meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vm:proxmox:lxc [2020/05/02 21:00] niziakvm:proxmox:lxc [2021/02/22 08:18] (current) niziak
Line 1: Line 1:
 ====== LXC ====== ====== LXC ======
  
-===== docker inside unprivileged LXC =====+===== rename CT ===== 
 +<code bash>pct set <VMID> --hostname <newname></code>
  
-Docker is recommended to be used inside VM. +===== update CT templates =====
- +
-From documentation: [[https://pve.proxmox.com/wiki/Linux_Container#pct_configuration]] +
- +
-  * edit LXC container config +
-<file | /etc/pve/local/lxc/<contained_id>.conf> +
-features:  keyctl=1,nesting=+
-</file> +
-  * stop/start LXC container +
-  * <code bash>docker run hello-world</code> +
- +
-==== issue ==== +
-=== VFS FS is used by docker. === +
- +
- +
-  The vfs backend is a very simple fallback that has no copy-on-write support. Each layer is just a separate directory. Creating a new layer based on another layer is done by making a deep copy of the base layer into a new directory. +
-  Since this backend doesn’t share diskspace use between layers, and since creating a new layer is a slow operation this is not a very practical backend. However, it still has its uses, for instance to verify other backends against, or if you need a super robust (if slow) backend that works everywhere. +
-  +
 <code bash> <code bash>
-docker info +# pveam - Proxmox VE Appliance Manager 
-... +pveam update
- Server Version: 19.03.8 +
- Storage Driver: vfs +
-...+
 </code> </code>
  
-When restarted in privileged container: 
-NOTE: restarting in privileged container do mess with user permission. Make backup/clone before. 
  
-<code bash> +===== Shrink container disc =====
-docker info +
-... +
- Storage Driver: aufs +
-  Root Dir: /var/lib/docker/aufs +
-  Backing Filesystem: zfs +
-  Dirs: 0 +
-  Dirperm1 Supported: true +
-... +
-</code> +
- +
-Solution: +
-<code bash> +
-cp /etc/apparmor.d/lxc/lxc-default-with-nesting /etc/apparmor.d/lxc/lxc-default-with-nesting-docker +
-</code> +
- +
-Edit new file and update ''profile'' name and add some mount permissions: +
- +
-<file|/etc/apparmor.d/lxc/lxc-default-with-nesting-docker> +
-# Do not load this file.  Rather, load /etc/apparmor.d/lxc-containers, which +
-# will source all profiles under /etc/apparmor.d/lxc +
- +
-profile lxc-container-default-with-nesting-docker flags=(attach_disconnected,mediate_deleted) { +
-  #include <abstractions/lxc/container-base> +
-  #include <abstractions/lxc/start-container> +
- +
-  deny /dev/.lxc/proc/** rw, +
-  deny /dev/.lxc/sys/** rw, +
-  mount fstype=proc -> /var/cache/lxc/**, +
-  mount fstype=sysfs -> /var/cache/lxc/**, +
-  mount options=(rw,bind), +
-  mount fstype=cgroup -> /sys/fs/cgroup/**, +
-  mount fstype=cgroup2 -> /sys/fs/cgroup/**, +
-  mount fstype=aufs, +
-  mount fstype=overlay, +
-+
-</code>+
  
-<code bash>systemctl reload apparmor</code>+It is not supported. Command <code bash>pct resize <VMID> rootfs <newsize></code> cannot be used.
  
-Edit ''/etc/pve/lxc/${container_id}.conf'' and append this line: +Workaround 1: 
-<file | /etc/pve/lxc/${container_id}.conf > +  * Stop container 
-lxc.apparmor.profile: lxc-container-default-with-nesting-docker +  * Edit ''<vmid>conf'' and set new disk size 
-<file>+  * Perform backup 
 +  * Restore LXC from backup
  
 +Workaround 2:
 +  * Change ZFS volume size <code bash>zfs set refquota=8G rpool/data/subvol-810-disk-0</code>
 +  * Adjust LXC config:
 +    * Edit ''<vmid>conf'' and set new disk size, **OR**
 +    * ''pct rescan''