Tony P wrote:
What's the correct way to share the mysql/mariadb data dir of the host
system to a container and map the permissions correctly? I have been
struggling with this for a couple of days. I'm sorry if this question
has been asked before, but I have searched thoroughly and not been able
to find the solution yet. Basically what I have done so far:
Install mariadb-server on both host and container and:
$ printf "lxd:$(id -u mysql):1\nroot:$(id -u mysql):1\n" | sudo tee -a
/etc/subuid
$ printf "lxd:$(id -g mysql):1\nroot:$(id -g mysql):1\n" | sudo tee -a
/etc/subgid
$ sudo systemctl restart lxd
$ printf "uid $(id -u mysql) 1000\ngid $(id -g mysql) 1000" | lxc config
set $CONTAINER_NAME raw.idmap -
$ lxc restart $CONTAINER_NAME
$ sudo lxc config device add $CONTAINER_NAME mysql disk
source=/var/lib/mysql path=/var/lib/mysql
Unfortunately, this breaks the container and prevents it from starting
since the mapping isn't allowed.
$ sudo lxc info --show-log ub1804x64-3
Name: ub1804x64-3
Remote: unix://
Architecture: x86_64
Created: 2018/07/09 15:30 UTC
Status: Stopped
Type: persistent
Profiles: default
Log:
lxc ub1804x64-3 20180709154554.682 ERROR lxc_conf -
conf.c:lxc_map_ids:2919 - newuidmap failed to write mapping "newuidmap:
uid range [1000-1001) -> [114-115) not allowed": newuidmap 6725 0 100000
1000 1000 114 1 1001 101001 64535
lxc ub1804x64-3 20180709154554.682 ERROR lxc_start -
start.c:lxc_spawn:1661 - Failed to set up id mapping.
lxc ub1804x64-3 20180709154554.755 WARN lxc_network -
network.c:lxc_delete_network_priv:2607 - Failed to remove interface
"veth38DOB9" from "lxdbr0": Invalid argument
lxc ub1804x64-3 20180709154554.755 ERROR lxc_container -
lxccontainer.c:wait_on_daemonized_start:834 - Received container state
"ABORTING" instead of "RUNNING"
lxc ub1804x64-3 20180709154554.756 ERROR lxc_start -
start.c:__lxc_start:1887 - Failed to spawn container "ub1804x64-3"
lxc 20180709154554.775 WARN lxc_commands -
commands.c:lxc_cmd_rsp_recv:130 - Connection reset by peer - Failed to
receive response for command "get_state"
I'm basically following this article
(https://stgraber.org/2017/06/15/custom-user-mappings-in-lxd-containers/)
written by Stéphane Graber (the super awesome primary LXD developer) to
achieve this. I'll admit that I don't fully understand what's going on
here, if someone could help me understand my mistake a bit better, I'd
really appreciate it. I have a feeling I have the range wrong (1000?). I
previously attempted doing the same by manually adding the mysql
user/group and trying to map those (instead of installing mysql), but
that also didn't work out (Same error). This is what I tried before
trying the mapping):
$ sudo groupadd mysql
$ sudo useradd -r -g mysql mysql
I also tried with:
$ printf "both $(id -u mysql) $(id -u mysql)" | lxc config set
$CONTAINER_NAME raw.idmap -
Then the error I get is:
$ sudo lxc info --show-log tmp3
Name: tmp3
Remote: unix://
Architecture: x86_64
Created: 2018/07/09 20:32 UTC
Status: Stopped
Type: persistent
Profiles: default
Log:
lxc tmp3 20180709204423.805 ERROR lxc_conf - conf.c:lxc_map_ids:2919
- newgidmap failed to write mapping "newgidmap: gid range [114-115) ->
[114-115) not allowed": newgidmap 30081 114 114 1 0 100000 114 115
100115 65421
lxc tmp3 20180709204423.805 ERROR lxc_start - start.c:lxc_spawn:1661
- Failed to set up id mapping.
lxc tmp3 20180709204423.876 WARN lxc_network -
network.c:lxc_delete_network_priv:2607 - Failed to remove interface
"vethYL869L" from "lxdbr0": Invalid argument
lxc tmp3 20180709204423.876 ERROR lxc_container -
lxccontainer.c:wait_on_daemonized_start:834 - Received container state
"ABORTING" instead of "RUNNING"
lxc tmp3 20180709204423.877 ERROR lxc_start -
start.c:__lxc_start:1887 - Failed to spawn container "tmp3"
lxc 20180709204423.897 WARN lxc_commands -
commands.c:lxc_cmd_rsp_recv:130 - Connection reset by peer - Failed to
receive response for command "get_state"
I'm using LXD 3.0.1 running on host Ubuntu 18.04 amd64 and testing with
a Ubuntu 18.04 amd64 container
Thanks for your help in advance!!
Things to keep in mind.
1) If you end up with a machine level instance of MariaDB running along
with a container level instance of MariaDB running with a shared
/var/lib/mysql, then all your data will be corrupt.
Likely best to have a machine level database directory named
something different than /var/lib/mysql, in case you ever accidentally
install a machine level version of mariadb-server packages.
2) Unsure what you're attempting to accomplish modifying idmaps + restarting
LXD. Maybe you're attempting to defeat container security.
A better way to do this is...
lxc config set cname security.privileged true
lxc restart cname
3) All this said, likely be useful for you to describe your target objective.
Likely knowing this, someone has already accomplished what you're trying
to accomplish + will have some good suggestions.
4) Keep in mind, depending on how you finalize all this, container
remote move + copy operations may fail to clone your database data.
Even if you do end up with a /var/lib/mysql in your newly created
remote container, you'll likely loose your machine/container
filesystem mapping.
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
