[lxc-users] Mount Directory or Move Image Location?

Serge Hallyn serge.hallyn at ubuntu.com
Mon Nov 2 15:22:38 UTC 2015


Hi,

So yes, I'd expect this, but what I don't understand is why your
straight bind mount would have ended up differently.  Unless you
did it at just the right time - before first boot of the container -
so that lxd shifted the uid of the bind-mounted directory?

I assume that, in the case below, if you do

ls -ld /opt

You see something like

drwxr-xr-x 2 nobody nogroup 4096 Oct 19 19:29 /opt

?

On the host, just shift the /nvme1/lxdmount1 directory to the
container's root uid/gid.  I.e. if it is 100000 for both, then
"sudo chmod 100000:100000 /nvme1/lxdmount1".


Quoting B G (bg85305 at gmail.com):
> I tried your suggested method and I got into permission issues...
> 
> Ran:
> 
> $:/# lxc config device add neoped lxdmount1 disk source=/nvme1/lxdmount1
> path=/opt
> 
> Device lxdmount1 added to neoped
> 
> 
> Then opened a bash session into the container and tried to make a
> directory...
> 
> root at LXC_NAME:/# cd opt
> root at LXC_NAME:/opt# ls
> root at LXC_NAME:/opt# mkdir lxdmount1 test
> mkdir: cannot create directory 'lxdmount1': Permission denied
> mkdir: cannot create directory 'test': Permission denied
> 
> 
> I still don't understand where or how I need to map the container user to
> the host user to enable this without completely opening security on the
> directory...
> 
> At least I suppose that is why it is failing...
> 
> 
> 
> On Fri, Oct 30, 2015 at 4:11 PM, B G <bg85305 at gmail.com> wrote:
> 
> > Thanks I will try your later suggestion... Thank you for your quick
> > replies.
> >
> > That said your earlier suggestion seems to have also worked...
> >
> > mount --bind /container/rootfs/fastdata1 /nvme/fastdata1
> >
> > I tried the following and it seems to work..  Was thinking about adding
> > into fstab for perminence..
> >
> > Which way do you recommend?  I can switch to the lxc config way...
> >
> > Each machine is a single-tenant environment so not so worried about
> > security isolation of each container.
> >
> >
> >
> > On Fri, Oct 30, 2015 at 3:14 PM, Serge Hallyn <serge.hallyn at ubuntu.com>
> > wrote:
> >
> >> No, wait.  I thought you wanted the other directory to be where the
> >> containers are coming from.
> >>
> >> To bind mount the directory into containers, use a 'disk' device
> >> type.  I.e. if the directory is mounted on the host at /mnt/fastdisk,
> >> and your container is container-name,
> >>
> >> lxc config device add container-name fastdisk disk source=/mnt/fastdisk
> >> path=/opt
> >>
> >> Will cause 'fastdisk' to be mounted under /opt in the container.
> >>
> >> -serge
> >>
> >> Quoting B G (bg85305 at gmail.com):
> >> > Thanks Serge.
> >> >
> >> > You suggest to bind mount the underlying directory from the host OS?
> >> >
> >> > I suppose that we could do that for the root file system anywhere inside
> >> > the image file system?
> >> >
> >> > E.g.
> >> >
> >> > /var/lib/lxd/containers/container-name/rootfs/directory_mount
> >> >
> >> > Once I restart the container should be transparent to the container that
> >> > the underlying file-system has mounted from a different location?
> >> >
> >> > That sound right... I was thinking about it in a much more complicated
> >> way
> >> > like you would a VDI for a VM.  That is better.
> >> >
> >> >
> >> >
> >> > On Fri, Oct 30, 2015 at 2:23 PM, Serge Hallyn <serge.hallyn at ubuntu.com>
> >> > wrote:
> >> >
> >> > > Quoting B G (bg85305 at gmail.com):
> >> > > > I need to jam a ton of data from another drive partition into a
> >> > > > container... What is the best way to:
> >> > > >
> >> > > > 1. Mount a directory from a different drive on the host
> >> > > >
> >> > > > or
> >> > > >
> >> > > > 2. Change the image location to the alternative drive on the host
> >> > > >
> >> > > > I have been searching a ton and can't see the best way to do this.
> >> I
> >> > > have
> >> > > > an NVME partition that I want to use for really fast IO but it is
> >> not the
> >> > > > default one the containers are created in...
> >> > > >
> >> > > > Appreciate any advice..
> >> > >
> >> > > Are you using lxd or lxc?
> >> > >
> >> > > The easiest way is probably to just bind mount the fast directory onto
> >> > > /var/lib/lxc or /var/lib/lxd.  If I'm understanding you right.
> >> > >
> >> > > Personally on my laptop I have a little 16G m.2 ssd formatted as btrfs
> >> > > and mounted onto /var/lib/lxd to give me something like .5-second
> >> container
> >> > > creations.
> >> > >
> >> > > -serge
> >> > > _______________________________________________
> >> > > lxc-users mailing list
> >> > > lxc-users at lists.linuxcontainers.org
> >> > > http://lists.linuxcontainers.org/listinfo/lxc-users
> >>
> >> > _______________________________________________
> >> > lxc-users mailing list
> >> > lxc-users at lists.linuxcontainers.org
> >> > http://lists.linuxcontainers.org/listinfo/lxc-users
> >>
> >> _______________________________________________
> >> lxc-users mailing list
> >> lxc-users at lists.linuxcontainers.org
> >> http://lists.linuxcontainers.org/listinfo/lxc-users
> >>
> >
> >

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users



More information about the lxc-users mailing list