Arch Linux

newsboost

Member

Registered: 2016-07-24

Posts: 157

Proxmox/LXC: Cannot load "dm_mod" into kernel, arch-linux containerize

Hi there,

I'm experimenting with Linux Containers (LXC) and virtualization and I need the newest (or almost) version of cryptsetup, because I discovered that the older one from debian won't work. And Arch Linux is very much upto-date, some call it "bleeding edge", for that reason I want to use arch linux. In proxmox I've installed what they call a template: "archlinux-base_20201116-1_amd64.tar.gz". It's super light (LXC) - I prefer this to a "full virtualized Arch Linux", if it is possible (maybe it isn't possible - but please let me hear). First few problem(s):

# cryptsetup luksOpen hugeDataluks someData
Enter passphrase for hugeDataluks:
Cannot initialize device-mapper. Is dm_mod kernel module loaded?
Cannot use device someData, name is invalid or still in use.

# modprobe -v dm_mod
modprobe: FATAL: Module dm_mod not found in directory /lib/modules/5.4.65-1-pve

I then tried (+ added "MODULES=(dm_mod)" to /etc/mkinitcpio.conf:

# pacman -S mkinitcpio
vim /etc/mkinitcpio.conf

#  mkinitcpio -p linux
/usr/bin/mkinitcpio: line 268: /etc/mkinitcpio.d/linux.preset: No such file or directory
==> ERROR: Failed to load preset: `/etc/mkinitcpio.d/linux.preset'

And now I'm out of ideas.... DAMN IT... I hoped so much I could do this, instead of having to install the "full virtual Arch Linux"... Does anyone know if this can be fixed - or maybe you have some ideas I can/could test (I hope) or do I have to go for the full install, for this to succeed? I really hope someone can help here, thanks!

qinohe

Member

From: Netherlands

Registered: 2012-06-20

Posts: 1,596

Re: Proxmox/LXC: Cannot load "dm_mod" into kernel, arch-linux containerize

You do realize you're running a Debian kernel using a container?
It should be possible though, using the perl script in '/usr/share/pve-docs/examples/guest-example-hookscript.pl' and adding your specific cryptsetup needs to it.
Use 'pct' guide to get your feet wet;), look for 'pve-docs/chapter-pct.html#_hookscripts'

There is someone who has already made a start, you can find it in this forum post; https://forum.proxmox.com/threads/custo … ner.62973/
Like the Proxmox guy, I vote against, though, use a KVM, full control and all tools, kernel available without a hassle.
If you do go the 'hard way' kudos upfront and let me know how things worked out for you;)

newsboost

Member

Registered: 2016-07-24

Posts: 157

Re: Proxmox/LXC: Cannot load "dm_mod" into kernel, arch-linux containerize

You do realize you're running a Debian kernel using a container?

Yes, but someone or somebody made that Arch linux container, so it wouldn't make sense to include it, if it didn't work or wasn't usable...

It should be possible though, using the perl script in '/usr/share/pve-docs/examples/guest-example-hookscript.pl' and adding your specific cryptsetup needs to it.
Use 'pct' guide to get your feet wet;), look for 'pve-docs/chapter-pct.html#_hookscripts'

hmm, I found this instead, must be the same: https://pve.proxmox.com/pve-docs/chapter-pct.html ; but I'm not very experienced with proxmox. I haven't really understood how these hook-scripts should help. As I understand it, they're used to run commands e.g. during pre-start, post-start, pre-stop, post-stop etc... If a command fails - like in my case - I don't really see the difference? Did I misunderstand you? I bet...

There is someone who has already made a start, you can find it in this forum post; https://forum.proxmox.com/threads/custo … ner.62973/
Like the Proxmox guy, I vote against, though, use a KVM, full control and all tools, kernel available without a hassle.
If you do go the 'hard way' kudos upfront and let me know how things worked out for you;)

Ok, but that guy doesn't have the same problem as I do: 1) I'm running a samba-server on an Alpine-Linux-container with a LUKS-loop-device bind mounted, so all other machines can access the "raw LUKS-file". Now I want to decrypt the LUKS-file/container, but I need a pretty new version of cryptsetup, otherwise I cannot mount the image (don't ask why, I get errors, something about "mount: wrong fs type, bad option, bad superblock on /dev/mapper/...., missing codepage or helper program, or other error", for some hours I really thought my data was corrupted! - but no, it works with a newer cryptsetup-version)... 2) About running a full VM vs a container: I wanted to run with as few resources as possible, but it seems I might have to go for the full VM-solution...

