Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proxmox LXC containers attempting to insert kernel modules #190

Closed
gregorydlogan opened this issue Aug 16, 2023 · 3 comments · Fixed by #200
Closed

Proxmox LXC containers attempting to insert kernel modules #190

gregorydlogan opened this issue Aug 16, 2023 · 3 comments · Fixed by #200

Comments

@gregorydlogan
Copy link
Contributor

gregorydlogan commented Aug 16, 2023

I've got a set of unprivileged Debian 11 LXCs running in Proxmox which are attempting to insert the WireGuard kernel module when running this role. Looking at the logic here, I'm wondering if there needs to be an additional flag set in the PVE guest bits which will turn off the insert? Normally I'd suggest checking to see if the module is already loaded, but inside the LXC we can't.

To be clear, completely disabling the load makes things work just fine since the host already has the relevant module loaded.

Edit: This seems similar to #103, but maybe from the other side of the coin?

@githubixx
Copy link
Owner

Well, I don't know that much about LXC. Currently it's assumed that this role will be executed on a "normal" host or virtual machine were modprobe runs just fine. I also can't really test this kind of setup.

One possibility could be to introduce a variable like wireguard_probe_module that by default is set to true but as in your case can be set to false.

But maybe even better would be to add a new tag to the task you mentioned above and run ansible-playbook playbook.yml --skip-tags=.... In that case it would be possible to skip that part. Currently it only has the tag wg-install. But if you skip that then it would skip too much tasks.

@gregorydlogan
Copy link
Contributor Author

What about something like gregorydlogan@a924da1? Then it's automated, and if we can't write to /proc there's no point in trying to modprobe anyway.

@githubixx
Copy link
Owner

As said I don't know that much about LXC. If /proc not owned by root is an attribute to identify a LXC container then that might also be possibility to implement.

gregorydlogan added a commit to gregorydlogan/ansible-role-wireguard that referenced this issue Mar 5, 2024
…guard into master

Pull request githubixx#200
Fixes githubixx#190
  Enable skipping of wg kernel module install
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants