Talk:Proxmox Linux Container: Difference between revisions
imported>Vater |
imported>Vater |
||
Line 53: | Line 53: | ||
*: tab <tt>General</tt> | *: tab <tt>General</tt> | ||
*:* (for the following we expect) ''1000'' is prefilled (to the text field of <tt>CT ID:</tt>) or you have added it (because it not already taken) | *:* (for the following we expect) ''1000'' is prefilled (to the text field of <tt>CT ID:</tt>) or you have added it (because it not already taken) | ||
*:* (for the following we expect) the checkbox | *:* <s>(for the following we expect) the checkbox <tt>Unprivileged container:</tt> is preselected choosen</s> | ||
*:* (for the following we expect) the checkbox | *:* <s>(for the following we expect) the checkbox <tt>Nesting:</tt> is preselected choosen</s> | ||
*:* add a (useless, but from the form required) passphrase (to the text field of <tt>Password:</tt>) | *:* add a (useless, but from the form required) passphrase (to the text field of <tt>Password:</tt>) | ||
*:* add the same (useless, but from the form required) passphrase (to the text field of <tt>Confirm password:</tt>) | *:* add the same (useless, but from the form required) passphrase (to the text field of <tt>Confirm password:</tt>) | ||
Line 67: | Line 67: | ||
*:* choose the ''Next'' button | *:* choose the ''Next'' button | ||
*: tab <tt>Root Disk</tt> | *: tab <tt>Root Disk</tt> | ||
*:* (for the following we expect) the entry ''storage'' is prefilled (at the drop down menu of <tt>Storage:</tt>) | |||
*:* (for the following we expect) ''8'' is prefilled (to the text field of <tt>Disk size (GiB):</tt>) | |||
*:* choose the ''Next'' button | |||
*: tab <tt>CPU</tt> | |||
*:* (for the following we expect) ''1'' is prefilled (to the text field of <tt>Cores:</tt>) | |||
*:* choose the ''Next'' button | |||
*: tab <tt>Memory</tt> | |||
*:* (for the following we expect) ''512'' is prefilled (to the text field of <tt>Memory (MiB):</tt>) | |||
*:* (for the following we expect) ''512'' is prefilled (to the text field of <tt>Swap (MiB):</tt>) | |||
*:* choose the ''Next'' button | |||
*: tab <tt>Network</tt> | |||
*:* (for the following we expect) ''eth0'' is prefilled (to the text field of <tt>Name:</tt>) | |||
*:* <s>(for the following we expect) (the text field of <tt>MAC address:</tt>) is emtpy (and so prefilled with ''auto'')</s> | |||
*:* (for the following we expect) the entry ''vmbr0'' is prefilled (at the drop down menu of <tt>Bridge:</tt>) | |||
*:* <s>(for the following we expect) (the text field of <tt>VLAN Tag:</tt>) is emtpy (and so prefilled with ''no VLAN'')</s> | |||
*:* <s>(for the following we expect) (the text field of <tt>Rate limit (MB/s) Tag:</tt>) is emtpy (and so prefilled with ''unlimited'')</s> | |||
*:* <s>(for the following we expect) the checkbox <tt>Firewall:</tt> is preselected choosen</s> | |||
*:* … | |||
*: tab <tt>DNS</tt> | |||
*:* … | |||
*: tab <tt>Confirm</tt> | |||
*:* … | *:* … | ||
| | | |
Revision as of 18:08, 10 October 2021
NixOS container (LXC) on Proxmox Virtual Environment 7
GUI | CLI | ||
---|---|---|---|
find the (a current) NixOS template |
for example for 21.05
| ||
download the NixOS template |
|
going to the folder where all the templates for Promox Virtual Environment are stored
downloading the NixOS template file (optional you should) move the downloaded NixOS template file to a nicer (more individual) file name
(optional you can) going back
| |
create a (first) new NixOS container with Proxmox Virtual Environment |
|
(optional you can) check the (pve) lxc config file (and it should look like something like the following)
arch: amd64 hostname: CT1000 memory: 1024 net0: name=eth0 ostype: unmanaged rootfs: storage:vm-1000-disk-0,size=4G swap: 512 unprivileged: 1 | |
customize the individual Proxmox Virtual Environment container configuration for NixOS |
sync_wait: 36 An error occurred in another process (expected sequence number 7) __lxc_start: 2073 Failed to spawn container "1000" TASK ERROR: startup for container '1000' failed editing the specific (pve) lxc config file (to a option for lxc.init.cmd)
lxc.init.cmd: /init | ||
(configure the available (virtual) network device for the Proxmox Virtual Environment container) |
| ||
(activate nesting for NixOS in the Proxmox Virtual Environment container) |
(optional you can) check the (pve) lxc config file (and it should look like something like the following with nesting=1 on the line features:)
arch: amd64 cores: 2 features: nesting=1 hostname: CT1000 memory: 1024 net0: name=eth0,bridge=vmbr0,hwaddr=A1:B2:C3:D4:E5:F6,ip=dhcp,type=veth ostype: unmanaged rootfs: storage:vm-1000-disk-0,size=4G swap: 512 unprivileged: 1 | ||
customize the (pve) lxc startup setup routine |
run_buffer: 316 Script exited with status 1 lxc_init: 816 Failed to run lxc.hook.pre-start for container "1000" __lxc_start: 2007 Failed to initialize container "1000" TASK ERROR: startup for container '1000' failed
sub unified_cgroupv2_support { my ($self) = @_; return if !$self->{plugin}; # unmanaged $self->protected_call(sub { $self->{plugin}->unified_cgroupv2_support() }); } WARN: old systemd (< v232) detected, container won't run in a pure cgroupv2 environment! Please see documentation -> container -> cgroup version. TASK WARNINGS: 1 |
https://forum.proxmox.com/threads/92381/#post-402350
nodev cgroup nodev cgroup2 | |
start the NixOS container with Proxmox Virtual Environment |
| ||
… | https://github.com/NixOS/nixpkgs/issues/9735#issuecomment-783535726 | ||
… | |||
… | |||
… | |||
… | |||
… |
Is there a need for non unprivileged NixOS containers?
- Is there a scenario where you would like to have a privileged (
unprivileged = 0
) container? - I do not know.
Is there a cgroup2 only NixOS containers?
- Is there a configuration with cgroups versions 2 only - where cgroups version 1 is not needed - (so that is possible to rollback the manipulation of the pve lxc startup script (/usr/share/perl5/PVE/LXC/Setup.pm))? Or can we create such a (pre)build image (tar)?
- I do not know.
- Notes
https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html
(pve) lxc configuration option lxc.cgroup2.devices.allow: a
(pve) lxc configuration option lxc.cgroup.devices.deny = a
https://wiki.debian.org/LXC/CGroupV2
https://search.nixos.org/options?channel=unstable&from=0&query=cgroup