[lxc-users] Mount additional storage into unprivileged container

Andriy Tovstik andriy.tovstik at gmail.com
Tue Nov 8 10:43:55 UTC 2016


Hi, Andrey!

вт, 8 нояб. 2016 г. в 12:20, Andrey Repin <anrdaemon at yandex.ru>:

> Greetings, Andriy Tovstik!
>
> > I am learning LXC features because we are going  to implement it in our
> > production environment.
>
> LXC or LXD? Your configuration smells the latter.
>
> LXD, you are right. But AFAIK LXD is an extension that was built over LXC
subsystem, isn't it?

> Could somebody explain me is there any well documented way to mount
> > additional filesystems or (preferable) block devices into Unprivileged
> > containers? is it supports live migration of container?
>
> You could do better at explaining, what you need that for. It'll speed up
> the
> answer.
> Normally, you don't need to "mount block devices into container".
>
>
Well... I'm going to use LXD to isolate two applications that will be
heavily loaded. May be it will be necessary to give for each other
dedicated storage.
Rootfs i'll put to ZFS pool. Alternative way is to use zfs over high speed
storage system and use IOPS limit for each container...

> I've read a lot of articles and man pages but unfortunatly this question
> is still unclear for me...
> >
> > Currently my config looks like:
> >
> >
> >
> > name: test-container
> > profiles:
> > - default
> > config:
> >   raw.lxc: lxc.aa_profile=unconfined
> >   security.privileged: "true"
> >   volatile.base_image:
> a19c9ae2bd2e7bf99b0e2d31a0707cc534781a4eba47f44f172f486d2e01c96b
> >   volatile.eth0.hwaddr: 00:16:3e:87:d6:d9
> >   volatile.last_state.idmap: '[]'
> > devices:
> >   data:
> >     path:  /datastorage
> >     source: /dev/sdf
> >     type: disk
>
> >
> > But when I try to change security.privileged to ‘false’ I lost an ability
> > to write to /datastorage path inside container.
> >
> > Currently I’m using version 2.0.5 of LXC
>
> Doesn't match to your listed config. Smells like LXD.
>
> All versions looks like something like this:

ii  lxc-common     2.0.5-0ubuntu1~ubuntu16.04.2 amd64        Linux
Containers userspace tools (common tools)
ii  lxc2           2.0.5-0ubuntu1~ubuntu16.04.1 all          Container
hypervisor based on LXC - metapackage
ii  lxcfs          2.0.4-0ubuntu1~ubuntu16.04.1 amd64        FUSE based
filesystem for LXC
ii  lxd            2.0.5-0ubuntu1~ubuntu16.04.1 amd64        Container
hypervisor based on LXC - daemon
ii  lxd-client     2.0.5-0ubuntu1~ubuntu16.04.1 amd64        Container
hypervisor based on LXC - client
ii  lxd-tools      2.0.5-0ubuntu1~ubuntu16.04.1 amd64        Container
hypervisor based on LXC - extra tools



>
> --
> With best regards,
> Andrey Repin
> Tuesday, November 8, 2016 13:13:21
>
> Sorry for my terrible english...
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

-- 
WBR, Andriy Tovstik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20161108/afdd2cf7/attachment.html>


More information about the lxc-users mailing list