LXD/OpenVZ migration

From Funtoo
< LXD
Revision as of 03:51, May 23, 2018 by S4uliu5 (talk | contribs) (Consistent container naming)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

If you are running an OpenVZ based virtualization and want to switch to LXD. These are some notes that will help you through the process of migration. After setting your LXD host using our LXD tutorial/how-to page, you should have a working LXD host.

Mīlle viae dūcunt hominēs per saecula Rōmam (“a thousand roads lead men forever to Rome”). There are for sure many ways you can accomplish this. The two approaches that will be presented are working and are not that complicated.

Migration with rootfs switch

Creating the container

Firstly we need to create the container that will be the final container on LXD.

root # lxc init -p default -p prf-funtoo funtoo-westmere-lxd-image openvz-migrant

This will create container openvz-migrant using the funtoo-westmere-lxd-image as our base image and add the default and prf-funtoo profiles to to the container config.

root # lxc ls
+--------------------+---------+----------------------+------------------------------------------------+------------+-----------+
|        NAME        |  STATE  |         IPV4         |                      IPV6                      |    TYPE    | SNAPSHOTS |
+--------------------+---------+----------------------+------------------------------------------------+------------+-----------+
| openvz-migrant     | STOPPED |                      |                                                | PERSISTENT | 0         |
+--------------------+---------+----------------------+------------------------------------------------+------------+-----------+

Switching the rootfs

Now let's switch the rootfs. Go to your storage pool for LXD (default location: /var/lib/lxd/storage-pools/default/containers/) and locate our openvz-migrant directory. Delete the rootfs and replace it with openvz container's rootfs.

Correcting the uid/gid ownership

You are almost there, all that is needed is to correct the owner of the container. Since LXD runs unprivileged containers by default all the files get their uid and gid remapped according to the volatile.idmap.next property in lxc config.

root # lxc config show openvz-migrant
architecture: x86_64
config:
  image.architecture: x86_64
  image.description: Funtoo Westmere Pure64 Hardened
  image.name: intel64-westmere-pure64-funtoo-current-hardened-2017-09-08
  image.os: funtoo
  image.release: "1.0"
  image.variant: current
  volatile.base_image: f9c30a7fe070ecd1ab8ed5f2df36f3624cf44f3f46b62dd9039b84ac5f461318
  volatile.eth0.hwaddr: 00:16:3e:9e:59:ed
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.power: STOPPED
devices: {}
ephemeral: false
profiles:
- default
- prf-funtoo
stateful: false
description: ""

As you can see the container got created with uid/gid 100000:65536 map (first number is the uid of uid 0 in the container, second number is the range of ids). LXD comes with a handy utility called fuidshift. Let's see how we can use it to shift the uid/gid range of the imported rootfs.

root # fuidshift -h
Usage: fuidshift directory [-t] [-r] <range1> [<range2> ...]                                                                     
  -t implies test mode.  No file ownerships will be changed.                                                                     
  -r means reverse, that is shift the uids out of the container.                                                                 
                                                                                                                                 
  A range is [u

Very good then, we will be shifting both uid and gid from 0 to 100000 with the range of 65536 ids.

root # ls -alF                                                                                                                                                   
total 8                                                                                                                          
drwxr-xr-x 1 root   root    78 Nov   4 02:17 ./                                                                                  
drwxr-xr-x 1 root   root    218 Nov  4 02:17 ../                                                                                 
-r-------- 1 root   root   2610 Nov  4 02:30 backup.yaml                                                                         
-rw-r--r-- 1 root   root    341 Sep 11 15:17 metadata.yaml                                                                       
drwxr-xr-x 1 root   root    122 Dec 10  2016 rootfs/                                                                             
drwxr-xr-x 1 root   root     24 Sep 11 15:15 templates/
root # fuidshift /var/lib/lxd/storage-pools/default/containers/openvz-migrant/rootfs b:0:100000:65536
root # ls -alF                                                                                                                                                   
total 8                                                                                                                          
drwxr-xr-x 1 100000 100000   78 Nov  4 02:17 ./                                                                                  
drwxr-xr-x 1 root   root    218 Nov  4 02:17 ../                                                                                 
-r-------- 1 root   root   2610 Nov  4 02:30 backup.yaml                                                                         
-rw-r--r-- 1 root   root    341 Sep 11 15:17 metadata.yaml                                                                       
drwxr-xr-x 1 100000 100000  122 Dec 10  2016 rootfs/                                                                             
drwxr-xr-x 1 root   root     24 Sep 11 15:15 templates/

So we started with root:root as the owner and finished with 100000:100000.

Migration using lxd import

LXD can import a directory containing rootfs directory and backup.yaml file into its database for use. LXD will by default look inside /var/lib/lxd/storage-pools/default/containers/ for the directory with the name called with the script.

container:
  architecture: x86_64
  config:
    image.architecture: x86_64
    image.description: Funtoo Westmere Pure64 Hardened
    image.name: intel64-westmere-pure64-funtoo-current-hardened-2017-09-08
    image.os: funtoo
    image.release: "1.0"
    image.variant: current
    volatile.base_image: f9c30a7fe070ecd1ab8ed5f2df36f3624cf44f3f46b62dd9039b84ac5f461318
    volatile.eth0.hwaddr: 00:16:3e:9e:59:ed
    volatile.eth0.name: eth0
    volatile.idmap.base: "0"
    volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
    volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
    volatile.last_state.power: RUNNING
  devices: {}
  ephemeral: false
  profiles:
  - default
  - funtoo
  stateful: false
  description: ""
  created_at: 2017-11-04T01:21:36Z
  expanded_config:
    image.architecture: x86_64
    image.description: Funtoo Westmere Pure64 Hardened
    image.name: intel64-westmere-pure64-funtoo-current-hardened-2017-09-08
    image.os: funtoo
    image.release: "1.0"
    image.variant: current
    raw.lxc: lxc.mount.auto = proc sys cgroup
    volatile.base_image: f9c30a7fe070ecd1ab8ed5f2df36f3624cf44f3f46b62dd9039b84ac5f461318
    volatile.eth0.hwaddr: 00:16:3e:9e:59:ed
    volatile.eth0.name: eth0
    volatile.idmap.base: "0"
    volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
    volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
    volatile.last_state.power: RUNNING
  expanded_devices:
    eth0:
      nictype: bridged
      parent: lxdbr0
      type: nic
    local-bin:
      path: usr/local/bin
      source: /usr/local/bin
      type: disk
    local-portage:
      path: usr/local/portage
      source: /usr/local/portage
      type: disk
    portage:
      path: var/git
      source: /var/git
      type: disk
    root:
      path: /
      pool: default
      type: disk
  name: openvz-migrant
  status: Stopped
  status_code: 102
  last_used_at: 1970-01-01T00:00:00Z
snapshots: []
pool:
  config:
    source: /var/lib/lxd/storage-pools/default
  description: ""
  name: default
  driver: btrfs
  used_by: []
volume:
  config: {}
  description: ""
  name: openvz-migrant
  type: container
  used_by: []