Fischglas

User Tools

Site Tools

Trace: migrate-vserver-to-lxc
docs:migrate-vserver-to-lxc

This is an old revision of the document!

Table of Contents

migration from vserver to lxc

preface

host system: debian jessie 8.9

you need: LXC > Version 2.0, install it from jessie-backports

do not install dnsmasq!

I use vo to keep track of changes so does this document.

prereq.

if ! grep -q "[^#]* jessie-backports" /etc/apt/sources.list ; then
vo -o /etc/apt/sources.list
echo "deb http://ftp.de.debian.org/debian jessie-backports main non-free contrib" >> /etc/apt/sources.list
vo -i /etc/apt/sources.list
fi
apt-get update
apt-get install --no-install-recommends lxc/jessie-backports lxcfs uidmap debootstrap

# new kernel
apt-get install linux-image-4.9.0-0.bpo.3-amd64 linux-base=4.3~bpo8+1  firmware-linux-free irqbalance
apt-get install linux-image-amd64

apt-get clean

start migration

# stop vservers:
VSERVERS=$(
  vserver-stat | awk 'NR > 1 { print $NF }'
)
echo "$VSERVERS" > /root/vservers-list
xargs -r -i%  vserver % stop < /root/vservers-list

reboot

System should boot with Linux 4.9.0-0.bpo.3-amd64 .

The subuid mechanism needs the uid/gid values inside the container to be recalculated and changed. ownrecalc gets the job done smoothly. 

if [ ! -f /usr/bin/ownrecalc ]; then
    wget http://www.fischglas.de/software/ownrecalc/ownrecalc -O /usr/bin/ownrecalc
	chmod 755 /usr/bin/ownrecalc
fi

Create a default container configuration: 

if [ ! -f /var/lib/lxc/default.conf ] ; then
touch /var/lib/lxc/default.conf
vo -o /var/lib/lxc/default.conf

cat << EOF > /var/lib/lxc/default.conf
lxc.autodev = 1
lxc.kmsg = 0

lxc.network.type = veth
lxc.network.flags = up
lxc.network.name = eth0

lxc.mount.auto = sys:ro proc:mixed cgroup-full:mixed

lxc.cap.keep = chown net_raw dac_override dac_read_search fowner fsetid kill setgid setuid linux_immutable net_bind_service net_broadcast ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_tty_config lease audit_write audit_control syslog wake_alarm

lxc.pts = 1024

lxc.cgroup.devices.deny = a

lxc.aa_profile = unconfined

# --- devices --- #
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm

# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm

# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm

# rtc
lxc.cgroup.devices.allow = c 254:0 rwm

lxc.mount.entry=run run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0
EOF

vo -i /var/lib/lxc/default.conf
fi

migrate a single vserver

docs/migrate-vserver-to-lxc.1500990639.txt.gz · Last modified: 2017/07/25 15:50 by 95.208.70.15