User Tools

Site Tools


docs:migrate-vserver-to-lxc
no way to compare when less than two revisions


Previous revision
Last revision
docs:migrate-vserver-to-lxc [2017/07/25 15:50] 95.208.70.15
Line 1: Line 1:
 +====== migration from vserver to lxc ======
 +
 +===== preface =====
 +
 +host system: debian jessie 8.9
 +
 +you need: LXC > Version 2.0, install it from jessie-backports
 +
 +do not install dnsmasq!
 +
 +I use [[http://www.fischglas.de/software/vo/|vo]] to keep track of changes so does this document. 
 +
 +===== prereq. =====
 +
 +<code>
 +if ! grep -q "[^#]* jessie-backports" /etc/apt/sources.list ; then
 +vo -o /etc/apt/sources.list
 +echo "deb http://ftp.de.debian.org/debian jessie-backports main non-free contrib" >> /etc/apt/sources.list
 +vo -i /etc/apt/sources.list
 +fi
 +apt-get update
 +apt-get install --no-install-recommends lxc/jessie-backports lxcfs uidmap debootstrap
 +
 +# new kernel
 +apt-get install linux-image-4.9.0-0.bpo.3-amd64 linux-base=4.3~bpo8+1  firmware-linux-free irqbalance
 +apt-get install linux-image-amd64
 +
 +apt-get clean
 +</code>
 +
 +===== start migration =====
 +
 +<code>
 +# stop vservers:
 +VSERVERS=$(
 +  vserver-stat | awk 'NR > 1 { print $NF }'
 +)
 +echo "$VSERVERS" > /root/vservers-list
 +xargs -r -i%  vserver % stop < /root/vservers-list
 +
 +reboot
 +</code>
 +
 +System should boot with Linux 4.9.0-0.bpo.3-amd64 .
 +
 +The subuid mechanism needs the uid/gid values inside the container
 +to be recalculated and changed. 
 +[[http://www.fischglas.de/software/ownrecalc/|ownrecalc]] gets the job done
 +smoothly.
 +
 +<code>
 +if [ ! -f /usr/bin/ownrecalc ]; then
 +    wget http://www.fischglas.de/software/ownrecalc/ownrecalc -O /usr/bin/ownrecalc
 + chmod 755 /usr/bin/ownrecalc
 +fi
 +</code>
 +
 +Create a default container configuration:
 +
 +<code>
 +if [ ! -f /var/lib/lxc/default.conf ] ; then
 +touch /var/lib/lxc/default.conf
 +vo -o /var/lib/lxc/default.conf
 +
 +cat << EOF > /var/lib/lxc/default.conf
 +lxc.autodev = 1
 +lxc.kmsg = 0
 +
 +lxc.network.type = veth
 +lxc.network.flags = up
 +lxc.network.name = eth0
 +
 +lxc.mount.auto = sys:ro proc:mixed cgroup-full:mixed
 +
 +lxc.cap.keep = chown net_raw dac_override dac_read_search fowner fsetid kill setgid setuid linux_immutable net_bind_service net_broadcast ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_tty_config lease audit_write audit_control syslog wake_alarm
 +
 +lxc.pts = 1024
 +
 +lxc.cgroup.devices.deny = a
 +
 +lxc.aa_profile = unconfined
 +
 +# --- devices --- #
 +# /dev/null and zero
 +lxc.cgroup.devices.allow = c 1:3 rwm
 +lxc.cgroup.devices.allow = c 1:5 rwm
 +
 +# consoles
 +lxc.cgroup.devices.allow = c 5:1 rwm
 +lxc.cgroup.devices.allow = c 5:0 rwm
 +lxc.cgroup.devices.allow = c 4:0 rwm
 +lxc.cgroup.devices.allow = c 4:1 rwm
 +
 +# /dev/{,u}random
 +lxc.cgroup.devices.allow = c 1:9 rwm
 +lxc.cgroup.devices.allow = c 1:8 rwm
 +lxc.cgroup.devices.allow = c 136:* rwm
 +lxc.cgroup.devices.allow = c 5:2 rwm
 +
 +# rtc
 +lxc.cgroup.devices.allow = c 254:0 rwm
 +
 +lxc.mount.entry=run run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0
 +EOF
 +
 +vo -i /var/lib/lxc/default.conf
 +fi
 +</code>
 +
 +===== migrate a single vserver =====
 +
 +
  
docs/migrate-vserver-to-lxc.txt · Last modified: 2017/07/25 16:03 by 95.208.70.15