meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Last revisionBoth sides next revision
vm:proxmox:lxc [2020/05/02 20:52] – created niziakvm:proxmox:lxc [2021/01/29 07:30] niziak
Line 1: Line 1:
 ====== LXC ====== ====== LXC ======
  
-===== docker inside unprivileged LXC ===== +===== update CT templates =====
- +
-Docker is recommended to be used inside VM. +
- +
-From documentation: [[https://pve.proxmox.com/wiki/Linux_Container#pct_configuration]] +
- +
-  * edit LXC container config +
-<file | /etc/pve/local/lxc/<contained_id>.conf> +
-features:  keyctl=1,nesting=1 +
-</file> +
-  * stop/start LXC container +
-  * <code bash>docker run hello-world</code> +
- +
-==== issue ==== +
 <code bash> <code bash>
-docker info +# pveam - Proxmox VE Appliance Manager 
-... +pveam update
- Server Version: 19.03.8 +
- Storage Driver: vfs +
-...+
 </code> </code>
  
-When restarted in privileged container: 
-<code bash> 
-docker info 
-... 
- Storage Driver: aufs 
-  Root Dir: /var/lib/docker/aufs 
-  Backing Filesystem: zfs 
-  Dirs: 0 
-  Dirperm1 Supported: true 
-... 
-</code> 
  
-Solution: +===== Shrink container disc =====
-<code bash> +
-cp /etc/apparmor.d/lxc/lxc-default-with-nesting /etc/apparmor.d/lxc/lxc-default-with-nesting-docker +
-</code> +
- +
-Edit new file and update ''profile'' name and add some mount permissions: +
- +
-<file|/etc/apparmor.d/lxc/lxc-default-with-nesting-docker> +
-# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which +
-# will source all profiles under /etc/apparmor.d/lxc +
- +
-profile lxc-container-default-with-nesting-docker flags=(attach_disconnected,mediate_deleted) { +
-  #include <abstractions/lxc/container-base> +
-  #include <abstractions/lxc/start-container> +
- +
-  deny /dev/.lxc/proc/** rw, +
-  deny /dev/.lxc/sys/** rw, +
-  mount fstype=proc -> /var/cache/lxc/**, +
-  mount fstype=sysfs -> /var/cache/lxc/**, +
-  mount options=(rw,bind), +
-  mount fstype=cgroup -> /sys/fs/cgroup/**, +
-  mount fstype=cgroup2 -> /sys/fs/cgroup/**, +
-  mount fstype=aufs, +
-  mount fstype=overlay, +
-+
-</code>+
  
-<code bash>systemctl reload apparmor</code>+It is not supported. Command <code bash>pct resize <VMID> rootfs <newsize></code> cannot be used.
  
-Edit ''/etc/pve/lxc/${container_id}.conf'' and append this line: +Workaround 1: 
-<file | /etc/pve/lxc/${container_id}.conf > +  * Stop container 
-lxc.apparmor.profile: lxc-container-default-with-nesting-docker +  * Edit ''<vmid>conf'' and set new disk size 
-<file>+  * Perform backup 
 +  * Restore LXC from backup
  
 +Workaround 2:
 +  * Change ZFS volume size <code bash>zfs set refquota=8G rpool/data/subvol-810-disk-0</code>
 +  * Adjust LXC config:
 +    * Edit ''<vmid>conf'' and set new disk size, **OR**
 +    * ''pct rescan''