blog/2021-03-25_proxmox_docker/ #5
Replies: 14 comments 46 replies
-
Comments welcome. If you do not want to allow Github API access for giscus.app, feel free to directly add comments on Github. |
Beta Was this translation helpful? Give feedback.
-
Thank you very much for your report, that running docker inside an unprivileged linux container (lxc) worked for you.
For more details please see https://forums.docker.com/t/docker-problem-in-unpriviledged-lxc-on-debian-11-2-bullseye |
Beta Was this translation helpful? Give feedback.
-
Hello Alexander Dunkel/Sieboldianus, |
Beta Was this translation helpful? Give feedback.
-
Well done. |
Beta Was this translation helpful? Give feedback.
-
not working with docker swarm |
Beta Was this translation helpful? Give feedback.
-
what about migration to nodes? it dont work for me |
Beta Was this translation helpful? Give feedback.
-
Lxc has vantage of CPU core assigment on cluster...u are not limited to set core numbers of node that have less... VM use all assigment Memory ,and when u have a 64gb VM its slow to replicate or move 64gb cached RAM..example, My 64gb docker VM full all Memory for cache in proxmozx in less than 24 hours...My lxc with same 53 containers...use less less Memory. Replication and HA Is more fast. Anyways this Is hard to do with a priviliged docker lxc too..overlay+lxc+docker+replication+ha its impossible for me, until a solution |
Beta Was this translation helpful? Give feedback.
-
Went the fuse-overlayfs route: Have portainer and home_assistant running. Replication works, proxmox backup-server backups work. Migration had a few hiccups. First try got the message "can't get lock". Stopped container, migrated w/o incident, restarted container and it was fine. Then migrated back to the first node and it was fine (stopped and started itself fine). Subsequent migrations would periodically look successful but docker would lock up (docker info or docker ps would not return for example). Seems rock solid when not migrated, but when migrated needs to be checked afterwards. On my home lab (3 nodes: A10-5800K, i5-2500, FX-8350 totaling 16 cpus, 56gb ram, 12tb of SSD, 9 total LXCs) VM+docker+containers was 4gb ram, 35GB disk where LXC+docker+containers is 512K ram, 3.3gb disk. On my home lab VMs are resource hogs (I no longer have any windows servers - yea!). Lxc is just a breadth of fresh air and simplicity using proxmox. Thanks for sharing. |
Beta Was this translation helpful? Give feedback.
-
So I'm coming from the LXD side, but I've found your blog very useful. One thing I am getting stuck on, and seems that has also caught you is the host messages about "overlayfs: upper fs is missing required features" - also the post here For me I've had this message trying different set ups (zvol formatted as xfs/ext4 and mounted in LXC and also separate Directory pool on EXT4). I have noticed thou if I make the LXC privileged, there's no message and "Native Overlay Diff" is set to true So it would seem there some kind of permission settings that need to changed to get this working 100% without that message? |
Beta Was this translation helpful? Give feedback.
-
I'm still not able to enable on host:
on lxc:
|
Beta Was this translation helpful? Give feedback.
-
After many days of tinkering (and failing), here's what I found.
If you maintain the Proxmox naming scheme for zvols, i.e. So instead of adding a mountpoint like
you then stay within the Proxmox ZFS realm and get a mountpoint like I've created a more detailed guide (tailored to Nextcloud-AIO) here. Also with Proxmox 7.2 you can run Docker in an unprivileged LXC with only 'nesting' enabled. No need to load any additional kernel modules on the PVE node nor in the LXC. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the nice tutorial. I get lost once it gets to the ZFS section. Why do I want to do this? Docker works fine without it. I read related reddit posts and non of those actually explain the reasoning behind this workaround. Or was the ZFS section needed to make docker run at all the it is now no longer needed with more recent software? docker info:
proxmox 8.0.3 |
Beta Was this translation helpful? Give feedback.
-
I am having trouble using it. I am on PVE8. TASK ERROR: zfs error: cannot open 'rpool/proxmox/container/subvol-2111-disk-4': operation not applicable to datasets of this type |
Beta Was this translation helpful? Give feedback.
-
I ran into an issue where DNS wasn't available to the docker service for a brief time after boot, maybe 30-60 seconds. Queries would work normally from the root shell. I wasn't able to determine why this was happening. Containers would start, and any DNS queries they would issue would fail for that period of time. I did not encounter this issue when I was running docker in a VM. For most containers, no big deal, but this would clobber my As a workaround, I modified
|
Beta Was this translation helpful? Give feedback.
-
Running docker inside an unprivileged LXC container on Proxmox - du.nkel.dev
A personal code notes blog
https://du.nkel.dev/blog/2021-03-25_proxmox_docker/
Beta Was this translation helpful? Give feedback.
All reactions