I have added support for LXC in the kvm plugin. 6.2 is in the testing repo. The plugin makes it very easy to download and use lxc images from linuxcontainers.org (owned by Canonical). The LXC stuff should be considered beta. Let me know how it is working. And no, you cannot install OMV in a Debian LXC.
LXC support for openmediavault-kvm plugin
-
-
ryecoaaron
Hat den Titel des Themas von „LXC support for openmediavault-lxc plugin“ zu „LXC support for openmediavault-kvm plugin“ geändert. -
Code
Alles anzeigenFailed to create VM XML. virt-install --connect lxc:/// --container --memory 1024 --metadata description="lxc test" --name lxctest --network network=default,model=virtio,mac=RANDOM --vcpus 1,sockets=1,cores=1,threads=1 --filesystem /Opool/kvm_storage/,/ --graphics vnc,listen=0.0.0.0 --print-xml > /tmp/lxctest.xml OMV\Exception: Failed to create VM XML. virt-install --connect lxc:/// --container --memory 1024 --metadata description="lxc test" --name lxctest --network network=default,model=virtio,mac=RANDOM --vcpus 1,sockets=1,cores=1,threads=1 --filesystem /Opool/kvm_storage/,/ --graphics vnc,listen=0.0.0.0 --print-xml > /tmp/lxctest.xml in /usr/share/openmediavault/engined/rpc/kvm.inc:2772 Stack trace: #0 /usr/share/openmediavault/engined/rpc/kvm.inc(1175): OMVRpcServiceKvm->virshCommand(Array, 'Failed to creat...', 'virt-install') #1 [internal function]: OMVRpcServiceKvm->setVm(Array, Array) #2 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array) #3 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('setVm', Array, Array) #4 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('Kvm', 'setVm', Array, Array, 1) #5 {main}
Did I guess wrong about what should go in the "path" field? I just used an existing active KVM pool which is on the path /Opool/kvm_storage and selected a debian image from the drop down list. Is the package "libvirt-daemon-driver-lxc" required?
-
Did I guess wrong about what should go in the "path" field? I just used an existing active KVM pool which is on the path /Opool/kvm_storage and selected a debian image from the drop down list.
The path should be an empty folder (not a KVM pool - hence why I didn't put a kvm pool dropdown there). It is supposed to error if the path is not empty. I will have to check the error checking again.
-
I figured that out after a reboot to avoid socket errors and got a "directory not empty" message, which is good. System appeared to be downloading chosen template but then threw this passwd error:
Code
Alles anzeigenFailed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; mkpasswd openmediavault' with exit code '127': OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; mkpasswd openmediavault' with exit code '127': in /usr/share/php/openmediavault/system/process.inc:217 Stack trace: #0 /usr/share/openmediavault/engined/rpc/kvm.inc(2889): OMV\System\Process->execute(Array, 127) #1 /usr/share/openmediavault/engined/rpc/kvm.inc(1182): OMVRpcServiceKvm->resetLxcPassword('/Opool/lxc/') #2 [internal function]: OMVRpcServiceKvm->setVm(Array, Array) #3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array) #4 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('setVm', Array, Array) #5 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('Kvm', 'setVm', Array, Array, 1) #6 {main}
P.S. I assumed the "path" ( an empty directory ) could be anywhere on any mount. Is that correct?
-
Is the package "libvirt-daemon-driver-lxc" required?
Yep. Forgot to add it. Added now but I will wait to upload new package until a couple more things are fixed. https://github.com/OpenMediaVa…2978d843cb719112afed0c27c
Can you post the output of: tail /var/log/omv-virsh-command.log
-
System appeared to be downloading chosen template but then threw this passwd error:
The download should be done. It failed trying to set a password (which is not set in the template) for root.
I assumed the "path" ( an empty directory ) could be anywhere on any mount. Is that correct?
Should be able to use any path. I'm sure someone will use a remotemount using smb and I almost guarantee that won't work.
-
then threw this passwd error:
You need the whois package installed for the mkpasswd binary.
-
Thanks for replies. Brain in slow gear, lxc creation on proxmox needs a password, so why would this be different. Yes, I can confirm the template filesystem was downloaded to the empty directory OK.
My last attempt after changing dir from zfs to ext4 - tail /var/log/omv-virsh-command.log :
Code[2022-11-09 17:42:37] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virt-install --connect lxc:/// --container --memory 1024 --metadata description="lxc test" --name lxctest --network network=default,model=virtio,mac=RANDOM --vcpus 2,sockets=1,cores=2,threads=1 --filesystem /srv/dev-disk-by-uuid-b5795028-3379-4851-8b9d-94683ab9ab50/lxcdir,/ --graphics vnc,listen=0.0.0.0 --print-xml > /tmp/lxctest.xml 2>&1 [2022-11-09 17:42:37] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; wget -qO- https://images.linuxcontainers.org/images/debian/bullseye/amd64/default/20221109_05:27/rootfs.tar.xz | tar xJ -C /srv/dev-disk-by-uuid-b5795028-3379-4851-8b9d-94683ab9ab50/lxcdir
-
lxc creation on proxmox needs a password, so why would this be different
I guess I could allow the user to set the password. It is just defaulting to openmediavault now.
My last attempt after changing dir from zfs to ext4
After you install whois, does it work?
-
Ok, back from a meal break. After installing whois package the lxc is created correctedly using previous path were tmeplate fs was downloaded. It is objecting or not finding video model. Lxc cannot start, error in finding /usr/lib/libvirt/libvirt_lxc.