Also, about that link: I don't even think he's running Arch Linux. So as far as I can see, that guy has a fully working "cryptsetup"-utility on his system. But I don't. I have problems with the device-mapper-module (dm_mod)... So I think there's a huge difference between his problem and my problem and it looks like I'll have to forget about that Arch-linux template and go for the full VM-solution... But thanks for the feedback.

Last edited by newsboost (2020-11-24 01:33:43)

qinohe

Member

From: Netherlands

Registered: 2012-06-20

Posts: 1,596

Re: Proxmox/LXC: Cannot load "dm_mod" into kernel, arch-linux containerize

Yes, but someone or somebody made that Arch linux container, so it wouldn't make sense to include it, if it didn't work or wasn't usable...

What I meant to say was, You're running Arch with a Debian kernel, and yes of course it works, but that's beside the point..

hmm, I found this instead, must be the same: https://pve.proxmox.com/pve-docs/chapter-pct.html ; but I'm not very experienced with proxmox. I haven't really understood how these hook-scripts should help. As I understand it, they're used to run commands e.g. during pre-start, post-start, pre-stop, post-stop etc... If a command fails - like in my case - I don't really see the difference? Did I misunderstand you? I bet...

Yes, that link is correct. Well my understanding was/is you can do things like encrypting/decrypting which are basically also just a bunch of commands with it.

Ok, but that guy doesn't have the same problem as I do: 1) I'm running a samba-server on an Alpine-Linux-container with a LUKS-loop-device bind mounted, so all other machines can access the "raw LUKS-file". Now I want to decrypt the LUKS-file/container, but I need a pretty new version of cryptsetup, otherwise I cannot mount the image (don't ask why, I get errors, something about "mount: wrong fs type, bad option, bad superblock on /dev/mapper/...., missing codepage or helper program, or other error", for some hours I really thought my data was corrupted! - but no, it works with a newer cryptsetup-version)... 2) About running a full VM vs a container: I wanted to run with as few resources as possible, but it seems I might have to go for the full VM-solution...

Also, about that link: I don't even think he's running Arch Linux. So as far as I can see, that guy has a fully working "cryptsetup"-utility on his system. But I don't. I have problems with the device-mapper-module (dm_mod)... So I think there's a huge difference between his problem and my problem and it looks like I'll have to forget about that Arch-linux template and go for the full VM-solution... But thanks for the feedback.

That is true, your 'problems are not the same, but sometimes it's about the method used and it seemed like a good thing to show you to maybe get ideas from.
Sorry if you feel misled. But it seemed like a good idea from you, and these were the things I had to offer to hopefully get you started. However, I did/do think a VM is the best way to get what you need in the first place.

newsboost

Member

Registered: 2016-07-24

Posts: 157

Re: Proxmox/LXC: Cannot load "dm_mod" into kernel, arch-linux containerize

That is true, your 'problems are not the same, but sometimes it's about the method used and it seemed like a good thing to show you to maybe get ideas from.
Sorry if you feel misled. But it seemed like a good idea from you, and these were the things I had to offer to hopefully get you started. However, I did/do think a VM is the best way to get what you need in the first place.

My main issue - if this is possible at all - I think would depend on if someone who's really much into kernel stuff, understands and knows a (possible) work-around for the modprobe error:

# modprobe -v dm_mod
modprobe: FATAL: Module dm_mod not found in directory /lib/modules/5.4.65-1-pve

I prefer to run a lightweight container, if the job can be done without starting up a full VM. Guess it's due to how the Arch kernel is made, probably in that image/template they didn't make dm-mod a loadable module and I'm guessing I cannot use that image ("template", they call it) for my purpose... Well, thanks, though, at least I can spin up a whole VM instead, when/if all else fails, just wanted to hear if there is/was a possible solution, I guess not then...

qinohe

Member

From: Netherlands

Registered: 2012-06-20

Posts: 1,596

Re: Proxmox/LXC: Cannot load "dm_mod" into kernel, arch-linux containerize

I can understand you prefer the LW container although the overhead of a Arch VM is not that big, depending on the underlying HW of course.
No, 'dm_mod' is not build into the PVE kernel.
There does exist a tool 'module-assistant' (see) https://wiki.debian.org/ModuleAssistant which you could use to compile and install a module for your current kernel.
Because this kinda is experimenting in the first place, I can't guarantee success but may be worth a try.

newsboost

Member

Registered: 2016-07-24

Posts: 157

Re: Proxmox/LXC: Cannot load "dm_mod" into kernel, arch-linux containerize

I can understand you prefer the LW container although the overhead of a Arch VM is not that big, depending on the underlying HW of course.
No, 'dm_mod' is not build into the PVE kernel.

