Talk:Proxmox Linux Container: Difference between revisions

From NixOS Wiki
← Older editNewer edit →
VisualWikitext
imported>Vater
imported>Vater
Line 49: Line 49:
| create a (first) new NixOS container with Proxmox Virtual Environment  
| create a (first) new NixOS container with Proxmox Virtual Environment  
|  
|  
* (if you want to switch to the ''Folder View'' and go to ''Nodes'' and choose the your nodes where you create the container. (this note will be preselected as ''Node'' in the form.))
* choose the ''Create CT'' button
*: tab <tt>General</tt>
*:* (for the following we expect) ''1000'' is prefilled (to the text field of <tt>CT ID:</tt>) or you have added it (because it not already taken)
*:* (for the following we expect) the checkbox ''Unprivileged container:'' is preselected choosen
*:* (for the following we expect) the checkbox ''Nesting:'' is preselected choosen
*:* add a (useless, but from the form required) passphrase (to the text field of <tt>Password:</tt>)
*:* add the same (useless, but from the form required) passphrase (to the text field of <tt>Confirm password:</tt>)
*:* (optional you can) add other options of the form, like
*:** the node for the container (at the drop down menu of <tt>Node:</tt>)
*:** the name for the container (to the text field of <tt>Hostname:</tt>)
*:** …
*:* choose the ''Next'' button
*: tab <tt>Template</tt>
*:* (for the following we expect) the entry ''cephfs'' is prefilled (at the drop down menu of <tt>Storage:</tt>)
*:* (for the following we expect you) find and choose the entry ''nixos-21.05_2021-10-10.tar.xz'' (at the drop down menu of <tt>Storage:</tt>)
*:* choose the ''Next'' button
*: tab <tt>Root Disk</tt>
*:* …
|  
|  
: <code>pct create </code>…
: <code>pct create </code>…

Revision as of 14:02, 10 October 2021

NixOS container (LXC) on Proxmox Virtual Environment 7

GUI CLI
find the (a current) NixOS template

for example for 21.05

the link for the latest (daily) tarball for a container (of 21.05) is

https://hydra.nixos.org/job/nixos/release-21.05/nixos.containerTarball.x86_64-linux/latest/download-by-type/file/system-tarball
download the NixOS template
  • (if you want to switch to the Storage View and) go to one of your nodes where you can (find and) store CT Templates.
  • choose the Download from URL button

going to the folder where all the templates for Promox Virtual Environment are stored

cd /mnt/pve/cephfs/template/cache

downloading the NixOS template file

wget -c https://hydra.nixos.org/job/nixos/release-21.05/nixos.containerTarball.x86_64-linux/latest/download-by-type/file/system-tarball

(optional you should) move the downloaded NixOS template file to a nicer (more individual) file name

mv system-tarball nixos-21.05_2021-10-10.tar.xz

(optional you can) going back

cd -
create a (first) new NixOS container with Proxmox Virtual Environment
  • (if you want to switch to the Folder View and go to Nodes and choose the your nodes where you create the container. (this note will be preselected as Node in the form.))
  • choose the Create CT button
    tab General
    • (for the following we expect) 1000 is prefilled (to the text field of CT ID:) or you have added it (because it not already taken)
    • (for the following we expect) the checkbox Unprivileged container: is preselected choosen
    • (for the following we expect) the checkbox Nesting: is preselected choosen
    • add a (useless, but from the form required) passphrase (to the text field of Password:)
    • add the same (useless, but from the form required) passphrase (to the text field of Confirm password:)
    • (optional you can) add other options of the form, like
      • the node for the container (at the drop down menu of Node:)
      • the name for the container (to the text field of Hostname:)
    • choose the Next button
    tab Template
    • (for the following we expect) the entry cephfs is prefilled (at the drop down menu of Storage:)
    • (for the following we expect you) find and choose the entry nixos-21.05_2021-10-10.tar.xz (at the drop down menu of Storage:)
    • choose the Next button
    tab Root Disk
pct create 


pct create 1000 --arch amd64 --description nixos-template cephfs:vztmpl/nixos-21.05_2021-10-10.tar.xz --ostype unmanaged --net0 name=eth0 --storage storage --unprivileged 1




(optional you can) check the (pve) lxc config file (and it should look like something like the following)
less /etc/pve/lxc/1000.conf



arch: amd64
hostname: CT1000
memory: 1024
net0: name=eth0
ostype: unmanaged
rootfs: storage:vm-1000-disk-0,size=4G
swap: 512
unprivileged: 1






customize the individual Proxmox Virtual Environment container configuration for NixOS





sync_wait: 36 An error occurred in another process (expected sequence number 7)
__lxc_start: 2073 Failed to spawn container "1000"
TASK ERROR: startup for container '1000' failed





editing the specific (pve) lxc config file (to a option for lxc.init.cmd)



nano /etc/pve/lxc/1000.conf




lxc.init.cmd: /init






(configure the available (virtual) network device for the Proxmox Virtual Environment container)










(activate nesting for NixOS in the Proxmox Virtual Environment container)







(optional you can) check the (pve) lxc config file (and it should look like something like the following with nesting=1 on the line features:)
less /etc/pve/lxc/1000.conf



arch: amd64
cores: 2
features: nesting=1
hostname: CT1000
memory: 1024
net0: name=eth0,bridge=vmbr0,hwaddr=A1:B2:C3:D4:E5:F6,ip=dhcp,type=veth
ostype: unmanaged
rootfs: storage:vm-1000-disk-0,size=4G
swap: 512
unprivileged: 1






customize the (pve) lxc startup setup routine





run_buffer: 316 Script exited with status 1
lxc_init: 816 Failed to run lxc.hook.pre-start for container "1000"
__lxc_start: 2007 Failed to initialize container "1000"
TASK ERROR: startup for container '1000' failed





nano /usr/share/perl5/PVE/LXC/Setup.pm



sub unified_cgroupv2_support {
    my ($self) = @_;




    return if !$self->{plugin}; # unmanaged



    $self->protected_call(sub { $self->{plugin}->unified_cgroupv2_support() });
}





WARN: old systemd (< v232) detected, container won't run in a pure cgroupv2 environment! Please see documentation -> container -> cgroup version.
TASK WARNINGS: 1





https://forum.proxmox.com/threads/92381/#post-402350



grep cgroup /proc/filesystems


nodev	cgroup
nodev	cgroup2






start the NixOS container with Proxmox Virtual Environment





pct start 












https://github.com/NixOS/nixpkgs/issues/9735#issuecomment-783535726













































Is there a need for non unprivileged NixOS containers?


Is there a scenario where you would like to have a privileged (unprivileged = 0) container?


I do not know.


Is there a cgroup2 only NixOS containers?


Is there a configuration with cgroups versions 2 only - where cgroups version 1 is not needed - (so that is possible to rollback the manipulation of the pve lxc startup script (/usr/share/perl5/PVE/LXC/Setup.pm))? Or can we create such a (pre)build image (tar)?


I do not know.


Notes




https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html

(pve) lxc configuration option lxc.cgroup2.devices.allow: a

(pve) lxc configuration option lxc.cgroup.devices.deny = a

https://wiki.debian.org/LXC/CGroupV2



Retrieved from "https://wiki.nixos.org/w/index.php?title=Talk:Proxmox_Linux_Container&oldid=9362"