[lxc-users] NFS mounts and unprivileged containers
Matthew Green
mephi at mephi.co.uk
Fri Dec 4 16:19:18 UTC 2015
I read the link, but a fair amount of it was beyond my understanding. My
confusion was around the use of the words loopback and localhost, whereas
from an IP point of view, I've got two different addresses talking to each
other, I'm not using a loopback interface or connecting to localhost
(127.0.0.x).
If tar with --one-file-system works it makes the backup process easy too.
Thanks :-)
Matt
On 4 December 2015 at 15:17, Fajar A. Nugraha <list at fajar.net> wrote:
> On Fri, Dec 4, 2015 at 8:54 PM, Matthew Green <mephi at mephi.co.uk> wrote:
>
>> Hi Fajar,
>>
>> (1) Understood, I was just trying to work out if mine was one.
>> (2) I've got it working with the client connecting to the server IP
>> address, does this still have problems? One of the issues I have with LXC
>> is knowing when an action is considered to be on the same machine as the
>> host and when it's separate.
>>
>
> "can connect" does not equal to safe. Did you read the link?
>
> containers -> same kernel "process" as the host. For most purposes,
> consider those as "same" machive (even when containers can be configured to
> only use a subset of host's resources).
>
> KVM/any-other-full-virtualization -> guest and host use separate kernels.
> They can even be completely different OS (e.g. windows on linux host)
>
>
>
>> (3) My portability concern was around being able to migrate a container
>> to a new host, so yeah, I would need to add the NFS share on the new host
>> as well.
>>
>
>
> Shouldn't be an issue then. Either bind-mount directly, or
> nfs-import-then-bind-mount as required.
>
>
>
>> (4) For backups I read somewhere that if you tar a container with a bind
>> mount you also tar the contents of the mount, so if I bind mount then I'll
>> need to work out a way to remove the bind mount prior to running tar
>>
>>
> Options for backup in your case:
> (a) read the docs,
> https://www.gnu.org/software/tar/manual/html_section/tar_55.html
>
> (b) bind-mount the path you'll be backing up somewhere first (e.g "mount
> --bind /var/lib/lxc/c1/rootfs /tmp/mnt"), and THEN backup the new mount
> point
>
> (c) use block-level backup
>
> (d) use something more advanced, like zfs with its send/receive feature
>
> --
> Fajar
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151204/97333e75/attachment.html>
More information about the lxc-users
mailing list