[Lxc-users] trouble with remote mounts, ssh and ftp clients from inside container behind private bridge & NAT

Whit Blauvelt whit at transpect.com
Fri Nov 9 15:19:41 UTC 2012 

On Fri, Nov 09, 2012 at 08:43:48AM +0000, Jäkel, Guido wrote:
> >(1) I'm not sure you can do nfs-mount inside an lxc container
> 
> Yes, you can for the simplest solution.

Still doesn't work for me, when the container is on a private bridge from
the host and DNATed and SNATed to a second IP on the host's WAN-facing
interface. Either it won't work in this particular configuration, or I have
to add something more for it to.

As for other connections initiated from the container, wget to outside sites
works fine. On the other hand ftp makes the initial connection and sends the
user name from the prompt, but fails to progress to the password prompt,
instead failing the ftp connection with "authentication failed" despite no
chance to enter the password. Trying "yum update" fails with a flurry of
"Not found" messages for packages required by dependencies. But ping works
to any and all addresses.

And as I mentioned before SSH works into the guest, but SSH out from the
guest consistently fails with a "Host key verification failed" message. This
breakage may well follow from the way I copied in a full existing CentOS 6
filesystem and then modified it to create the guest. Wish I knew how to
diagnose what's wrong. I'm sure packets captured in the NAT stages would
show something, but what to expect as normal there is outside my range of
knowledge.

> But also, you can mount it on the host and propagate it (or any subtree,
> e.g. for a concrete container) via an bind-mount to the container. If you
> have a lot of containers, this will reduce the number of NFS-mounts to one
> per host. And if the containers will use the same set of files, there will
> use local locking and share the same fs-cache.
> ...

That's a powerful argument for this as the right way. Thanks. Now to
understand the scheme.

> A entry in an lxc fstab file (referred by lxc.mount=) like
> 
> 	/mnt/ext_nfs/container_foo  mnt/my_nfs_part   none bind 0 0

Is there a way to do mounts by hand, or is does this only work if done in
the container's fstab file? 

Thanks,
Whit

More information about the lxc-users mailing list