[lxc-users] Establish a bind mount to a running container

Stéphane Graber stgraber at ubuntu.com
Fri Oct 7 13:38:26 UTC 2016 

On Fri, Oct 07, 2016 at 01:26:26PM +0000, Jäkel, Guido wrote:
> >-----Original Message-----
> >From: lxc-users [mailto:lxc-users-bounces at lists.linuxcontainers.org] On Behalf Of Stéphane Graber
> >Sent: Friday, October 07, 2016 11:46 AM
> >To: LXC users mailing-list
> >Subject: Re: [lxc-users] Establish a bind mount to a running container
> >
> >On Fri, Oct 07, 2016 at 07:03:21AM +0000, Jäkel, Guido wrote:
> >> Dear experts,
> >>
> >> I wonder if it's possible to establish a bind mount filesystem resource from the LXC host to an already running container in
> >an manual way, but analogous as it is done at startup time.
> >>
> >> I already figured out that the releasing an existing link is no thing; just umount it from inside the container. But is there a
> >way to establish one while shifting the destination of a bind mount into the right namespace?
> >>
> >> I ask about, because in a couple of days I have to change a (NFS) filesystem source (because of an hardware migration)
> >that is common to a large number of running containers but not frequently used and I want to avoid to restart all the
> >containers with it services.
> >>
> >> thank you for advice
> >>
> >> Guido
> >
> >It's very difficult due to a number of restrictions in place in the kernel.
> >
> >The only way of doing this that I'm aware of is what we do in LXD. We
> >create a path on the host before the container starts, put that on a
> >rshared mountpoint, then bind-mount that directory into the container
> >under some arbitrary path.
> >
> >Then when you want to inject a new mount in the container, you can mount
> >it in a sub-directory of that path you create on the host, which will
> >then have the container inherit the mount entry thanks to the host
> >mountpoint being rshared and the container's mountpoint being rslave.
> >
> >Once the mountpoint shows up in the container, you can then move it to
> >whatever path you actually want it on.
> 
> 
> Dear Stéphane,
> 
> I sorry, but I don't get it yet; some of your terms and where to do it are dubious to me. Maybe an example may light it up to me:
> 
> Let say, I want to inject the path  host:/mnt/some_host_mountpoint/some_directory  as a bind mount to a running container; it should end up on  container:/import/some_container_moutpoint  . On the host, the mountpoint host:/mnt/some_host_mountpoint is mouted to a NFS source, let say  nfshost:/some_export
> 
> Now please, where to issue which commands?

You'll have to do some research yourself or hope that someone can give
you step by step instructions :)


A guestimate (completely untested) would be:

Setup steps, before you first start the container:

 1) mkdir /tmp/shared-c1
 2) mount --bind /tmp/shared-c1 /tmp/shared-c1
 3) mount --make-rshared /tmp/shared-c1
 4) Add to /var/lib/lxc/c1/config => lxc.mount.entry=/tmp/shared-c1 /.shared none bind,create=dir 0 0
 5) lxc-start -n c1

At which point, you could inject a new mount with:

 1) mkdir /tmp/share-c1/some_directory
 2) mount -- bind /mnt/some_host_mountpoint/some_directory /tmp/share-c1/some_directory
 3) lxc-attach -n c1 -- mkdir -p /import/some_container_mountpoint
 4) lxc-attach -n c1 -- mount --move /.shared/some_directory /import/some_container_mountpoint


Again, that's a very rough approximation from what I remember the LXD
code is doing (though we're doing it in a mix of Go and C).

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20161007/a3b3ddeb/attachment.sig>

More information about the lxc-users mailing list