How to use linux.kernel_modules

MirtoBusico · June 17, 2019, 6:38pm

Hi all,
I need to have some kernel modules available inside a container to install K3S or MicroK8S

After requesting support on various forums I tried:

Create a profile for less restricted containers: I created a k3sprofile to add to the default profile

sysop@hoseplak3s:~$ lxc profile show default
config: {}
description: Default LXD profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by:
- /1.0/containers/k3s-lxc
sysop@hoseplak3s:~$ lxc profile show k3sprofile
config:
  boot.autostart: "true"
  linux.kernel_modules: ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,nf_conntrack_ipv4,ip_tables,ip6_tables,netlink_diag,nf_nat,overlay
  raw.lxc: |
    lxc.apparmor.profile=unconfined
    lxc.mount.auto=proc:rw sys:rw cgroup:rw
    lxc.cgroup.devices.allow=a
    lxc.cap.drop=
  security.nesting: "true"
  security.privileged: "true"
description: ""
devices:
  aadisable:
    path: /sys/module/nf_conntrack/parameters/hashsize
    source: /sys/module/nf_conntrack/parameters/hashsize
    type: disk
  aadisable1:
    path: /sys/module/apparmor/parameters/enabled
    source: /dev/null
    type: disk
name: k3sprofile
used_by:
- /1.0/containers/k3s-lxc
sysop@hoseplak3s:~$

Then I created a container named k3s-lxc with this command

lxc launch --profile default --profile k3sprofile ubuntu:18.04 k3s-lxc

The container configuration shows

sysop@hoseplak3s:~$ lxc config show k3s-lxc
architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 18.04 LTS amd64 (release) (20190604)
  image.label: release
  image.os: ubuntu
  image.release: bionic
  image.serial: "20190604"
  image.version: "18.04"
  volatile.base_image: c234ecee3baaee25db84af8e3565347e948bfceb3bf7c820bb1ce95adcffeaa8
  volatile.eth0.hwaddr: 00:16:3e:68:e2:48
  volatile.idmap.base: "0"
  volatile.idmap.current: '[]'
  volatile.idmap.next: '[]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
devices: {}
ephemeral: false
profiles:
- default
- k3sprofile
stateful: false
description: ""
sysop@hoseplak3s:~$

Seems correct; but if I enter the container and try to load a listed module I receive an error

sysop@hoseplak3s:~$ lxc exec k3s-lxc bash
root@k3s-lxc:~# modprobe overlay
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.18.0-21-generic/modules.dep.bin'
modprobe: FATAL: Module overlay not found in directory /lib/modules/4.18.0-21-generic
root@k3s-lxc:~#

On the host the modules are loadable.
So seems that the kernel modules are not passed to the container.

What am I doing wrong?

stgraber · June 17, 2019, 9:45pm

lxc config show --expanded k3s-lxc should show that it is in fact applied on the container.

Kernel modules are a global resource, if it’s loaded on the host, it’s loaded in the container.

The fact that modprobe is confused about things is a different matter. You can look at /proc/modules inside the container if you want to make sure.

MirtoBusico · June 18, 2019, 6:40am

Thanks it is working: I can see the module loaded in the VM and in the container

sysop@hoseplak3s:~$ cat /proc/modules | grep overlay
overlay 94208 0 - Live 0x0000000000000000
sysop@hoseplak3s:~$ lxc exec k3s-lxc bash
root@k3s-lxc:~# cat /proc/modules | grep overlay
overlay 94208 0 - Live 0xffffffffc06dc000
root@k3s-lxc:~#