UPDATE
Do NOT do this. If a CIFS Mount is unavailable, the container will fail to start on boot/reboot. Instead, I would recommend creating the CIFS mount in the container. It's not as efficient, but at least the container will boot if the mount is unavailable.
Original Post Follows
Bind mounts allow us to mount arbitrary host directories in containers. This is useful if we need an container to have access to files on a host filesystem.
If you need the container to have WRITE privilege, create it as a privileged container. The default setting is unprivileged, so make sure you plan ahead. There are ways to allow unprivileged containers to write bind mounts, but I've spent too much time trying to figure it out, and this was much easier.
In my case I'm interested in using CIFS shares from inside a container. We can do this in two steps.
1) Set up the CIFS on the proxmox host
2) Set up the bind mount on the container
Setting up CIFS
I like to use autofs for network mounts.
# Install CIFS and autofs
apt install cifs-utils
apt install autofs
# Configure autofs
echo "/mnt/servername /etc/auto.servername --timeout 0" >> /etc/auto.master
echo "mountpoint -fstype=cifs,rw,guest ://servername/mountpoint" >> /etc/auto.servername
The above will add lines to autofs config in order to mount our mountpoint. This assumes you already have CIFS running and allows "guest" users. Replace the mountpoint and servername parts as appropriate.Setting up Bind Mounts
# Create Container Bind Mount
pct set 106 -mp0 /mnt/servername/mountpoint,mp=/mnt/containerfolder
We must use the CLI in order to create proxmox bind mounts. Bind mounts are not currently supported in the GUI. The above creates mount point 0 "mp0" for container 106 (change the number to match your container), maps the host directory (/mnt/servername/mountpoint) autofs CIFS share we just set up to a directory in the container (/mnt/containerfolder).Now if we launch the container, we can list /mnt/containerfolder and see the contents of our CIFS share.
Bind mounts will work with any directory, and can be mapped to any directory on the container. So be careful because there are security and data integrity implications when you do this. The safest practice would be to only mount directories that are in /mnt on the host and map them to /mnt in the container.
No comments:
Post a Comment