Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save Drallas/7e4a6f6f36610eeb0bbb5d011c8ca0be to your computer and use it in GitHub Desktop.
Save Drallas/7e4a6f6f36610eeb0bbb5d011c8ca0be to your computer and use it in GitHub Desktop.

Mount Volumes into Proxmox VMs with Virtio-fs

Part of collection: Hyper-converged Homelab with Proxmox

Virtio-fs is a shared file system that lets virtual machines access a directory tree on the host. Unlike existing approaches, it is designed to offer local file system semantics and performance. The new virtiofsd-rs Rust daemon Proxmox 8 uses, is receiving the most attention for new feature development.

Performance is very good (while testing, almost the same as on the Proxmox host)

VM Migration is not possible yet, but it's being worked on!


Screenshot 2023-09-27 at 17 47 52


Since I have a Proxmox High Available cluster with Ceph, I like to mount the Ceph File System, with CephFS Posix-compliant directories into my VM’s. I have been playing around with LXC container and Bind Mounts and even successfully setup Docker Swarm in LXC Containers. Unfortunately, this is not a recommended configuration and comes with some trade-offs and cumbersome configuration settings.

This Write-Up explains how to Create Erasure Coded CephFS Pools to store Volumes that than can be mounted into a VM via virtiofs.

Install virtiofsd

| This procedure has been tested with Ubuntu Server 22.04 and Debian 12!

Proxmox 8 Nodes, don’t have virtiofsd installed by default, so the first step is to install it.

apt install virtiofsd -y

# Check the version
/usr/lib/kvm/virtiofsd --version
virtiofsd backend 1.7.0

virtiofsd 1.7.0 has many issues (hangs after rebooting the vm, superblock errors etc...) version 1.7.2 and 1.8.0 seems to work much better, it can be found at virtio-fs releases page. But be carefull this package is not considered stable and not even in unstable Debian Package Tracker.

Add the hookscript to the vm

Still on the Proxmox host!

Get the Hookscript files files and copy them to /var/lib/vz/snippets, and make executable.

Or use the script to download the scripts files automatically to /var/lib/vz/snippets.

cd ~/
sudo sh -c "wget"
sudo chmod +x ~/

Modify the conf file

To set the VMID and the folders that a VM needs to mount, open the virtiofs_hook.conf file.

sudo nano /var/lib/vz/snippets/virtiofs_hook.conf

Set the Hookscript to an applicable VM

Set the hookscript to a VM.

qm set <vmid> --hookscript local:snippets/

That's it, when it's added to the VM, the script does it magic on VM boot:

  • Adding the correct Args section to the virtiofsd args: -object memory-backend-memfd,id=mem,size=4096M,share=on -numa node........
  • Creating the sockets that are needed for the folders.
  • Cleanup on VM Shutdown

Start / Stop VM

The VM can now be started and the hookscript takes care of the virtiofsd part.

qm start <vmid>


Check the processes virtiofsd ps aux | grep virtiofsd or systemctl | grep virtiofsd for the systemd services.

If all is good, it looks like this: Screenshot 2023-09-23 at 12 51 55

Mount inside VM

Linux kernel >5.4 inside the VM, supports Virtio-fs natively

Mounting is in the format: mount -t virtiofs <tag> <local-mount-point>

To find the tag

On the Proxmox host; Exucute qm config <vmid> --current and look for the tag=xxx-docker inside the args section args: -object memory-backend-memfd,id=mem,size=4096M,share=on -numa node,memdev=mem -chardev socket,id=char1,path=/run/virtiofsd/xxx-docker.sock -device vhost-user-fs-pci,chardev=char1,tag=<vmid>-<appname>

