Open main menu

Changes

1,496 bytes added ,  05:07, 18 April 2021
no edit summary
lxc config device add <instance> port-forward proxy connect=tcp:<container-ip>:<port> listen=tcp:<host-ip>:<port> nat=true
</pre>
 
== LXD Storage Mounts ==
{{Note|The following commands and paths are formatted for internal NixNet usage. You may need change the paths to fit your needs.|reminder}}
 
The LXC help gives this hint when adding a device:
<pre>
lxc config device add [<remote>:]<container-name> <device-name> disk source=/opt/<service-name> path=opt
</pre>
This adds a device of type disk to <code><container-name></code>. The <code>source</code> is the host's file path, and <code>path</code> is the path in the container.
 
Do to how permissioning works on unprivileged containers, the mount permissions have to be changed on the host system. Firstly you have to know what gid/uid offset LXD is using for it's containers. In the case of NixNet's setup, the containers are on an offset of 100000, which means the root user in the container has the permissions of user 100000 on the host system.
 
The next step is to get the uid/gid of the user that needs to access the mounted files in the container. To get this, simply run <code>id <user></code> on the user.
 
For example, to get the uid of postgres:
<pre>
# id postgres
8.0K ./static
uid=70(postgres) gid=70(postgres) groups=70(postgres),70(postgres)
</pre>
 
We then add these uid/gids to our offset (100000) and chown the files on the host.
 
Again following postgres as an example:
<pre>
# chown -R 100070:100070 /opt/storage/<service-name>/postgresql/
</pre>
 
The mounted files should now show up as being owned by the correct user inside of the container.
[[Category:Admin guides]]