LXC support for openmediavault-kvm plugin

    • Offizieller Beitrag

    I have added support for LXC in the kvm plugin. 6.2 is in the testing repo. The plugin makes it very easy to download and use lxc images from linuxcontainers.org (owned by Canonical). The LXC stuff should be considered beta. Let me know how it is working. And no, you cannot install OMV in a Debian LXC.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • ryecoaaron

    Hat den Titel des Themas von „LXC support for openmediavault-lxc plugin“ zu „LXC support for openmediavault-kvm plugin“ geändert.

  • Did I guess wrong about what should go in the "path" field? I just used an existing active KVM pool which is on the path /Opool/kvm_storage and selected a debian image from the drop down list. Is the package "libvirt-daemon-driver-lxc" required?

    2 Mal editiert, zuletzt von Krisbee () aus folgendem Grund: incomplete

    • Offizieller Beitrag

    Did I guess wrong about what should go in the "path" field? I just used an existing active KVM pool which is on the path /Opool/kvm_storage and selected a debian image from the drop down list.

    The path should be an empty folder (not a KVM pool - hence why I didn't put a kvm pool dropdown there). It is supposed to error if the path is not empty. I will have to check the error checking again.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I figured that out after a reboot to avoid socket errors and got a "directory not empty" message, which is good. System appeared to be downloading chosen template but then threw this passwd error:




    P.S. I assumed the "path" ( an empty directory ) could be anywhere on any mount. Is that correct?

    • Offizieller Beitrag

    Is the package "libvirt-daemon-driver-lxc" required?

    Yep. Forgot to add it. Added now but I will wait to upload new package until a couple more things are fixed. https://github.com/OpenMediaVa…2978d843cb719112afed0c27c


    Can you post the output of: tail /var/log/omv-virsh-command.log

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    System appeared to be downloading chosen template but then threw this passwd error:

    The download should be done. It failed trying to set a password (which is not set in the template) for root.

    I assumed the "path" ( an empty directory ) could be anywhere on any mount. Is that correct?

    Should be able to use any path. I'm sure someone will use a remotemount using smb and I almost guarantee that won't work.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    then threw this passwd error:

    You need the whois package installed for the mkpasswd binary.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Thanks for replies. Brain in slow gear, lxc creation on proxmox needs a password, so why would this be different. Yes, I can confirm the template filesystem was downloaded to the empty directory OK.



    My last attempt after changing dir from zfs to ext4 - tail /var/log/omv-virsh-command.log :



    Code
    [2022-11-09 17:42:37] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virt-install --connect lxc:/// --container --memory 1024 --metadata description="lxc test" --name lxctest --network network=default,model=virtio,mac=RANDOM --vcpus 2,sockets=1,cores=2,threads=1 --filesystem /srv/dev-disk-by-uuid-b5795028-3379-4851-8b9d-94683ab9ab50/lxcdir,/ --graphics vnc,listen=0.0.0.0 --print-xml  > /tmp/lxctest.xml 2>&1
    [2022-11-09 17:42:37] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; wget -qO- https://images.linuxcontainers.org/images/debian/bullseye/amd64/default/20221109_05:27/rootfs.tar.xz | tar xJ -C /srv/dev-disk-by-uuid-b5795028-3379-4851-8b9d-94683ab9ab50/lxcdir
    • Offizieller Beitrag

    lxc creation on proxmox needs a password, so why would this be different

    I guess I could allow the user to set the password. It is just defaulting to openmediavault now.


    My last attempt after changing dir from zfs to ext4

    After you install whois, does it work?

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Ok, back from a meal break. After installing whois package the lxc is created correctedly using previous path were tmeplate fs was downloaded. It is objecting or not finding video model. Lxc cannot start, error in finding /usr/lib/libvirt/libvirt_lxc.