# Create a directory
sudo mkdir -p /srv/cephfs-mounts/<foldername>

# Mount the folder
sudo mount -t virtiofs mnt_pve_cephfs_multimedia /srv/cephfs-mounts/<foldername>

# Add them to /etc/fstab
sudo nano /etc/fstab

# Mounts for virtiofs
# The nofail option is used to prevent the system to hang if the mount fails!
<vmid>-<appname>  /srv/cephfs-mounts/<foldername>  virtiofs  defaults,nofail  0  0
# Mount everything from fstab
sudo systemctl daemon-reload && sudo mount -a

# Verify
ls -lah /srv/cephfs-mounts/<vmid>-<appname>


  1. New Vm's tend to trow a 'superblock' error on first boot:
mount: /srv/cephfs-mounts/download: wrong fs type, bad option, bad superblock on mnt_pve_cephfs_multimedia, missing codepage or helper program, or other error.
       dmesg(1) may have more information after failed mount system call.

To solve this, I poweroff the vm sudo /sbin/shutdown -HP now and then start it again from the host with qm start <vmid>, everything should mount fine now.

  1. Adding an extra volume throws also a 'superblock' error.
qm stop <vmid>
sudo nano /etc/pve/qemu-server/<vmid>.conf
# Remove the Arg entry
`args: -object memory-backend-memfd,id=mem,size=4096M,share=on..
qm start <vmid>

Now the Volume's all have a superblock error; I poweroff the vm sudo /sbin/shutdown -HP now and then start it again from the host with qm start <vmid>, everything should mount fine again.


To remove Virtio-fs from a VM and from the host:

nano /etc/pve/qemu-server/xxx.conf

# Remove the following lines
hookscript: local:snippets/
args: -object memory-backend-memfd,id=mem,size=4096M,share=on..

Disable each virtiofsd-xxx service, replace xxx with correct values or use (* wildcard) to remove them all at once.

systemctl disable virtiofsd-xxx
sudo systemctl reset-failed virtiofsd-xxx

This should be enough, but if the reference persist:

# Remove leftover sockets and services.
rm -rf /etc/systemd/system/virtiofsd-xxx
rm -rf /etc/systemd/system/xxx.scope.requires/
rmdir /sys/fs/cgroup/system.slice/'system-virtiofsd\xxx' 

If needed reboot the Host, to make sure all references are purged from the system state.


Moved to:
# get-hook retained to keep it's commit history!
# Moved to:
Copy link

Drallas commented Sep 23, 2023

For stuff that’s requires uptime and stability (DNS, Monitoring, Plex,…) I use LXCs and VMs (without Virtiofs for now). As long as the Services on 📍ed Docker Swarm Nodes roam I’m good.

But I do like to use real Docker Volumes over just mounting a folder, not sure yet how to do that with Virtiofs.

That’s why GlusterFS is still considered, I could put the bricks on the 90% unused empty system NVMe (512 Gb) in my Nodes. More than enough to store all my Docker persistent data. And with PBS I have good backups of them anyway, so no need to worry that much.

Copy link

scyto commented Sep 23, 2023

agree with everything you said, given my #1 prio is migrating from hyper-v this is my current plan for the weekend... (its still lunch time here) this is the only thing where i have written the steps before I do it to make sure I reduce the risks of mistakes in the move,..... i have only done one 'production' LXC so far... i doubt i will do more as i am heavily invested in portainer....


Copy link

Drallas commented Sep 24, 2023

I was all in on LXC; tteck’s Proxmox VE helper scripts, make it a breeze to bring them to life. But most stuff runs great in a Docker swarm.

Guess I will do an overview of my Homelab after I’m done with this migration cycle, I’d like to explain the why behind it all.

Copy link

dvino commented Oct 31, 2023

It would probably be better to put the path configuration for VMs in a separate file.

