Not today... - Shared Mount

Sun Jan 16 2022

comments

Shared Mount

I have Kubernetes at home. I use it for my own infrastructure and my own server. I will maybe start a series of post about it in the future. However, today I will speak about a really specific issue I ran into.

For my Kubernetes cluster I needed to deploy a monitoring stack. I am using the now standard prometheus + grafana (and some others services) to handle this. To monitor my host machine I am using the node exporter project in a daemon-set and mount the entire host system in it so it can be monitored.

During the deployment the node exporter pod was crashing with the following error:

Error: failed to start container "node-exporter": Error response from daemon:
	path / is mounted on / but it is not a shared or slave mount
Error: failed to start container "node-exporter": Error response from daemon:
	path /sys is mounted on /sys but it is not a shared or slave mount

Little did I know about this kind of issue or even what was a slave mount or a shared mount. I ended up checking the world wide web and found out a bunch of explanation about it. Here is the stack exchange page which describe it the best in the most concise way.

Now that I knew about it, it was only one command away:

mount --make-rshared /

Since this is recursive and I will need the root directory for node exporter, I only need to run it once (no need to go for /sys or /run as they are below /). However, there might be security considerations here so use this line with caution. If I find better info I will amend this article.

Next step is to make me able to check if a specific directory is shared or not. I wanted this check to be as simple as possible (so no extra command to install). I ended up finding this information in the /proc directory.

cat /proc/self/mountinfo | grep <path_to_check>

Another thing is to make this change permanent. At first, I thought this was some kind of a mount option. I ended up reading (not properly I have to confess) /etc/fstab without finding any evidence on how to do this. It appeared that you may have to run the --make-shared option at every boot phase. Since I am using alpine linux I followed those instructions to ensure my filesystem was mounted properly:

install -D -m 0755 /dev/stderr /etc/local.d/10-mount.start 2<<-EOF
	#!/bin/sh
	mount --make-rshared /
EOF
rc-update add local default

This conclude this small article, I hope it could be useful for someone else. All in all this is a good personal reminder of what I did and how I managed to make it work. Cheers!