Code
Alles anzeigenUnable to - poweroninternal error: guest failed to start: libvirt: error : cannot execute binary /usr/lib/libvirt/libvirt_lxc: No such file or directory OMV\Exception: Unable to - poweroninternal error: guest failed to start: libvirt: error : cannot execute binary /usr/lib/libvirt/libvirt_lxc: No such file or directory in /usr/share/openmediavault/engined/rpc/kvm.inc:2173 Stack trace: #0 [internal function]: OMVRpcServiceKvm->doCommand(Array, Array) #1 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array) #2 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('doCommand', Array, Array) #3 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('Kvm', 'doCommand', Array, Array, 1) #4 {main}
Code[2022-11-09 19:11:29] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virt-install --connect lxc:/// --container --memory 1024 --metadata description="" --name lxctest --network network=default,model=virtio,mac=RANDOM --vcpus 2,sockets=1,cores=2,threads=1 --filesystem /srv/dev-disk-by-uuid-b5795028-3379-4851-8b9d-94683ab9ab50/lxcdir,/ --graphics vnc,listen=0.0.0.0 --print-xml > /tmp/lxctest.xml 2>&1 [2022-11-09 19:11:29] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virsh --connect lxc:/// define --file /tmp/lxctest.xml 2>&1 [2022-11-09 19:11:29] Failed to create VM. error: Failed to define domain from /tmp/lxctest.xml error: internal error: missing video model and cannot determine default virsh --connect lxc:/// define --file /tmp/lxctest.xml [2022-11-09 19:11:40] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virt-install --connect lxc:/// --container --memory 1024 --metadata description="" --name lxctest --network network=default,model=virtio,mac=RANDOM --vcpus 2,sockets=1,cores=2,threads=1 --filesystem /srv/dev-disk-by-uuid-b5795028-3379-4851-8b9d-94683ab9ab50/lxcdir,/ --print-xml > /tmp/lxctest.xml 2>&1 [2022-11-09 19:11:41] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virsh --connect lxc:/// define --file /tmp/lxctest.xml 2>&1 [2022-11-09 19:12:36] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virsh net-autostart --network default 2>&1
-
It is objecting or not finding video model
I assume you checked the vnc and/or spice checkboxes? I forgot to hide those until I can find something that works.
-
Yes, I did check VNC first time fiddling around, but obviously that doesn't make sense for lxc. They are hidden unless on the from you click show advanced options, but I guess you mean totally hidden. But is the lack on a usable console resulting in the error abt finding /usr/lib/libvirt/libvirt_lxc?
Anyway, it can wait to another day as it's evening here in the UK and time to relax.
-
But is the lack on a usable console resulting in the error abt finding /usr/lib/libvirt/libvirt_lxc?
No. I have created containers with the plugin and can see the console just fine in virt-manager. I am trying to find a way to do that with a web viewer of some kind. There aren't many docs for that for libvirt. virt-manager is most likely doing that with x-forwarding or something. I will have to keep looking. I will upload a new version of the plugin before I am done for the night (6 hours behind you).
-
6.2.1 is in the repo. I removed vnc and spice from lxc. I doesn't look like I can add anything to the container to add graphics. There are web lxc services out there but doesn't look like any are in the debian repo. I will see if they are easy to implement or available in docker.
-
Ok, I don't think it is worth adding something to get a web interface for LXC. It is easy enough to the use the wetty plugin, login, and do:
long form
sudo virsh --connect lxc:///system console CONTAINER_NAME
short form
sudo virsh -c lxc:/// console CONTAINER_NAME
-
Success, but looking at /etc/passwd in the container rootfs shows the root account is locked. Hacking /etc/shadow doesn't seem the right thing to be doing in order to login to the container. Not sure I have a use case for lxc unless some kind of bind mount to host dir/files is avail. What kind of uses did you have in mind for lxc containers? Anyway, this picture says it all.
-
Success, but looking at /etc/passwd in the container rootfs shows the root account is locked. Hacking /etc/shadow doesn't seem the right thing to be doing in order to login to the container.
Setting a password hash in /etc/shadow isn't really hacking. What do you think passwd does? I have created 30+ containers (debian, ubuntu, arch, gentoo) and never had the root account locked. I will test on a different system. I assume you are using "openmediavault" for the password?
Not sure I have a use case for lxc unless some kind of bind mount to host dir/files is avail.
Did you try adding a passthrough filesystem? Mounting filesystems from the host is definitely a use case I envisioned. The root filesystem for lxc is doing exactly that on provisioning.
What kind of uses did you have in mind for lxc containers?
Anything you want in a container that needs more than a single process like Docker is supposed to be. Or just something just a like a VM that boots much faster and doesn't have a virtualization overhead. I can think of many things.
-
I missed the fact that "openmediavault" is the password. Not tried passthrough filesystems yet, I need to remember how.
-
I need to remember how.
The plugin can do this.
-
ryecoaaron Of course it does, you're excellent plugin makes it all a breeze. So, many thanks for this new LXC functionality. Really simple to get my favourite music player - logitechmediaserver - running on in a debian LXC in a matter of mins as an alternative to having docker et al on the OMV6 system. I'm just getting my head round having a LXC rootfs running from a zfs dataset in OMV6 in this way.
The little I know about libvrt LXC is what I've managed to digest so far on this page: https://libvirt.org/drvlxc.html
Questions:
1. What about security and host/container isolation ?
2. Is id mapping down to the user and editing the LXC xml?
3. Can passthrough filesystems be read-only?
4. Any tips on pre-preparing templates ?
5. Is backup of LXC only to done outside of the KVM plugin?
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!