Create config file /etc/pve/qemu-server/virtiofs_hook.conf

101: /mnt/pve/cephfs/<folder1>, /mnt/pve/cephfs/<folder2>
102: /mnt/pve/cephfs/<folder1>, /mnt/pve/cephfs/<folder2>, /mnt/pve/cephfs/<folder3>

Replace the following lines with these lines

my $conf_file = '/etc/pve/qemu-server/virtiofs_hook.conf';
my %associations;

open my $cfg, '<', $conf_file or die "Failed to open virtiofs_hook.conf";
while (my $line = <$cfg>) {
    chomp $line;
    my ($vm_id, $paths_str) = split /:/, $line;
    my @path = split /,/, $paths_str;
    $associations{$vm_id} = \@path;

close $cfg or warn "Close virtiofs_hook.conf failed: $!";

Just tested it on my Proxmox. It works fine

Copy link

Drallas commented Oct 31, 2023

@dvino Yes I totally agree, need to update one of my Hosts Virtiofsd configs soon; I will use this then.

Copy link

dvino commented Oct 31, 2023

And also need to replace the regular expression in this line.

my $share_id  = $_ =~ m!/([^/]+)$! ? $1 : ''; # only last folder from path

Because if there is a slash at the end of the folder path, it will cause an incorrect result.

I think this should work right

my $share_id = $_ =~ m/.*\/([^\/]+)/ ? $1 : '';  # only last folder from path

Copy link

Drallas commented Nov 1, 2023

@dvino I moved the Hookscript to a Git Repo and incorporated your changes there and adjusted this file too.

Ran a test and it all works! Tnx.

Copy link

Is it possible to run the hookscript on a guest that is setup with cloud-init?

I tried the method described above but with no luck: the guest does not recognize the tags.

It looks like the guest doesn't receive the correct args values.

proxmox$ sudo qm config 100 --current

args: -fw_cfg name=opt/com.coreos/config,file=/etc/pve/geco-pve/coreos/100.ign
hookscript: local:snippets/

Copy link

Drallas commented Mar 15, 2024

Is it possible to run the hookscript on a guest that is setup with cloud-init?

I tried the method described above but with no luck: the guest does not recognize the tags.

It looks like the guest doesn't receive the correct args values.

proxmox$ sudo qm config 100 --current

args: -fw_cfg name=opt/com.coreos/config,file=/etc/pve/geco-pve/coreos/100.ign
hookscript: local:snippets/

No idea didn’t try this. Did you install virtiofs and is it working properly?

Copy link

Yes, I followed your guide - very helpful btw - and have it running and tested working on another guest.

I'm still trying to track down what's happening exactly: I can see an instance of virtiofsd that matches the guest cloud-init machine but the tags don't come up in the output of qm config 100 --current, and when I try to mount the file system it gives:

$ sudo mount -t virtiofs 100-100 /mnt/virtio_independent
mount: /var/mnt/virtio_independent: wrong fs type, bad option, bad superblock on 100-100, missing codepage or helper program, or other error.


From the output it looks like something might be happening during pre-start?

In the end the args become set as in the last line of post-start.



100 is starting, doing preparations.
Creating directory: /run/virtiofsd/
attempting to install unit virtiofsd-100-common...
attempting to install unit virtiofsd-100-100...
ERROR: /run/virtiofsd/ does not exist!
-object memory-backend-memfd,id=mem,size=2048M,share=on -numa node,memdev=mem -chardev socket,id=char0,path=/run/virtiofsd/100-common.sock -device vhost-user-fs-pci,chardev=char0,tag=100-common -chardev socket,id=char1,path=/run/virtiofsd/100-100.sock -device vhost-user-fs-pci,chardev=char1,tag=100-100
Appending virtiofs arguments to VM args.



