docs:migrate-vserver-to-lxc
no way to compare when less than two revisions
Previous revisionLast revision | |||
— | docs:migrate-vserver-to-lxc [2017/07/25 15:50] – 95.208.70.15 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== migration from vserver to lxc ====== | ||
+ | |||
+ | ===== preface ===== | ||
+ | |||
+ | host system: debian jessie 8.9 | ||
+ | |||
+ | you need: LXC > Version 2.0, install it from jessie-backports | ||
+ | |||
+ | do not install dnsmasq! | ||
+ | |||
+ | I use [[http:// | ||
+ | |||
+ | ===== prereq. ===== | ||
+ | |||
+ | < | ||
+ | if ! grep -q "[^#]* jessie-backports" | ||
+ | vo -o / | ||
+ | echo "deb http:// | ||
+ | vo -i / | ||
+ | fi | ||
+ | apt-get update | ||
+ | apt-get install --no-install-recommends lxc/ | ||
+ | |||
+ | # new kernel | ||
+ | apt-get install linux-image-4.9.0-0.bpo.3-amd64 linux-base=4.3~bpo8+1 | ||
+ | apt-get install linux-image-amd64 | ||
+ | |||
+ | apt-get clean | ||
+ | </ | ||
+ | |||
+ | ===== start migration ===== | ||
+ | |||
+ | < | ||
+ | # stop vservers: | ||
+ | VSERVERS=$( | ||
+ | vserver-stat | awk 'NR > 1 { print $NF }' | ||
+ | ) | ||
+ | echo " | ||
+ | xargs -r -i% vserver % stop < / | ||
+ | |||
+ | reboot | ||
+ | </ | ||
+ | |||
+ | System should boot with Linux 4.9.0-0.bpo.3-amd64 . | ||
+ | |||
+ | The subuid mechanism needs the uid/gid values inside the container | ||
+ | to be recalculated and changed. | ||
+ | [[http:// | ||
+ | smoothly. | ||
+ | |||
+ | < | ||
+ | if [ ! -f / | ||
+ | wget http:// | ||
+ | chmod 755 / | ||
+ | fi | ||
+ | </ | ||
+ | |||
+ | Create a default container configuration: | ||
+ | |||
+ | < | ||
+ | if [ ! -f / | ||
+ | touch / | ||
+ | vo -o / | ||
+ | |||
+ | cat << EOF > / | ||
+ | lxc.autodev = 1 | ||
+ | lxc.kmsg = 0 | ||
+ | |||
+ | lxc.network.type = veth | ||
+ | lxc.network.flags = up | ||
+ | lxc.network.name = eth0 | ||
+ | |||
+ | lxc.mount.auto = sys:ro proc:mixed cgroup-full: | ||
+ | |||
+ | lxc.cap.keep = chown net_raw dac_override dac_read_search fowner fsetid kill setgid setuid linux_immutable net_bind_service net_broadcast ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_tty_config lease audit_write audit_control syslog wake_alarm | ||
+ | |||
+ | lxc.pts = 1024 | ||
+ | |||
+ | lxc.cgroup.devices.deny = a | ||
+ | |||
+ | lxc.aa_profile = unconfined | ||
+ | |||
+ | # --- devices --- # | ||
+ | # /dev/null and zero | ||
+ | lxc.cgroup.devices.allow = c 1:3 rwm | ||
+ | lxc.cgroup.devices.allow = c 1:5 rwm | ||
+ | |||
+ | # consoles | ||
+ | lxc.cgroup.devices.allow = c 5:1 rwm | ||
+ | lxc.cgroup.devices.allow = c 5:0 rwm | ||
+ | lxc.cgroup.devices.allow = c 4:0 rwm | ||
+ | lxc.cgroup.devices.allow = c 4:1 rwm | ||
+ | |||
+ | # / | ||
+ | lxc.cgroup.devices.allow = c 1:9 rwm | ||
+ | lxc.cgroup.devices.allow = c 1:8 rwm | ||
+ | lxc.cgroup.devices.allow = c 136:* rwm | ||
+ | lxc.cgroup.devices.allow = c 5:2 rwm | ||
+ | |||
+ | # rtc | ||
+ | lxc.cgroup.devices.allow = c 254:0 rwm | ||
+ | |||
+ | lxc.mount.entry=run run tmpfs rw, | ||
+ | EOF | ||
+ | |||
+ | vo -i / | ||
+ | fi | ||
+ | </ | ||
+ | |||
+ | ===== migrate a single vserver ===== | ||
+ | |||
+ | |||
docs/migrate-vserver-to-lxc.txt · Last modified: 2017/07/25 16:03 by 95.208.70.15