LXC unprivileged containers require these steps for snapd (required by certbot) #4539

New Issue

Closed

opened 2025-12-29 18:37:04 +01:00 by adam · 3 comments

adam commented 2025-12-29 18:37:04 +01:00

Owner

Copy Link

Originally created by @lewisbergman on GitHub (Feb 7, 2021).

Change Type

[ X ] Addition
[ ] Correction
[ ] Deprecation
[ ] Cleanup (formatting, typos, etc.)

Area

[ X ] Installation instructions
[ ] Configuration parameters
[ ] Functionality/features
[ ] REST API
[ ] Administration/development
[ ] Other

Proposed Changes

On the HTTP server step, Obtain an SSL Certificate.
Certbot now requires snapd as step 2 of it's install. Snapd requires a privileged environment to mount a files system. If you have installed netbox in an unprivileged environment this will run into issues with snapd and it will install but not run. I found the post here extremely helpful in resolving the issue. Maybe worth a reference. My install was in a Proxmox unprivileged LXC container. When you set up an LXC container in Proxmox one of the settings you cannot change later is privilege.
It might be worth mentioning in the beginning (not that certbot installs issues are your problem) that you either need to set up a privileged container (likely only available if you own the cluster, which you might if you are installing netbox) or get ready to follow the instructions listed on the post.
The steps required to get it running boil down to:

1. Add the following on the host for the container in /etc/pve/lxc/<container ID>

# Mounting fuse (for snap squashfs)
lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file,optional
# Mount cgroup in rw to get snaps working
lxc.mount.auto=cgroup:rw

2. Restart the container
3. sudo mkdir /lib/modules <== I can't verify I needed this step but it was harmless so I did it anyway.
4. sudo apt install squashfuse fuse
sudo apt install snapd
   Now you can continue installing certbot as instructed.
   The issues I experienced when installing netbox, other than the inability to read what the doc said and general stupidity, were all certbot related. This is all based on the latest releases as of 02/06/2021.

I would guess you could avoid the whole snapd thing by using one of the package managers but I didn't know if that would get the latest certbot.

Originally created by @lewisbergman on GitHub (Feb 7, 2021). ### Change Type [ X ] Addition [ ] Correction [ ] Deprecation [ ] Cleanup (formatting, typos, etc.) ### Area [ X ] Installation instructions [ ] Configuration parameters [ ] Functionality/features [ ] REST API [ ] Administration/development [ ] Other <!-- Describe the proposed change(s). --> ### Proposed Changes On the HTTP server step, Obtain an SSL Certificate. Certbot now requires snapd as step 2 of it's install. Snapd requires a privileged environment to mount a files system. If you have installed netbox in an unprivileged environment this will run into issues with snapd and it will install but not run. I found the post [here](https://github.com/lxc/lxc/issues/1854) extremely helpful in resolving the issue. Maybe worth a reference. My install was in a Proxmox unprivileged LXC container. When you set up an LXC container in Proxmox one of the settings you cannot change later is privilege. It might be worth mentioning in the beginning (not that certbot installs issues are your problem) that you either need to set up a privileged container (likely only available if you own the cluster, which you might if you are installing netbox) or get ready to follow the instructions listed on the post. The steps required to get it running boil down to: 1. Add the following on the host for the container in `/etc/pve/lxc/<container ID>` ``` # Mounting fuse (for snap squashfs) lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file,optional # Mount cgroup in rw to get snaps working lxc.mount.auto=cgroup:rw ``` 2. Restart the container 3. `sudo mkdir /lib/modules` <== I can't verify I needed this step but it was harmless so I did it anyway. 4. `sudo apt install squashfuse fuse` `sudo apt install snapd` Now you can continue installing certbot as instructed. The issues I experienced when installing netbox, other than the inability to read what the doc said and general stupidity, were all certbot related. This is all based on the latest releases as of 02/06/2021. I would guess you could avoid the whole snapd thing by using one of the package managers but I didn't know if that would get the latest certbot.

adam closed this issue 2025-12-29 18:37:05 +01:00

adam commented 2025-12-29 18:37:05 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Feb 8, 2021):

The official documentation does not involve or support containers. Maybe you want the netbox-docker project?

@jeremystretch commented on GitHub (Feb 8, 2021): The official documentation does not involve or support containers. Maybe you want the [netbox-docker project](https://github.com/netbox-community/netbox-docker)?

adam commented 2025-12-29 18:37:06 +01:00

Author

Owner

Copy Link

@lewisbergman commented on GitHub (Feb 8, 2021):

Maybe.
I understand you can't account for every permutation that some edge case
might use. I guess what I am saying is even just a mention of containers,
the Docker project, and a link to a page with information on what you can
expect and maybe pointing out some experiences you have become aware of.

Docker isn't a great choice for me. I use Proxmox clusters which have had
varying success with Docker even though Docker is LXC based there evidently
enough differences to make it troublesome to run Docker in an LXC.

Finding your program wasn't all that easy and no google search I used
turned up the Docker project. I probably missed it but maybe you referred
to Docker in the docs somewhere.

At any rate, thanks for the great program!

On Mon, Feb 8, 2021 at 9:29 AM Jeremy Stretch notifications@github.com
wrote:

The official documentation does not involve or support containers. Maybe
you want the netbox-docker project
https://github.com/netbox-community/netbox-docker?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/netbox-community/netbox/issues/5762#issuecomment-775229446,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ASYATWLBR7EMIFS6ONUGEO3S577NXANCNFSM4XHWH63A
.

--
Lewis Bergman
325-439-0533 Cell

@lewisbergman commented on GitHub (Feb 8, 2021): Maybe. I understand you can't account for every permutation that some edge case might use. I guess what I am saying is even just a mention of containers, the Docker project, and a link to a page with information on what you can expect and maybe pointing out some experiences you have become aware of. Docker isn't a great choice for me. I use Proxmox clusters which have had varying success with Docker even though Docker is LXC based there evidently enough differences to make it troublesome to run Docker in an LXC. Finding your program wasn't all that easy and no google search I used turned up the Docker project. I probably missed it but maybe you referred to Docker in the docs somewhere. At any rate, thanks for the great program! On Mon, Feb 8, 2021 at 9:29 AM Jeremy Stretch <notifications@github.com> wrote: > The official documentation does not involve or support containers. Maybe > you want the netbox-docker project > <https://github.com/netbox-community/netbox-docker>? > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/netbox-community/netbox/issues/5762#issuecomment-775229446>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ASYATWLBR7EMIFS6ONUGEO3S577NXANCNFSM4XHWH63A> > . > -- Lewis Bergman 325-439-0533 Cell

adam commented 2025-12-29 18:37:06 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Feb 8, 2021):

The scope of the installation documentation is necessarily strictly limited, as every line of it needs to be maintained and tested with new releases. Anything pertaining to containers would unfortunately be out of scope.

@jeremystretch commented on GitHub (Feb 8, 2021): The scope of the installation documentation is necessarily strictly limited, as every line of it needs to be maintained and tested with new releases. Anything pertaining to containers would unfortunately be out of scope.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#4539