100 started successfully.
Removing virtiofs arguments from VM args.
conf->args = -fw_cfg name=opt/com.coreos/config,file=/etc/pve/geco-pve/coreos/100.ign -object memory-backend-memfd,id=mem,size=2048M,share=on -numa node,memdev=mem -chardev socket,id=char0,path=/run/virtiofsd/100-common.sock -device vhost-user-fs-pci,chardev=char0,tag=100-common -chardev socket,id=char1,path=/run/virtiofsd/100-100.sock -device vhost-user-fs-pci,chardev=char1,tag=100-100
vfs_args = -object memory-backend-memfd,id=mem,size=2048M,share=on -numa node,memdev=mem -chardev socket,id=char0,path=/run/virtiofsd/100-common.sock -device vhost-user-fs-pci,chardev=char0,tag=100-common -chardev socket,id=char1,path=/run/virtiofsd/100-100.sock -device vhost-user-fs-pci,chardev=char1,tag=100-100
-fw_cfg name=opt/com.coreos/config,file=/etc/pve/geco-pve/coreos/100.ignconf->args = -fw_cfg name=opt/com.coreos/config,file=/etc/pve/geco-pve/coreos/100.ign



100: /mnt/sdb2/common, /mnt/sdb2/100
101: /mnt/sdb2/common, /mnt/sdb2/101
1000: /mnt/sdb2/common, /mnt/sdb2/1000

Copy link

Drallas commented Mar 15, 2024

I always saw ‘superblock’ errors on the first boot; see the issue’s for details. Perhaps it helps!?

Copy link

cprhh commented Mar 31, 2024

Hi @Drallas
Thank you for the work with this guide. I tried to follow but got to a point where i do not understand what kind of problem i have.
Maybe you have a idea for me?

root@pve:/var/lib/vz/snippets# ls -la
total 20
drwxr-xr-x 2 root root 4096 Apr  1 00:01 .
drwxr-xr-x 6 root root 4096 Mar 31 17:04 ..
-rw-r--r-- 1 root root   23 Mar 31 23:34 virtiofs_hook.conf
-rwxr-xr-x 1 root root 4165 Apr  1 00:01

If a run qm like in your example i got "hookscript: script 'local:snippets/' does not exist"

root@pve:/var/lib/vz/snippets# qm set 101 --hookscript local:snippets/
400 Parameter verification failed.
hookscript: script 'local:snippets/' does not exist

qm set <vmid> [OPTIONS]

Found the Problem now. You have a typo in your script. It should be:

qm set <vmid> --hookscript local:snippets/
and not
qm set <vmid> --hookscript local:snippets/

Copy link

Drallas commented Apr 1, 2024

@cprhh Glad you found the issue yourself, thanks for pointing out the typo in the guide (sorry for that)..

Copy link

scyto commented Apr 8, 2024

@Drallas i am little confused how your VMs have all these args? none of mine have any form -f -object args.... what am i missing?

On the Proxmox host; Exucute qm config <vmid> --current and look for the tag=xxx-docker inside the args section args: -object memory-backend-memfd,id=mem,size=4096M,share=on -numa node,memdev=mem -chardev socket,id=char1,path=/run/virtiofsd/xxx-docker.sock -device vhost-user-fs-pci,chardev=char1,tag=<vmid>-<appname>

Copy link

scyto commented Apr 8, 2024

@Drallas on live migration, i note that all the changes documented here are now merged in all upstream repos.... i wonder how long before it makes its way down to proxmox....

Copy link

Drallas commented Apr 9, 2024

@scyto Those values are set when the hookscript is added to the vm, no idea why it's different on yours system But you should have the tag=<vmid>-<appname> section?

I have not touched my cluster for a while, it's running smooth and I just use the services on top of it. It needs some maintenance soon, then i will also update them and check the live migration.

Copy link

scyto commented Apr 10, 2024

oooh, thanks, i haven't implemented the scripts yet so no wonder i am confused / stupid

Copy link

00Asgaroth00 commented May 24, 2024

I've now managed to get swam running in vm's with virtiofsd mounts in each vm, however i'm still seeing corruption when i drain a swarm node and "fail over" a service to another node, I've tested with portainer and adguard home and both give data corruption issues when performing the failover. For reference i was experiencing the same thing using lxc container and are mentioned in these two comments:

Portainer Error Log
AdGuard Home Error Log

Are you seeing these types of errors using vm's and virtiofs mounts?

