[lxc-users] NFS mounts and unprivileged containers

Matthew Green mephi at mephi.co.uk
Fri Dec 4 13:54:36 UTC 2015 

Hi Fajar,

(1) Understood, I was just trying to work out if mine was one.
(2) I've got it working with the client connecting to the server IP
address, does this still have problems? One of the issues I have with LXC
is knowing when an action is considered to be on the same machine as the
host and when it's separate.
(3) My portability concern was around being able to migrate a container to
a new host, so yeah, I would need to add the NFS share on the new host as
well.
(4) For backups I read somewhere that if you tar a container with a bind
mount you also tar the contents of the mount, so if I bind mount then I'll
need to work out a way to remove the bind mount prior to running tar

Thanks for your help :-)

Matt


On 4 December 2015 at 12:54, Fajar A. Nugraha <list at fajar.net> wrote:

> On Fri, Dec 4, 2015 at 5:56 PM, Matthew Green <mephi at mephi.co.uk> wrote:
>
>> The host is expected to be the NFS server to start with, but using bind
>> mounts (I think this is what you're suggesting) gives me concerns about
>> portability and backups.
>>
>>
>
> (1) Not EVERY use case is suitable for unpriv containers. So don't be
> surprised if yours isn't one of them.
>
> (2) IIRC it's NOT recommended to have an nfs client mounting nfs share
> from localhost (i.e. loopback nfs mount), At least in old kernels:
> https://lwn.net/Articles/595652/ . Not sure about current (e.g. 4+)
> kernels though.
>
> (3) What kind of "portability" are you talking about here? Moving between
> virt systems (e.g. KVM -> lxc, or whatever)? If its THAT, then you'd always
> have to perform some level of adjustment anyway, with or without additional
> bind mounts.
>
> If you mean "what happens when the nfs server is on another server", then
> the host can import the share on the SAME path as you're currently using,
> and bind-mount will continue to work (as long as the path and
> owner/permission is the same)
>
> (4) you create a backup strategy that fits your needs.
>
> --
> Fajar
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151204/027f0d66/attachment.html>

More information about the lxc-users mailing list