[lxc-users] LXD share /var/lib/mysql from host to container and map user/group

David Favor david at davidfavor.com
Mon Jul 9 21:35:27 UTC 2018 

Tony P wrote:
> What's the correct way to share the mysql/mariadb data dir of the host 
> system to a container and map the permissions correctly? I have been 
> struggling with this for a couple of days. I'm sorry if this question 
> has been asked before, but I have searched thoroughly and not been able 
> to find the solution yet. Basically what I have done so far:
> 
> Install mariadb-server on both host and container and:
> 
> $ printf "lxd:$(id -u mysql):1\nroot:$(id -u mysql):1\n" | sudo tee -a 
> /etc/subuid
> $ printf "lxd:$(id -g mysql):1\nroot:$(id -g mysql):1\n" | sudo tee -a 
> /etc/subgid
> $ sudo systemctl restart lxd
> $ printf "uid $(id -u mysql) 1000\ngid $(id -g mysql) 1000" | lxc config 
> set $CONTAINER_NAME raw.idmap -
> $ lxc restart $CONTAINER_NAME
> $ sudo lxc config device add $CONTAINER_NAME mysql disk 
> source=/var/lib/mysql path=/var/lib/mysql
> Unfortunately, this breaks the container and prevents it from starting 
> since the mapping isn't allowed.
> 
> $ sudo lxc info --show-log ub1804x64-3
> 
> Name: ub1804x64-3
> Remote: unix://
> Architecture: x86_64
> Created: 2018/07/09 15:30 UTC
> Status: Stopped
> Type: persistent
> Profiles: default
> 
> Log:
> 
> lxc ub1804x64-3 20180709154554.682 ERROR    lxc_conf - 
> conf.c:lxc_map_ids:2919 - newuidmap failed to write mapping "newuidmap: 
> uid range [1000-1001) -> [114-115) not allowed": newuidmap 6725 0 100000 
> 1000 1000 114 1 1001 101001 64535
> lxc ub1804x64-3 20180709154554.682 ERROR    lxc_start - 
> start.c:lxc_spawn:1661 - Failed to set up id mapping.
> lxc ub1804x64-3 20180709154554.755 WARN     lxc_network - 
> network.c:lxc_delete_network_priv:2607 - Failed to remove interface 
> "veth38DOB9" from "lxdbr0": Invalid argument
> lxc ub1804x64-3 20180709154554.755 ERROR    lxc_container - 
> lxccontainer.c:wait_on_daemonized_start:834 - Received container state 
> "ABORTING" instead of "RUNNING"
> lxc ub1804x64-3 20180709154554.756 ERROR    lxc_start - 
> start.c:__lxc_start:1887 - Failed to spawn container "ub1804x64-3"
> lxc 20180709154554.775 WARN     lxc_commands - 
> commands.c:lxc_cmd_rsp_recv:130 - Connection reset by peer - Failed to 
> receive response for command "get_state"
> I'm basically following this article 
> (https://stgraber.org/2017/06/15/custom-user-mappings-in-lxd-containers/) 
> written by Stéphane Graber (the super awesome primary LXD developer) to 
> achieve this. I'll admit that I don't fully understand what's going on 
> here, if someone could help me understand my mistake a bit better, I'd 
> really appreciate it. I have a feeling I have the range wrong (1000?). I 
> previously attempted doing the same by manually adding the mysql 
> user/group and trying to map those (instead of installing mysql), but 
> that also didn't work out (Same error). This is what I tried before 
> trying the mapping):
> 
> $ sudo groupadd mysql
> $ sudo useradd -r -g mysql mysql
> 
> I also tried with: 
> $ printf "both $(id -u mysql) $(id -u mysql)" | lxc config set 
> $CONTAINER_NAME raw.idmap -
> 
> Then the error I get is:
> 
> $ sudo lxc info --show-log tmp3
> 
> Name: tmp3
> Remote: unix://
> Architecture: x86_64
> Created: 2018/07/09 20:32 UTC
> Status: Stopped
> Type: persistent
> Profiles: default
> 
> Log:
> 
> lxc tmp3 20180709204423.805 ERROR    lxc_conf - conf.c:lxc_map_ids:2919 
> - newgidmap failed to write mapping "newgidmap: gid range [114-115) -> 
> [114-115) not allowed": newgidmap 30081 114 114 1 0 100000 114 115 
> 100115 65421
> lxc tmp3 20180709204423.805 ERROR    lxc_start - start.c:lxc_spawn:1661 
> - Failed to set up id mapping.
> lxc tmp3 20180709204423.876 WARN     lxc_network - 
> network.c:lxc_delete_network_priv:2607 - Failed to remove interface 
> "vethYL869L" from "lxdbr0": Invalid argument
> lxc tmp3 20180709204423.876 ERROR    lxc_container - 
> lxccontainer.c:wait_on_daemonized_start:834 - Received container state 
> "ABORTING" instead of "RUNNING"
> lxc tmp3 20180709204423.877 ERROR    lxc_start - 
> start.c:__lxc_start:1887 - Failed to spawn container "tmp3"
> lxc 20180709204423.897 WARN     lxc_commands - 
> commands.c:lxc_cmd_rsp_recv:130 - Connection reset by peer - Failed to 
> receive response for command "get_state"
> 
> 
> I'm using LXD 3.0.1 running on host Ubuntu 18.04 amd64 and testing with 
> a Ubuntu 18.04 amd64 container
> 
> Thanks for your help in advance!!

Things to keep in mind.

1) If you end up with a machine level instance of MariaDB running along
    with a container level instance of MariaDB running with a shared
    /var/lib/mysql, then all your data will be corrupt.

    Likely best to have a machine level database directory named
    something different than /var/lib/mysql, in case you ever accidentally
    install a machine level version of mariadb-server packages.

2) Unsure what you're attempting to accomplish modifying idmaps + restarting
    LXD. Maybe you're attempting to defeat container security.

    A better way to do this is...

    lxc config set cname security.privileged true
    lxc restart cname

3) All this said, likely be useful for you to describe your target objective.

    Likely knowing this, someone has already accomplished what you're trying
    to accomplish + will have some good suggestions.

4) Keep in mind, depending on how you finalize all this, container
    remote move + copy operations may fail to clone your database data.

    Even if you do end up with a /var/lib/mysql in your newly created
    remote container, you'll likely loose your machine/container
    filesystem mapping.

More information about the lxc-users mailing list