How to add or mount directory in LXD (Linux container)

ADVERTISEMENTS



How add or mount directory in LXD/LXC

I have two LXD containers running. One is for Nginx, and another is for processing data. I need to share data between two containers. How do I add or mount a shared directory between two?One can manage devices of running containers using lxc command. To add devices such as directory to containers, use lxc config device add command. This page explains how to add a host directory to an LXD container

The procedure to mount directories in LXD as follows:

Open the terminal application For remote LXD/Linux server login using the ssh command To mount the host’s /wwwdata/ directory onto /var/www/html/ in the LXD container named c1 , run:

lxc config device add c1 sharedwww disk source= /wwwdata/ path= /var/www/html/ Verify that directory has been mounted onto c1 container by running:

lxc exec c1 -- "ls /var/www/html"

Let us see all steps in detail for mounting directories as both in read-only and read/write mode onto containers.

Mounting your home directory in LXD ( read-only )

The syntax is as follows:

lxc config device add {container-name} {name} disk source={/path/to/source/dir/} path={/path/to/dest/onto/container/}

Let us create a new container named c1:

lxc launch images:centos/8/amd64 c1

lxc list c1

Create a new directory named /dest/ onto container named c1, run:

lxc exec c1 -- "mkdir /dest/"

lxc exec c1 -- "ls -ld /dest/"

Mount your $HOME (/home/vivek/) directory onto c1 at /dest/ in read only:

lxc config device add c1 myhomedir disk source=$HOME path=/dest/

OR

lxc config device add c1 myhomedir disk source=/home/vivek/ path=/dest/

Please note that if /dest/ directory does not exist, it will be created automatically by above lxc command. Now that disk added onto c1, verify it:

lxc config device show c1

Restart the container to verify that settings remain valid:

lxc restart c1

lxc config device show c1

## login onto c1 container ##

lxc exec c1 bash

cd /dest/

ls -l

## is it read-only or read-write? ##

mkdir foo

exit



How to remove/delete/unmount directory from an LXD container

To remove container devices such as disk named myhomedir from c1 container, run:

lxc config device remove c1 myhomedir

Device myhomedir removed from c1

Verify it:

lxc config device show c1

{}

Add a shared host directory to an LXC/LXD container ( read-write mode )

By default, the root user is not allowed to modify files inside containers from a host. It is a security feature of LXD. In other words, you need to remap your user ID if you need read-write access for mounted folders.

The subordinate gid file

Each line in /etc/subgid contains a user name and a range of subordinate group ids that user is allowed to use. This file specifies the group IDs that ordinary users can use, with the newgidmap command, to configure gid mapping in a user namespace. This is specified with three fields delimited by colons (“ : ). Use the cat command:

cat /etc/subgid

Sample outputs:

vivek:100000:65536

Whre fields are:

vivek – Login name or UID on host

100000 – Numerical subordinate group ID

65536 – Numerical subordinate group ID count

The subordinate uid file

Again, each line in /etc/subuid contains a user name and a range of subordinate user ids that user is allowed to use. This file specifies the user IDs that ordinary users can use, with the newuidmap command, to configure uid mapping in a user namespace. To view this file, run:

cat /etc/subuid

Sample outputs:

vivek:100000:65536

How to allow LXD to remap your user ID on the host

Use the id command to find out your uid/gid:

id

Sample outputs:

uid= 1000 (vivek) gid= 1000 (vivek) groups=1000(vivek),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin),116(sambashare),998(lxd)

Next, I am going to allow the LXD demon which is running as root to remap my host’s user ID inside a container:

echo "root:1000:1" | sudo tee -a /etc/subuid /etc/subgid

This is a one time set up and no need to repeat. Make sure file has been updated:

cat /etc/{subuid,subgid}

How to remap your user ID inside the container

Find UID inside the container for the user named vivek (user account must exist inside the c1):

lxc exec c1 bash

grep ^vivek /etc/passwd

Create a user account named if no output displayed by above grep command:

lxc exec c1 bash

adduser vivek

id vivek

exit

Type the following command to map both the UID and the GID, from the host’s UID (1000) to the c1 container’s 1000 UID (vivek):

lxc config set c1 raw.idmap "both 1000 1000"

Restart the container to settings take effect:

lxc restart c1

Finally, mount and map the directory in a read/write mode:

lxc config device add c1 myhomedir disk source=/home/vivek/ path=/home/vivek/

lxc config show c1

Test it

lxc exec c1 bash

cd /home/vivek

mkdir delta

echo "www.nixcraft.com" > test.txt

cat test.txt

rmdir delta

## back to host ##

exit

## make sure bar.txt still exists on host ##

ls -l test.txt

cat test.txt



Conclusion

You learned how to bind-mount your Linux home directory in LXD either in read-only or read-write mode by mapping UID/GID. This feature is handy to mount high availability storage into a container. See LXD project docs for more info.