1

What's the correct way to share the mysql/mariadb data dir of the host system to a container and map the permissions correctly? I have been struggling with this for a couple of days. I'm sorry if this question has been asked before, but I have searched thoroughly and not been able to find the solution yet. Basically what I have done so far:

Install mariadb-server on both host and container and:

$ printf "lxd:$(id -u mysql):1\nroot:$(id -u mysql):1\n" | sudo tee -a /etc/subuid
$ printf "lxd:$(id -g mysql):1\nroot:$(id -g mysql):1\n" | sudo tee -a /etc/subgid
$ sudo systemctl restart lxd
$ printf "uid $(id -u mysql) 1000\ngid $(id -g mysql) 1000" | lxc config set $CONTAINER_NAME raw.idmap -
$ lxc restart $CONTAINER_NAME
$ sudo lxc config device add $CONTAINER_NAME mysql disk source=/var/lib/mysql path=/var/lib/mysql

Unfortunately, this breaks the container and prevents it from starting since the mapping isn't allowed. 

$ sudo lxc info --show-log ub1804x64-3

Name: ub1804x64-3
Remote: unix://
Architecture: x86_64
Created: 2018/07/09 15:30 UTC
Status: Stopped
Type: persistent
Profiles: default

Log:

lxc ub1804x64-3 20180709154554.682 ERROR    lxc_conf - conf.c:lxc_map_ids:2919 - newuidmap failed to write mapping "newuidmap: uid range [1000-1001) -> [114-115) not allowed": newuidmap 6725 0 100000 1000 1000 114 1 1001 101001 64535
lxc ub1804x64-3 20180709154554.682 ERROR    lxc_start - start.c:lxc_spawn:1661 - Failed to set up id mapping.
lxc ub1804x64-3 20180709154554.755 WARN     lxc_network - network.c:lxc_delete_network_priv:2607 - Failed to remove interface "veth38DOB9" from "lxdbr0": Invalid argument
lxc ub1804x64-3 20180709154554.755 ERROR    lxc_container - lxccontainer.c:wait_on_daemonized_start:834 - Received container state "ABORTING" instead of "RUNNING"
lxc ub1804x64-3 20180709154554.756 ERROR    lxc_start - start.c:__lxc_start:1887 - Failed to spawn container "ub1804x64-3"
lxc 20180709154554.775 WARN     lxc_commands - commands.c:lxc_cmd_rsp_recv:130 - Connection reset by peer - Failed to receive response for command "get_state"

I'm basically following this article (https://stgraber.org/2017/06/15/custom-user-mappings-in-lxd-containers/) written by Stéphane Graber (the super awesome primary LXD developer) to achieve this. I'll admit that I don't fully understand what's going on here, if someone could help me understand my mistake a bit better, I'd really appreciate it. I have a feeling I have the range wrong (1000?). I previously attempted doing the same by manually adding the mysql user/group and trying to map those (instead of installing mysql), but that also didn't work out (Same error). This is what I tried before trying the mapping):

$ sudo groupadd mysql
$ sudo useradd -r -g mysql mysql

I'm using LXD 3.0.1 running on host Ubuntu 18.04 amd64 and testing with a Ubuntu 18.04 amd64 container

asp
  • 191
  • 1
  • 6
  • 1
    Your mapping mysql user to 1000, `printf "both $(id -u mysql) $(id -u mysql)" | lxc config set $CONTAINER_NAME raw.idmap -` – Lawrence Cherone Jul 09 '18 at 17:23
  • I tried it that way earlier too, and it didn't work. This is what I got: – asp Jul 09 '18 at 20:34
  • Log: lxc tmp2 20180709203035.349 ERROR lxc_conf - conf.c:lxc_map_ids:2919 - newgidmap failed to write mapping "newgidmap: gid range [114-115) -> [114-115) not allowed": newgidmap 948 114 114 1 0 100000 114 115 100115 65421 lxc tmp2 20180709203035.349 ERROR lxc_start - ....... – asp Jul 09 '18 at 20:34

1 Answers1

0

So turns out that this was a really "newbie" question. I just started using LXD last week so it appears I wasn't aware of a few basic principles. I feel stupid now, but hey... that's how you learn sometimes right?

For anyone else who comes across this problem... the most practical solution was the elevate the container into a priviledged container:

lxc config set cname security.privileged true

Restart the container after that. Then you won't need to map users manually. Everything should work normally. You may have to chown from within the container before use though:

chown -Rv mysql:mysql /var/lib/mysql

Be careful that any mysql/mariadb servers on the host machine are not running when you share /var/lib/mysql and run the database server in the container. Else the lock will prevent the container's server instance from running. Defeating the lock and running the servers simultaneously should not be attempted as that will just corrupt the data.

I would not recommend this method for production either. I am just doing this to ease testing on my development environment, so the data is expendable. I am sure there are other practical use cases as well. This method works to effectively share the mysql data dir between host/container, but obviously only one running server can use the data at any given time.

Many thanks to David Favor on the LXD mailing list for the help.

asp
  • 191
  • 1
  • 6