It's just a consumer desktop pc with intel i7, 2x2 = 4 cores (incl. hyperthreading), but it got 32 GB of RAM and SSD disks for the OS... Anyway, I think I have no choice but to run the full VM...

There does exist a tool 'module-assistant' (see) https://wiki.debian.org/ModuleAssistant which you could use to compile and install a module for your current kernel.
Because this kinda is experimenting in the first place, I can't guarantee success but may be worth a try.

Yes, it sounds a bit experimental... But thanks a lot for the link, maybe in the weekend where I've got some more sparetime I should dig a bit more into it...

My Proxmox-setup is: I'm using bind-mount (of encrypted LUKS-files) from Proxmox to a linux container (LXC), which starts up in seconds, which is really nice (one of the reasons I hoped I could take this path). But because I cannot decrypt it (cryptsetup is too old), I'm running a  Samba/CIFS/SMB-server on the Alpine Linux container, just so the data can be decrypted elsewhere. I read the encrypted LUKS-files from Samba/SMB/CIFS into the virtualized Arch Linux (=I mount the SMB-share from Alpine), then I decrypt the LUKS-container - and next step I think is that I'll start another Samba/CIFS/SMB-share so my other machines (home network) can access the decrypted data from the Arch Linux VM... So data is/will be passing through 1 linux container (Alpine linux) and 1 virtual machine (Arch Linux), before it is saved on the Proxmox-host (on ZFS-filesystem)... I feel there's quite some overhead (but haven't made any measurements)... Alternatively, maybe I should see if I can "remove" the ZFS-partition from the proxmox-host and see if I can figure out how to assign it 100% to the Arch Linux-VM (I'll have to learn this, I'm a proxmox-noob). Then the LUKS-encrypted data only needs decryption on the Arch Linux VM (+ Samba/SMB/CIFS-share to local network) and data is only seen by the Arch Linux-VM... hmm.... I'll think a bit about it or check out in the Proxmox-forum... Thanks for your help, I'm convinced that the full VM-solution is needed, as you also suggest I use instead...

qinohe

Member

From: Netherlands

Registered: 2012-06-20

Posts: 1,596

Re: Proxmox/LXC: Cannot load "dm_mod" into kernel, arch-linux containerize

Well, the way you manage encrypted storage is probably a much saner way than I manage mine;) I agree on the fact that you could let it manage by just one VM running both the LUKS encrypted storage and the NAS, I do that in a slightly different way, but it ain't bad.
I have a VM running a NAS SMB/NFS wich has a 'normal' FS for all plain files and it holds encrypted containers for data I like to have secured. I do this with 'tcplay' (see)https://wiki.archlinux.org/index.php/Tcplay. The only difference is my files are arriving still encrypted on the remote host and decrypted there. You\d need a solution on CT's like bind's for loop devices, again I choose the easy way, SFTP and SSH/rsync..

newsboost

Member

Registered: 2016-07-24

Posts: 157

Re: Proxmox/LXC: Cannot load "dm_mod" into kernel, arch-linux containerize

Well, the way you manage encrypted storage is probably a much saner way than I manage mine;) I agree on the fact that you could let it manage by just one VM running both the LUKS encrypted storage and the NAS, I do that in a slightly different way, but it ain't bad.

Interesting to hear, thanks :-)

I have a VM running a NAS SMB/NFS wich has a 'normal' FS for all plain files and it holds encrypted containers for data I like to have secured. I do this with 'tcplay' (see)https://wiki.archlinux.org/index.php/Tcplay. The only difference is my files are arriving still encrypted on the remote host and decrypted there. You\d need a solution on CT's like bind's for loop devices, again I choose the easy way, SFTP and SSH/rsync..

I didn't knew about 'tcplay', thanks for that, I remember using truecrypt on windows, many years ago, but I have the impression that development on cryptsetup is the best, for linux-systems. I also thought about leaving the encrypted, but then on each host I would have to decrypt and sometimes I switch between machines and don't want the extra risk of multiple network-devices accesing the encrypted file at once (I'm thinking this could cause data corruption). In any case, I think the topic is turning over to something else know, I think I'll continue in the proxmox-forums a bit later, when I have some extra spare-time. Thanks for your ideas/comments/feedback :-)