I have a lxd v4.3 installed on Debian Buster with one container. I am using ZFS as storage backend. I use R1Soft to backup this server. This solution uses an agent installed on the server which searchs for modified blocks in the filesystem and copies them. I keep some archived copies to be able to recover old files. The problem is that the backup agent cannot access the container’s files.
As you can see, the container’s files are mounted on /var/snap/lxd/common/lxd/storage-pools/default/containers/c1 but its namespace is different and the agent cannot see them.
Do you know how could I make visible the container’s files to the backup agent?
You could have it look at /var/snap/lxd/common/mntns/var/snap/lxd/common/lxd but another option would be to treat the containers as their own systems and run the agent inside them.
I really appreciate your answer. I took a look at /var/snap/lxd/common/mntns/var/snap/lxd/common/lxd as you suggested. Inside that directory there is a containers one with links pointing to each of the containers:
But the problem is that the namespace of the mounted filesystems on /var/snap/lxd/common/lxd/storage-pools/default/containers/c1 prevents processes from the host from viewing that files.
Sure, I could install the backup agent in the containers, but this way I will have to use one license for each of the containers while doing the backup from the host will require just one license for all the containers in that host.
I have learned I can manually mount the ZFS datasets in the host:
$ sudo zfs list
NAME USED AVAIL REFER MOUNTPOINT
default 488M 18.8G 24K none
default/containers 128M 18.8G 24K none
default/containers/c1 128M 18.8G 304M /var/snap/lxd/common/lxd/storage-pools/default/containers/c1
../..
$ sudo zfs get canmount
NAME PROPERTY VALUE SOURCE
default canmount on default
default/containers canmount on default
default/containers/c1 canmount noauto local
../..
$ sudo zfs mount default/containers/c1
$ sudo mount
../..
$ default/containers/c1 on /var/snap/lxd/common/lxd/storage-pools/default/containers/c1 type zfs (rw,xattr,posixacl)
../..
So now the ZFS dataset default/containers/c1 is mounted twice, one using the container namespace and another one using the default namespace, which is accesible from the host:
I am not sure though if mounting the filesystem twice can be dangerous or if there are some drawbacks. Probably it would be safer mounting the container’s dataset as read-only from the host. After all, to back up the files I just need to be able to read them.
Mounting it twice will cause you issues with ZFS… it’s not dangerous but ZFS is very much not mount namespace aware and gets very confused when this happens.
To access the actual data, look under /var/snap/lxd/common/mntns/var/snap/lxd/common/lxd/storage-pools
Thank you. I can see the container’s files under /var/snap/lxd/common/mntns/var/snap/lxd/common/lxd/storage-pools/default/containers/c1/rootfs. Unfortunately, the backup agent does not see that files. I will have to install the agent in both the host and the containers.