{"id":875,"date":"2019-01-21T08:39:05","date_gmt":"2019-01-21T08:39:05","guid":{"rendered":"https:\/\/edulab.unitn.it\/tecnici\/?p=875"},"modified":"2019-01-21T08:39:05","modified_gmt":"2019-01-21T08:39:05","slug":"installing-nfs-inside-lxc-container-on-proxmox-5-1","status":"publish","type":"post","link":"https:\/\/edulab.unitn.it\/tecnici\/installing-nfs-inside-lxc-container-on-proxmox-5-1\/","title":{"rendered":"Installing NFS inside LXC Container on Proxmox 5.1"},"content":{"rendered":"\n

Fonte: https:\/\/gist.github.com\/rwenz3l\/0907385f6a6690c34eb8e36fa73d8405<\/a><\/p><\/blockquote><\/figure>\n\n\n\n

<\/a>Host Setup:<\/h3>\n\n\n\n

Create LXC Container as usual, but do not start it yet.<\/p>\n\n\n\n

# Install NFS-Kernel on Host\napt install nfs-kernel-server\n\n# Create a new AppArmor file: \ntouch \/etc\/apparmor.d\/lxc\/lxc-default-with-nfsd\n\n# Write Profile:\ncat > \/etc\/apparmor.d\/lxc\/lxc-default-with-nfsd << 'EOF'\n# Do not load this file.  Rather, load \/etc\/apparmor.d\/lxc-containers, which\n# will source all profiles under \/etc\/apparmor.d\/lxc\n\nprofile lxc-container-default-with-nfsd flags=(attach_disconnected,mediate_deleted) {\n  #include <abstractions\/lxc\/container-base>\n\n  # the container may never be allowed to mount devpts.  If it does, it\n  # will remount the host's devpts.  We could allow it to do it with\n  # the newinstance option (but, right now, we don't).\n  deny mount fstype=devpts,\n  mount fstype=nfsd,\n  mount fstype=rpc_pipefs,\n  mount fstype=cgroup -> \/sys\/fs\/cgroup\/**,\n}\nEOF\n\n# Activate the new Profile:\napparmor_parser -r \/etc\/apparmor.d\/lxc-containers\n\n# Add Profile to Container:\n# (in this case: id = 200)\necho 'lxc.apparmor.profile = lxc-container-default-with-nfsd' \\\n  >> \/etc\/pve\/nodes\/sniebel\/lxc\/200.conf\n\n# As well as to it's config:\necho 'lxc.apparmor.profile = lxc-container-default-with-nfsd' \\\n  >> \/var\/lib\/lxc\/200\/config\n  \n# Also add your mountpoint to the container:\n# If you have a cluster setup:\necho 'mp0: \/mnt\/host_storage,mp=\/mnt\/container_storage' \\\n  >> \/etc\/pve\/nodes\/cluster_node\/lxc\/200.conf\n\n# If you have a single node setup:\necho 'mp0: \/mnt\/host_storage,mp=\/mnt\/container_storage' \\\n  >> \/etc\/pve\/lxc\/200.conf\n\n# Finall start the container:\nlxc-start -n 200<\/pre>\n\n\n\n
<\/a>Container Setup:<\/h2>\n\n\n\n
ssh into the container or do a simple lxc-attach -n 200<\/code> on your host (where 200 is the id).<\/p>\n\n\n\n
# Install nfs\napt update\napt install nfs-kernel-server\n\n# Edit Exports\nnano \/etc\/exports\n\n# or append like so (example):\necho '\/mnt\/container_storage 192.168.0.0\/16(rw,async,insecure,no_subtree_check,all_squash,anonuid=501,anongid=100,fsid=1)' \\\n  >> \/etc\/exports\n\n# disconnect from the container\n\n# Restart it:\n<\/code><\/pre>\n\n\n\n
<\/a>Host again:<\/h2>\n\n\n\n
Back on the Host restart the container:<\/p>\n\n\n\n
lxc-stop -n 200\nlxc-start -n 200<\/pre>\n\n\n\n
Because the nfs-kernel is on the host, the container cannot access it’s status. service nfsd status<\/code> therefore shows as ‘not running’ inside the container. .. this seems to be normal (?)<\/p>\n\n\n\n
\n\n\n\n
Further useful commands:<\/p>\n\n\n\n
nfsstat # list NFS statistics<\/pre>\n","protected":false},"excerpt":{"rendered":"
Fonte: https:\/\/gist.github.com\/rwenz3l\/0907385f6a6690c34eb8e36fa73d8405 Host Setup: Create LXC Container as usual, but do not start it yet. # Install NFS-Kernel on Host apt install nfs-kernel-server # Create a new AppArmor file: touch […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,9,13],"tags":[],"class_list":["post-875","post","type-post","status-publish","format-standard","hentry","category-how-to","category-linux","category-software"],"_links":{"self":[{"href":"https:\/\/edulab.unitn.it\/tecnici\/wp-json\/wp\/v2\/posts\/875","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/edulab.unitn.it\/tecnici\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/edulab.unitn.it\/tecnici\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/edulab.unitn.it\/tecnici\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/edulab.unitn.it\/tecnici\/wp-json\/wp\/v2\/comments?post=875"}],"version-history":[{"count":1,"href":"https:\/\/edulab.unitn.it\/tecnici\/wp-json\/wp\/v2\/posts\/875\/revisions"}],"predecessor-version":[{"id":876,"href":"https:\/\/edulab.unitn.it\/tecnici\/wp-json\/wp\/v2\/posts\/875\/revisions\/876"}],"wp:attachment":[{"href":"https:\/\/edulab.unitn.it\/tecnici\/wp-json\/wp\/v2\/media?parent=875"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/edulab.unitn.it\/tecnici\/wp-json\/wp\/v2\/categories?post=875"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/edulab.unitn.it\/tecnici\/wp-json\/wp\/v2\/tags?post=875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}