[lxc-users] LXD share /var/lib/mysql from host to container and map user/group
Tony P
tonypeagleon at gmail.com
Tue Jul 10 00:34:07 UTC 2018
Hi David. Those are excellent points. Actually, I regret not mentioning my
purpose in the original e-mail. To clarify, I don't intend to run a host
mariadb and a container mariadb simultaneously. Also, this is definitely
not for production. This is primarily for my development environment. I
intend to test my web applications inside various containers which will all
have different configurations. The web applications are developed inside
the host, and tested with these varying configurations within the
containers. However, the dummy development data from the mysql host is
always consistent. That is basically the only thing that does not change. I
know I could easily copy this data over to the containers and then apply
the required permissions that way, but I prefer to implement a "shared"
drive/dir instead. Of course, like I said before, only one database server
will be running at any given time on the data-dir
On Mon, Jul 9, 2018 at 5:35 PM, David Favor <david at davidfavor.com> wrote:
> Tony P wrote:
>
>> What's the correct way to share the mysql/mariadb data dir of the host
>> system to a container and map the permissions correctly? I have been
>> struggling with this for a couple of days. I'm sorry if this question has
>> been asked before, but I have searched thoroughly and not been able to find
>> the solution yet. Basically what I have done so far:
>>
>> Install mariadb-server on both host and container and:
>>
>> $ printf "lxd:$(id -u mysql):1\nroot:$(id -u mysql):1\n" | sudo tee -a
>> /etc/subuid
>> $ printf "lxd:$(id -g mysql):1\nroot:$(id -g mysql):1\n" | sudo tee -a
>> /etc/subgid
>> $ sudo systemctl restart lxd
>> $ printf "uid $(id -u mysql) 1000\ngid $(id -g mysql) 1000" | lxc config
>> set $CONTAINER_NAME raw.idmap -
>> $ lxc restart $CONTAINER_NAME
>> $ sudo lxc config device add $CONTAINER_NAME mysql disk
>> source=/var/lib/mysql path=/var/lib/mysql
>> Unfortunately, this breaks the container and prevents it from starting
>> since the mapping isn't allowed.
>>
>> $ sudo lxc info --show-log ub1804x64-3
>>
>> Name: ub1804x64-3
>> Remote: unix://
>> Architecture: x86_64
>> Created: 2018/07/09 15:30 UTC
>> Status: Stopped
>> Type: persistent
>> Profiles: default
>>
>> Log:
>>
>> lxc ub1804x64-3 20180709154554.682 ERROR lxc_conf -
>> conf.c:lxc_map_ids:2919 - newuidmap failed to write mapping "newuidmap: uid
>> range [1000-1001) -> [114-115) not allowed": newuidmap 6725 0 100000 1000
>> 1000 114 1 1001 101001 64535
>> lxc ub1804x64-3 20180709154554.682 ERROR lxc_start -
>> start.c:lxc_spawn:1661 - Failed to set up id mapping.
>> lxc ub1804x64-3 20180709154554.755 WARN lxc_network -
>> network.c:lxc_delete_network_priv:2607 - Failed to remove interface
>> "veth38DOB9" from "lxdbr0": Invalid argument
>> lxc ub1804x64-3 20180709154554.755 ERROR lxc_container -
>> lxccontainer.c:wait_on_daemonized_start:834 - Received container state
>> "ABORTING" instead of "RUNNING"
>> lxc ub1804x64-3 20180709154554.756 ERROR lxc_start -
>> start.c:__lxc_start:1887 - Failed to spawn container "ub1804x64-3"
>> lxc 20180709154554.775 WARN lxc_commands -
>> commands.c:lxc_cmd_rsp_recv:130 - Connection reset by peer - Failed to
>> receive response for command "get_state"
>> I'm basically following this article (https://stgraber.org/2017/06/
>> 15/custom-user-mappings-in-lxd-containers/) written by Stéphane Graber
>> (the super awesome primary LXD developer) to achieve this. I'll admit that
>> I don't fully understand what's going on here, if someone could help me
>> understand my mistake a bit better, I'd really appreciate it. I have a
>> feeling I have the range wrong (1000?). I previously attempted doing the
>> same by manually adding the mysql user/group and trying to map those
>> (instead of installing mysql), but that also didn't work out (Same error).
>> This is what I tried before trying the mapping):
>>
>> $ sudo groupadd mysql
>> $ sudo useradd -r -g mysql mysql
>>
>> I also tried with: $ printf "both $(id -u mysql) $(id -u mysql)" | lxc
>> config set $CONTAINER_NAME raw.idmap -
>>
>> Then the error I get is:
>>
>> $ sudo lxc info --show-log tmp3
>>
>> Name: tmp3
>> Remote: unix://
>> Architecture: x86_64
>> Created: 2018/07/09 20:32 UTC
>> Status: Stopped
>> Type: persistent
>> Profiles: default
>>
>> Log:
>>
>> lxc tmp3 20180709204423.805 ERROR lxc_conf - conf.c:lxc_map_ids:2919 -
>> newgidmap failed to write mapping "newgidmap: gid range [114-115) ->
>> [114-115) not allowed": newgidmap 30081 114 114 1 0 100000 114 115 100115
>> 65421
>> lxc tmp3 20180709204423.805 ERROR lxc_start - start.c:lxc_spawn:1661 -
>> Failed to set up id mapping.
>> lxc tmp3 20180709204423.876 WARN lxc_network -
>> network.c:lxc_delete_network_priv:2607 - Failed to remove interface
>> "vethYL869L" from "lxdbr0": Invalid argument
>> lxc tmp3 20180709204423.876 ERROR lxc_container -
>> lxccontainer.c:wait_on_daemonized_start:834 - Received container state
>> "ABORTING" instead of "RUNNING"
>> lxc tmp3 20180709204423.877 ERROR lxc_start - start.c:__lxc_start:1887
>> - Failed to spawn container "tmp3"
>> lxc 20180709204423.897 WARN lxc_commands -
>> commands.c:lxc_cmd_rsp_recv:130 - Connection reset by peer - Failed to
>> receive response for command "get_state"
>>
>>
>> I'm using LXD 3.0.1 running on host Ubuntu 18.04 amd64 and testing with a
>> Ubuntu 18.04 amd64 container
>>
>> Thanks for your help in advance!!
>>
>
> Things to keep in mind.
>
> 1) If you end up with a machine level instance of MariaDB running along
> with a container level instance of MariaDB running with a shared
> /var/lib/mysql, then all your data will be corrupt.
>
> Likely best to have a machine level database directory named
> something different than /var/lib/mysql, in case you ever accidentally
> install a machine level version of mariadb-server packages.
>
> 2) Unsure what you're attempting to accomplish modifying idmaps +
> restarting
> LXD. Maybe you're attempting to defeat container security.
>
> A better way to do this is...
>
> lxc config set cname security.privileged true
> lxc restart cname
>
> 3) All this said, likely be useful for you to describe your target
> objective.
>
> Likely knowing this, someone has already accomplished what you're trying
> to accomplish + will have some good suggestions.
>
> 4) Keep in mind, depending on how you finalize all this, container
> remote move + copy operations may fail to clone your database data.
>
> Even if you do end up with a /var/lib/mysql in your newly created
> remote container, you'll likely loose your machine/container
> filesystem mapping.
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180709/40010a1a/attachment-0001.html>
More information about the lxc-users
mailing list