meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
vm:proxmox:lxc [2020/05/02 21:00] niziakvm:proxmox:lxc [2020/12/22 22:10] niziak
Line 1: Line 1:
 ====== LXC ====== ====== LXC ======
  
-===== docker inside unprivileged LXC ===== 
  
-Docker is recommended to be used inside VM.+===== Shrink container disc =====
  
-From documentation: [[https://pve.proxmox.com/wiki/Linux_Container#pct_configuration]]+It is not supported. Command <code bash>pct resize <VMID> rootfs <newsize></code> cannot be used.
  
-  * edit LXC container config +Workaround 1
-<file | /etc/pve/local/lxc/<contained_id>.conf> +  * Stop container 
-features keyctl=1,nesting=1 +  * Edit ''<vmid>conf'' and set new disk size 
-</file> +  * Perform backup 
-  * stop/start LXC container +  * Restore LXC from backup
-  * <code bash>docker run hello-world</code> +
- +
-==== issue ==== +
-=== VFS FS is used by docker. === +
- +
- +
-  The vfs backend is a very simple fallback that has no copy-on-write support. Each layer is just a separate directory. Creating a new layer based on another layer is done by making a deep copy of the base layer into a new directory. +
-  Since this backend doesn’t share diskspace use between layers, and since creating a new layer is a slow operation this is not a very practical backend. However, it still has its uses, for instance to verify other backends against, or if you need a super robust (if slow) backend that works everywhere. +
-   +
-<code bash> +
-docker info +
-... +
- Server Version: 19.03.8 +
- Storage Driver: vfs +
-... +
-</code> +
- +
-When restarted in privileged container: +
-NOTE: restarting in privileged container do mess with user permission. Make backup/clone before. +
- +
-<code bash> +
-docker info +
-... +
- Storage Driver: aufs +
-  Root Dir: /var/lib/docker/aufs +
-  Backing Filesystem: zfs +
-  Dirs: 0 +
-  Dirperm1 Supported: true +
-... +
-</code> +
- +
-Solution: +
-<code bash> +
-cp /etc/apparmor.d/lxc/lxc-default-with-nesting /etc/apparmor.d/lxc/lxc-default-with-nesting-docker +
-</code> +
- +
-Edit new file and update ''profile'' name and add some mount permissions: +
- +
-<file|/etc/apparmor.d/lxc/lxc-default-with-nesting-docker> +
-# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which +
-# will source all profiles under /etc/apparmor.d/lxc +
- +
-profile lxc-container-default-with-nesting-docker flags=(attach_disconnected,mediate_deleted) { +
-  #include <abstractions/lxc/container-base> +
-  #include <abstractions/lxc/start-container> +
- +
-  deny /dev/.lxc/proc/** rw, +
-  deny /dev/.lxc/sys/** rw, +
-  mount fstype=proc -> /var/cache/lxc/**, +
-  mount fstype=sysfs -> /var/cache/lxc/**, +
-  mount options=(rw,bind), +
-  mount fstype=cgroup -> /sys/fs/cgroup/**, +
-  mount fstype=cgroup2 -> /sys/fs/cgroup/**, +
-  mount fstype=aufs, +
-  mount fstype=overlay, +
-+
-</code> +
- +
-<code bash>systemctl reload apparmor</code> +
- +
-Edit ''/etc/pve/lxc/${container_id}.conf'' and append this line: +
-<file | /etc/pve/lxc/${container_id}.conf > +
-lxc.apparmor.profile: lxc-container-default-with-nesting-docker +
-<file>+
  
 +Workaround 2:
 +  * Change ZFS volume size <code bash>zfs set refquota=8G rpool/data/subvol-810-disk-0</code>
 +  * Adjust LXC config:
 +    * Edit ''<vmid>conf'' and set new disk size, **OR**
 +    * ''pct rescan''