Hypervisor. I have set up Syncoid in Pull mode, with a specific user on the Hypervisor that is limited in rights using ssh command restrictions, so I am only worrying about automated ZFS snapshotting with Sanoid.

This answer:
https://www.reddit.com/r/Proxmox/co.../?utm_source=share&utm_medium=web2x&context=3

suggests it is possible...

There is this thread in _this_ forum, but it looks like there is no definite answer:
https://forum.proxmox.com/threads/access-zfs-snapshots-inside-lxc-container.51861/

There are also reports that ZFS snapshotting works in unprivileged containers soon, using ZFS deletegation:
https://forum.proxmox.com/threads/zfs-snapshot-on-lxc.130660/

.. but this comment from Oct1, 2023 suggests that snapshots from privileged containers is not supported:
https://forum.proxmox.com/threads/zfs-snapshot-on-lxc.130660/post-592921

A solution could be to run `cv4pve-autosnap` inside an LXC:
https://github.com/Corsinvest/cv4pve-autosnap

Since cv4pve-autosnap uses the Proxmox API, the tool doesn't require ZFS access from within the container and won't work if the host is down.
But I could not find out whether cv4pve-autosnap supports snapshotting of arbitrary ZFS dataset paths, or only works for container-connected ZFS volumes (because it requires a parameter called `vmid`).
 
Last edited:
Its using the API for snapshots (which is the better way to do it as caches will be flushed before taking the snapshot to ensure consistency) but PVE only supports snapshotting of VMs/LXCs.

You could do something similar by sending your ZFS commands via SSH from LXC to host. But yes, not great for security unless you create a dedicated unprivileged PAM user with all privileges missing except for running a single predefined ZFS snapshot command. Would be a terrible idea to allow guests to run random "zfs destroy" for pruning snapshots.
 
Last edited:
Thank you. I think I tend to do the following:
- keep automated, full snapshots using the PVE snapshot utility (will create tar's of VMs/LXC etc., properly suspend guests etc.)
- install Sanoid on Proxmox itself, create automated inexpensive ZFS snapshots of all datasets, including VM disks but also custom ZFS datasets; including the tar's created by Proxmox
- sync using syncoid with pullmode form offsite ZFS
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!