Storj in docker in lxc

gergogyerek · March 31, 2020, 4:05pm

hi,
I have created a LXC container for storj
> gergo@dl380p:[~]:lxc config show storj

architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 18.04 LTS amd64 (release) (20200317)
  image.label: release
  image.os: ubuntu
  image.release: bionic
  image.serial: "20200317"
  image.type: squashfs
  image.version: "18.04"
  raw.idmap: both 1002 1002
  volatile.base_image: 98e43d99d83ef1e4d0b28a31fc98e01dd98a2dbace3870e51c5cb03ce908144b
  volatile.eth0.host_name: veth763ae1fb
  volatile.eth0.hwaddr: 00:16:3e:59:9b:38
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1002},{"Isuid":true,"Isgid":true,"Hostid":1002,"Nsid":1002,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":1001003,"Nsid":1003,"Maprange":999998997},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1002},{"Isuid":true,"Isgid":true,"Hostid":1002,"Nsid":1002,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":1001003,"Nsid":1003,"Maprange":999998997}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
devices:
  camera:
    path: /mnt/storj
    source: /mnt/storj/
    type: disk
ephemeral: false
profiles:
- default
- bridgeprofile
stateful: false
description: "

did the installation preparations on storj website, everything was OK, but when I try to run storj docker I get the following:

gergo@dl380p:[~]:lxc exec storj bash
root@storj:~# docker run -d --restart unless-stopped --stop-timeout 300     -p 28967:28967     -p 127.0.0.1:14002:14002     -e WALLET="0x621Cd13b72bCB6Bc0698c46C8D349224c9a810f8"     -e EMAIL="gergogyerek@gmail.com"     -e ADDRESS="gergogyerek.duckdns.org:28967"     -e STORAGE="3TB"     --mount type=bind,source="/home/storj/.local/share/storj/identity/storagenode",destination=/app/identity     --mount type=bind,source="/mnt/storj/",destination=/app/config     --name storagenode3 storjlabs/storagenode:beta
0a14d25782287387bd8df4158a5d365465a34e8e159267da7c4c0c50b4581712
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"proc\\\" to rootfs \\\"/var/lib/docker/btrfs/subvolumes/e8c3546934a8b3b51fd1d2913f21246506a3313313eedb5e115b421d92e1f082\\\" at \\\"/proc\\\" caused \\\"permission denied\\\"\"": unknown.

could someone guide me to the right troubleshooting directions. what should I check?
I’m trying to mount storage from the host to lxc and give it to storj.
thank you
Gergo

jensamberg · March 31, 2020, 5:12pm

Does it make sense to run the Storj container in a LXC container? Why not running the Docker Container direct ?

SGC · August 10, 2020, 8:19am

In case somebody else comes looking for this answer…
i added this and docker worked in my container… it’s as secure as a vm, but my docker has been on the host, now i’m moving it to separate the proxmox graphs lol so i can directly see the bandwidth of the storagenode in the proxmox gui…

this needs to be added to the /etc/pve/.conf

lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:

the solution was found here…

more lines may needs to be added.
a selection of parameters can be found under options on this page.
https://pve.proxmox.com/wiki/Linux_Container

set this to 1
keyctl= ( default = 0)

and this to 1
nesting= ( default = 0)

duno if they are needed, they sounded required
haven’t tested with the storagenode yet… but docker test image worked fine…

another thing one might want to do is directly access the host storage… if you like me have the storagenode located currently on the host and is moving it into a container.

you can find information on that here.
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

first one is the source, second is the mount point as seen from the container.

now to continue to look for my own answer… is it safe to run my storagenode like this…