    Code
    [2022-11-09 19:11:29] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virt-install --connect lxc:/// --container --memory 1024 --metadata description="" --name lxctest --network network=default,model=virtio,mac=RANDOM --vcpus 2,sockets=1,cores=2,threads=1 --filesystem /srv/dev-disk-by-uuid-b5795028-3379-4851-8b9d-94683ab9ab50/lxcdir,/ --graphics vnc,listen=0.0.0.0 --print-xml  > /tmp/lxctest.xml 2>&1
    [2022-11-09 19:11:29] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virsh --connect lxc:/// define --file /tmp/lxctest.xml 2>&1
    [2022-11-09 19:11:29] Failed to create VM.
    error: Failed to define domain from /tmp/lxctest.xml
    error: internal error: missing video model and cannot determine default
    virsh --connect lxc:/// define --file /tmp/lxctest.xml
    [2022-11-09 19:11:40] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virt-install --connect lxc:/// --container --memory 1024 --metadata description="" --name lxctest --network network=default,model=virtio,mac=RANDOM --vcpus 2,sockets=1,cores=2,threads=1 --filesystem /srv/dev-disk-by-uuid-b5795028-3379-4851-8b9d-94683ab9ab50/lxcdir,/ --print-xml  > /tmp/lxctest.xml 2>&1
    [2022-11-09 19:11:41] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virsh --connect lxc:/// define --file /tmp/lxctest.xml 2>&1
    [2022-11-09 19:12:36] export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; export LANGUAGE=; virsh net-autostart --network default  2>&1
    • Offizieller Beitrag

    It is objecting or not finding video model

    I assume you checked the vnc and/or spice checkboxes? I forgot to hide those until I can find something that works.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Yes, I did check VNC first time fiddling around, but obviously that doesn't make sense for lxc. They are hidden unless on the from you click show advanced options, but I guess you mean totally hidden. But is the lack on a usable console resulting in the error abt finding /usr/lib/libvirt/libvirt_lxc?


    Anyway, it can wait to another day as it's evening here in the UK and time to relax.

    • Offizieller Beitrag

    But is the lack on a usable console resulting in the error abt finding /usr/lib/libvirt/libvirt_lxc?

    No. I have created containers with the plugin and can see the console just fine in virt-manager. I am trying to find a way to do that with a web viewer of some kind. There aren't many docs for that for libvirt. virt-manager is most likely doing that with x-forwarding or something. I will have to keep looking. I will upload a new version of the plugin before I am done for the night (6 hours behind you).

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    6.2.1 is in the repo. I removed vnc and spice from lxc. I doesn't look like I can add anything to the container to add graphics. There are web lxc services out there but doesn't look like any are in the debian repo. I will see if they are easy to implement or available in docker.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    Ok, I don't think it is worth adding something to get a web interface for LXC. It is easy enough to the use the wetty plugin, login, and do:


    long form

    sudo virsh --connect lxc:///system console CONTAINER_NAME


    short form

    sudo virsh -c lxc:/// console CONTAINER_NAME

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Success, but looking at /etc/passwd in the container rootfs shows the root account is locked. Hacking /etc/shadow doesn't seem the right thing to be doing in order to login to the container. Not sure I have a use case for lxc unless some kind of bind mount to host dir/files is avail. What kind of uses did you have in mind for lxc containers? Anyway, this picture says it all.


    • Offizieller Beitrag

    Success, but looking at /etc/passwd in the container rootfs shows the root account is locked. Hacking /etc/shadow doesn't seem the right thing to be doing in order to login to the container.

    Setting a password hash in /etc/shadow isn't really hacking. What do you think passwd does? I have created 30+ containers (debian, ubuntu, arch, gentoo) and never had the root account locked. I will test on a different system. I assume you are using "openmediavault" for the password?

    Not sure I have a use case for lxc unless some kind of bind mount to host dir/files is avail.

    Did you try adding a passthrough filesystem? Mounting filesystems from the host is definitely a use case I envisioned. The root filesystem for lxc is doing exactly that on provisioning.

    What kind of uses did you have in mind for lxc containers?

    Anything you want in a container that needs more than a single process like Docker is supposed to be. Or just something just a like a VM that boots much faster and doesn't have a virtualization overhead. I can think of many things.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Offizieller Beitrag

    I need to remember how.

    The plugin can do this.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • ryecoaaron Of course it does, you're excellent plugin makes it all a breeze. So, many thanks for this new LXC functionality. Really simple to get my favourite music player - logitechmediaserver - running on in a debian LXC in a matter of mins as an alternative to having docker et al on the OMV6 system. I'm just getting my head round having a LXC rootfs running from a zfs dataset in OMV6 in this way.


    The little I know about libvrt LXC is what I've managed to digest so far on this page: https://libvirt.org/drvlxc.html


    Questions:


    1. What about security and host/container isolation ?

    2. Is id mapping down to the user and editing the LXC xml?

    3. Can passthrough filesystems be read-only?

    4. Any tips on pre-preparing templates ?

    5. Is backup of LXC only to done outside of the KVM plugin?

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!