Dear Stéphane,
I got time to play around with injecting mounts into a running container
You suggest:
>>>> Setup steps, before you first start the container:
>>>>
>>>> 1) mkdir /tmp/shared-c1
>>>> 2) mount --bind /tmp/shared-c1 /tmp/shared-c1
>>>> 3) mount --make-rshared /tmp/shared-c1
>>>> 4) Add to /var/lib/lxc/c1/config => lxc.mount.entry=/tmp/shared-c1
>>>> /.shared none bind,create=dir 0 0
>>>> 5) lxc-start -n c1
>>>>
>>>> At which point, you could inject a new mount with:
>>>>
>>>> 1) mkdir /tmp/share-c1/some_directory
>>>> 2) mount -- bind /mnt/some_host_mountpoint/some_directory
>>>> /tmp/share-c1/some_directory
>>>> 3) lxc-attach -n c1 -- mkdir -p /import/some_container_mountpoint
>>>> 4) lxc-attach -n c1 -- mount --move /.shared/some_directory
>>>> /import/some_container_mountpoint
>>>>
I take a slightly different approach:
1) Before starting the Container, I rshared-bind-over the "injecting
directory" right at the containers source image tree. With this, there's no
need to configure an additional lxc-mount. Using the names from you example, I
use
mount --bind --make-rshared $PATH_TO_C1_ROOTFS/.shared
$PATH_TO_C1_ROOTFS/.shared
2) Start the Container, e.g.
lxc-start -n c1
3) After start, this might be made slave for security, but must not for
functionality. (BTW: I can't use lxc-attach because of a bug in my very old LXC
0.8.4, I did it via a ssh channel)
lxc-attach -n c1 -- mount --make-slave .shared
Now, I was able to inject a filesystem:
1) mkdir $PATH_TO_C1_ROOTFS/.shared/some_container_mountpoint
2) mount --bind /mnt/some_host_mountpoint/some_directory
$PATH_TO_C1_ROOTFS/.shared/some_container_mountpoint
However, it's not allowed to move a shared subtree. But I found that I can
rebind it to move it to the final destination (in the example: at /import/)
3) lxc-attach -n c1 -- mkdir -p /import/some_container_mountpoint
4) lxc-attach -n c1 -- mount --bind .shared/some_container_mountpoint
/import/some_container_mountpoint
After re-binding in the container, one may release the bind-mount to the
filesystem at the host
5) umount $PATH_TO_C1_ROOTFS/.shared/some_container_mountpoint
At this point, along with the host, in the container the shared mount at
.shared will disappear, but the one at /import will kept (and lost the shared
stae, of corse). And it may be dropped inside the container by umount if needed
as usual.
In your first answer, you wrote:
>The only way of doing this that I'm aware of is what we do in LXD.
Does this mean, that with LXD filesystem injection at runtime is supported? Is
this done by using 'lxc config device add <container> <name> disk ...' ?
Greetings
Guido
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
