I recently migrated from Core to Scale. In Core, I was running a Roon server within a Debian VM. This time I decided to go lightweight with the new Incus LXC containers. The server is up and running, and clients recognize it; however, when I go to attach an smb share on the same TrueNAS host, it’s unsuccessful.
I proceed to troubleshoot various network connection attempts. I initiate a shell into the container and attempt an ssh into the TrueNAS host. I can ssh into the TrueNAS host from other computers on my network; however, from within the container I get ssh: connect to host <host ip> port 22: No route to host. What’s strange is that I can ssh into other computers on my network from within the container.
Does anyone have any ideas as to what’s going on? Any insight would be much appreciated.
Never used macvlan myself, so can’t help you with the exact networking question. However, you can mount a host directory into an LXC container. Moreover, you can mount it as read-only. Perhaps this can solve your issue.
@swc-phil, thanks for the reply. I tried the “add disk” route for other datasets to which I needed write access. I’m still trying to get that to work. The Roon server connects specifically through smb shares, however.
In Truenas Scale 24.04 (and 24.10) if apps had to connect with host I had to do a Bridge connection. I have to create a bridge (br0) and add the nic (eno1) to the bridge and then all apps can connect. I dont know if 25.04 will be the same.
With LXC containers there is also generally a limitation to mounting SMB or NFS shares, due to the container being unprivileged. For example in Proxmox, you must mount the SMB share on the host files system then bind mount it into the LXC container. The alternative is use a privileged container, which a security risk.
I like the suggestion to just bind mount the dataset your library sits on if you want to go LXC
Thanks for the info. That seems promising. I assume that once you have the NIC setup on the bridge, the lxc instance then has its own MAC address that’s broadcast to the local network. Is that true? Would you be able to point me to some documentation on how to do this?
Thanks for the reply. You’re correct. I had forgotten and misspoke. I tried the add “disks” approach, and permissions seemed to be a nightmare. I need Roon to not only be able to read the media but to write as well as the host “disks” are where I store the Roon index backups.
The issue seems to be when I add as a “disk” a dataset that’s configured as an smb share. I can’t get permissions to work for the life of me. I add the group “apps” to the ACL with modify permissions, and I still can’t write to the “disk” from within the lxc. I’ve also tried just adding the user “apps” to the ACL.
