meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
vm:proxmox:lxc [2020/05/02 21:21] niziakvm:proxmox:lxc [2021/01/29 07:30] niziak
Line 1: Line 1:
 ====== LXC ====== ====== LXC ======
  
-===== docker inside unprivileged LXC ===== +===== update CT templates =====
- +
-Docker is recommended to be used inside VM. +
- +
-From documentation: [[https://pve.proxmox.com/wiki/Linux_Container#pct_configuration]] +
- +
-  * edit LXC container config +
-<file | /etc/pve/local/lxc/contained_id.conf> +
-features:  keyctl=1,nesting=1 +
-</file> +
-  * stop/start LXC container +
-  * <code bash>docker run hello-world</code> +
- +
-==== issue ==== +
-=== VFS FS is used by docker. === +
- +
- +
-  The vfs backend is a very simple fallback that has no copy-on-write support. Each layer is just a separate directory. Creating a new layer based on another layer is done by making a deep copy of the base layer into a new directory. +
-  Since this backend doesn’t share diskspace use between layers, and since creating a new layer is a slow operation this is not a very practical backend. However, it still has its uses, for instance to verify other backends against, or if you need a super robust (if slow) backend that works everywhere. +
-  +
 <code bash> <code bash>
-docker info +# pveam - Proxmox VE Appliance Manager 
-... +pveam update
- Server Version: 19.03.8 +
- Storage Driver: vfs +
-...+
 </code> </code>
  
-When restarted in privileged container: 
-NOTE: restarting in privileged container do mess with user permission. Make backup/clone before. 
- 
-<code bash> 
-docker info 
-... 
- Storage Driver: aufs 
-  Root Dir: /var/lib/docker/aufs 
-  Backing Filesystem: zfs 
-  Dirs: 0 
-  Dirperm1 Supported: true 
-... 
-</code> 
- 
-Solution: 
-<code bash> 
-cp /etc/apparmor.d/lxc/lxc-default-with-nesting /etc/apparmor.d/lxc/lxc-default-with-nesting-docker 
-</code> 
- 
-Edit new file and update ''profile'' name and add some mount permissions: 
- 
-<file|/etc/apparmor.d/lxc/lxc-default-with-nesting-docker> 
-# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which 
-# will source all profiles under /etc/apparmor.d/lxc 
- 
-profile lxc-container-default-with-nesting-docker flags=(attach_disconnected,mediate_deleted) { 
-  #include <abstractions/lxc/container-base> 
-  #include <abstractions/lxc/start-container> 
  
-  deny /dev/.lxc/proc/** rw, +===== Shrink container disc =====
-  deny /dev/.lxc/sys/** rw, +
-  mount fstype=proc -> /var/cache/lxc/**, +
-  mount fstype=sysfs -> /var/cache/lxc/**, +
-  mount options=(rw,bind), +
-  mount fstype=cgroup -> /sys/fs/cgroup/**, +
-  mount fstype=cgroup2 -> /sys/fs/cgroup/**, +
-  mount fstype=aufs, +
-  mount fstype=overlay, +
-+
-</file>+
  
-<code bash>systemctl reload apparmor</code>+It is not supported. Command <code bash>pct resize <VMID> rootfs <newsize></code> cannot be used.
  
-Edit ''/etc/pve/lxc/${container_id}.conf'' and append this line: +Workaround 1: 
-<file | /etc/pve/lxc/${container_id}.conf> +  * Stop container 
-lxc.apparmor.profile: lxc-container-default-with-nesting-docker +  * Edit ''<vmid>conf'' and set new disk size 
-</file>+  * Perform backup 
 +  * Restore LXC from backup
  
 +Workaround 2:
 +  * Change ZFS volume size <code bash>zfs set refquota=8G rpool/data/subvol-810-disk-0</code>
 +  * Adjust LXC config:
 +    * Edit ''<vmid>conf'' and set new disk size, **OR**
 +    * ''pct rescan''