Edit: attaching my python hookscript for others if they want to adapt it, this will generate a "template" config file that you can then edit to tweak your settings. I've used configobj python module for ini style config files you you will need to install that "apt install python3-configobj". I'll betweaking this script as I go along, I hope to create a git repo at some point adding in all my automation for my homelab, anyhoo find attached.
Edit 2: wont let me attach the hookscript, only supports images

Copy link

Drallas commented May 24, 2024

I don’t see any of this, my nodes get often rebooted at random, and everything keeps on running without issues. Only had a corrupted FreshRSS db once..

Copy link

00Asgaroth00 commented May 24, 2024

This is odd then, the one difference that may be an issue for me is that i'm on rocky 9 kernel version 5.14.0-427 and there may be something up with kernel virtiofs on that release, what kernel version does debian 12 run with?

I've now tested with virtiofsd 1.7.2, 1.8.0 and currently testing 1.10.1

do you run either portainer or adguard?

what parameters are you currently passing to virtiofsd? I'm currently passing:

/usr/libexec/virtiofsd-1.10.1 --syslog --announce-submounts --posix-acl --log-level=debug --cache=always --allow-direct-io --inode-file-handles=mandatory --sandbox=chroot --socket-path=<snip> --shared-dir=<snip>

I was testing chroot sandbox instead of default namespace just in case it was something there causing issues with access on the other machines

Edit: A quick google mentioned debian 12 comes with kernel version 6.1, I just updated the rocky 9 vm's to kernel version 6.1.91 (6.1.91-1.el9.elrepo.x86_64), and I still have the same issue :(

Copy link

I am trying to run samba share in a debian 12 guest on virtiofsd share. Samba is unable to read acls for share.
I modified the script to include --posix-acl parameter for virtiofsd service.

Do we need to enable posix acls explicitly in the guest as well?

Copy link

I am trying to run samba share in a debian 12 guest on virtiofsd share. Samba is unable to read acls for share. I modified the script to include --posix-acl parameter for virtiofsd service.

Do we need to enable posix acls explicitly in the guest as well?

I also encountered the same problem. Where should this parameter be added to the script? Is it the args parameter? This has troubled me for a long time.

Copy link

Drallas commented Jul 19, 2024

I am trying to run samba share in a debian 12 guest on virtiofsd share. Samba is unable to read acls for share. I modified the script to include --posix-acl parameter for virtiofsd service.
Do we need to enable posix acls explicitly in the guest as well?

I also encountered the same problem. Where should this parameter be added to the script? Is it the args parameter? This has troubled me for a long time.

Not sure, currently occupied with some other things!

But feel free to post it, if you find a working solution, or to do a PR on the

Copy link

JSinghDev commented Jul 20, 2024

I am trying to run samba share in a debian 12 guest on virtiofsd share. Samba is unable to read acls for share. I modified the script to include --posix-acl parameter for virtiofsd service.
Do we need to enable posix acls explicitly in the guest as well?

I also encountered the same problem. Where should this parameter be added to the script? Is it the args parameter? This has troubled me for a long time.

So this is an excellent post I dug up which lays out how to do enable acls for samba shares:
Gives the perfect solution:
The idea is to enable xattr=sa, acltype=posixacl, aclinherit=passthrough on the zfs dataset that is to be transferred. This can be done using the zfs set command. I also installed acl on the guest.
Then edit the execstart line for the virtiofs service or hookscript to include: -o xattr -o posix_acl -o modcaps=+sys_admin

So the hookscript line where the service is defined should look like:

ExecStart=/usr/libexec/virtiofsd --log-level debug --socket-path /run/virtiofsd/%i-[% share_id %].sock --shared-dir [% share %] -o xattr -o posix_acl -o modcaps=+sys_admin --cache=always --announce-submounts --inode-file-handlesles=mandatory.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment