Skip to content

Commit

Permalink
Revert README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@cmspam
cmspam authored May 4, 2024
1 parent 9760691 commit 1f5667f
Showing 1 changed file with 21 additions and 6 deletions.
27 changes: 21 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,16 @@ Alpine versions are also available, only in Dockerfile form. These will not be p

How to use it:

*Note*: If you use docker and want to use a bridge created by incus, you'll need to fix iptables:
*Note*: If you use the environment variable SETIPTABLES=true, it will be adding:
```
iptables (or iptables-legacy) -I DOCKER-USER -j ACCEPT
ip6tables (or ip6tables-legacy) -I DOCKER-USER -j ACCEPT
```

The reason is that, without doing this, docker's iptables settings will be blocking the connections from the incus bridge you create, and your containers/vms will not be able to access the internet. If you use podman, it's not needed.

*Note*: If you want to use LXCFS support, you can set the environment variable USELXCFS=true and mount your volume at /var/lib/lxcfs

# To use the image

First, make the directory to hold incus configuration:
Expand Down Expand Up @@ -50,15 +52,30 @@ With Docker:
docker run -d \
--name incus \
--privileged \
--env SETIPTABLES=true \
--restart unless-stopped \
--network host \
--volume /sys/fs/cgroup:/sys/fs/cgroup:rw \
--volume /dev:/dev \
--volume /var/lib/incus:/var/lib/incus \
--volume /lib/modules:/lib/modules:ro \
ghcr.io/cmspam/incus-docker:latest
```

# Fixing cgroups issue

If you run 'podman logs incus' you may see an error such as
```
level=error msg="balance: Unable to set cpuset" err="setting cgroup item for the container failed"
name=(container) value="0,1,2,3"
```

We can fix this by adding the following kernel boot parameter, then reboot:
```systemd.unified_cgroup_hierarchy=0```

*IMPORTANT:* --volume /sys/fs/cgroup:/sys/fs/cgroup:rw is necessary for this to work. Make sure it's passed through.

If someone comes up with a way to continue to use unified hierarchy with working cpuset functionality, please let me know.

# AppArmor

If you have AppArmor enabled on your setup, you may need to add permissions to dnsmasq so that it can work with Incus without permission errors. Here is an example of how to do so with OpenSuse Tumbleweed, but it should be similar for other distributions.
Expand All @@ -79,10 +96,8 @@ If you want to use AppArmor functionality in incus, you can pass it through to t

# OpenVSwitch

If you plan to use OpenVSwitch, add this line to your docker/podman command:
```--volume /run/openvswitch:/openvswitch```
The startup script will bind mount /openvswitch to /run/openvswitch in the container, bypassing issues of it being deleted otherwise.

If you use OpenVSwitch, add this line to your docker/podman command:
```--volume /run/openvswitch:/run/openvswitch```

# Alpine-based Image

Expand Down

0 comments on commit 1f5667f

Please sign in to comment.