How to add kernel modules into an LXC container?

MirtoBusico · June 16, 2019, 4:49pm

Hi all,
I’m trying to install K3S inside an lxc container following these instrucions

The problem is that I have to load some kernel modules inside the LXC container.

On the host machine I have

sysop@hoseplak3s:~$ modprobe overlay
sysop@hoseplak3s:~$ modinfo overlay
filename:       /lib/modules/4.18.0-21-generic/kernel/fs/overlayfs/overlay.ko
alias:          fs-overlay
...

But in the container I have

root@k3s-server:~# modprobe overlay
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.18.0-21-generic/modules.dep.bin'
modprobe: FATAL: Module overlay not found in directory /lib/modules/4.18.0-21-generic
root@k3s-server:~#

Actually into the LXC container the “/lib/modules/” directory is empty

How can I load kernel modules inside the container?

Skaperen · June 16, 2019, 7:25pm

the concept of containers is a virtualization sharing the same kernel instance. for the majority of use cases, sharing the same kernel is sufficient and a virtual machine is not needed. for the cases where differences must exist between kernels, where these differences are not specifically provided for in cgroups/namespaces, a virtual machine is needed.

simos · June 16, 2019, 10:33pm

The LXC/LXD system containers do not load kernel modules for their own use.
What you do, is get the host it load the kernel module, and this module could be available in the container.
The overlay kernel module is available in system containers, if it is loaded (on the host).
You can setup your container to auto-load specific kernel modules when the container starts. This helps you so that you do not have to manually load kernel modules yourself.
I know how to do this with LXD,

 lxc config set mycontainer linux.kernel_modules overlay

But if you check the documentation link that you just gave, it also sets linux.kernel_modules to load specific modules.

MirtoBusico · June 17, 2019, 10:14am

Thanks.
I’ll try asap.
It seems that, following the instructions at the link, when I tried

lxc config edit mycontainer

I saw and edited a temporary file; but when I saved and closed my modifications went away

I tried the command as a normal user; mybe this is one of the remaining commands that require root access.

Now I’ll do these tests and report:

sudo lxc config edit mycontainer

and see if modifications are mantained

lxc config set mycontainer …

for every line to add to the config

MirtoBusico · June 17, 2019, 11:00am

Tried.
For a container named kes-lxc SUCCESS with sudo (the inserted lines are maintained)

sysop@hoseplak3s:~$ sudo lxc config edit k3s-lxc
[sudo] password di sysop: 
To start your first container, try: lxc launch ubuntu:18.04

sysop@hoseplak3s:~$
sysop@hoseplak3s:~$ lxc config show k3s-lxc
architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 18.04 LTS amd64 (release) (20190604)
  image.label: release
  image.os: ubuntu
  image.release: bionic
  image.serial: "20190604"
  image.version: "18.04"
  linux.kernel_modules: ip_tables,ip6_tables,netlink_diag,nf_nat,overlay,br_netfilter
  raw.lxc: lxc.mount.auto=proc:rw sys:rw
  security.nesting: "true"
  security.privileged: "true"
  volatile.base_image: c234ecee3baaee25db84af8e3565347e948bfceb3bf7c820bb1ce95adcffeaa8
...

For a container named test1 the config set SUCCESS with and without sudo

sysop@hoseplak3s:~$ sudo lxc config set test1 linux.kernel_modules overlay 
sysop@hoseplak3s:~$ lxc config set test1 security.nesting true
sysop@hoseplak3s:~$ lxc config show test1
architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 18.04 LTS amd64 (release) (20190604)
  image.label: release
  image.os: ubuntu
  image.release: bionic
  image.serial: "20190604"
  image.version: "18.04"
  linux.kernel_modules: overlay
  security.nesting: "true"
  volatile.base_image: c234ecee3baaee25db84af8e3565347e948bfceb3bf7c820bb1ce95adcffeaa8

Thanks