Physical to container

From OpenVZ Virtuozzo Containers Wiki
Revision as of 11:53, 27 October 2007 by Elronxenu (talk | contribs) (typo)
Jump to: navigation, search

A rough description of how to migrate existing physical server into a VE.

Prepare a new “empty” VE

For OpenVZ this would mean the following (assume you chose VE ID of 123):

mkdir /vz/root/123 /vz/private/123
cat /etc/vz/conf/ve-vps.basic.conf-sample > /etc/vz/conf/123.conf


Preparing to migrate

Stop most services on a machine to be migrated. “Most” means services such as web server, databases and the like — so you will not lose your data. Just leave the bare minimum (including ssh daemon).

Copying the data

Copy all your data from the machine to an OpenVZ box. Say you'll be using VE with ID of 123, then all the data should be placed to /vz/private/123/ directory (so there will be directories such as /vz/private/123/bin, etc, var and so on). This could be done in several ways:

rsync

rsync example (run from the new HN):

rsync -arvpz --numeric-ids --exclude dev --exclude proc --exclude tmp -e "ssh -l root@a.b.c.d" root@a.b.c.d:/ /vz/private/123/

Advantage: Your system doesn't really go down.

Live CD

Another way to do is using a live cd, booting up and use tar to dump the complete disk in a tar you save over the network or on a USB device.

Tar

Another approach is using tar and excluding some dirs, you could do it like this:

Create a file /tmp/excludes.excl with these contents:

.bash_history
/dev/*
/mnt/*
/tmp/*
/proc/*
/sys/*
/usr/src/*

Then create the tar. But remember, when the system is 'not' using udev, you have to look into /proc/ after creating your VE because some devices might not exist. (/dev/ptmx or others)

# tar cjpf /tmp/mysystem.tar.bz2 / -X /tmp/excludes.excl

Naturally, you can only do this when the critical services (MySQL, apache, ..) are stopped and your /tmp filesystem is big enough to contain your tar.

Advantage: You don't need to boot from a livecd, so your system doesn't really go down.

Setting VE parameters

OSTEMPLATE

You have to add OSTEMPLATE=xxx line to /etc/vz/conf/123.conf file, where xxx would be distribution name (like debian-3.0) for vzctl to be able to make changes specific for this distribution.

IP address(es)

Also, you have to supply an IP for a new VE:

vzctl set 123 --ipadd x.x.x.x --save

venet vs. veth

You may use veth interface instead of venet if you need just bring old server up for seamless migration of services. It may be nessessary if server you are migrating is badly configured and it is hard to find all hard-coded net interfaces settings and so on.

veth inteface may me included into bridge to allow seamless old installation access.

Making adjustments

Since VE is a bit different than a real physical server, you have to edit some files inside your new VE.

/etc/inittab

A VE does not have real ttys, so you have to disable getty in /etc/inittab (i. e. /vz/private/123/etc/inittab).

sed -i -e '/getty/d' /vz/private/123/etc/inittab

/etc/mtab

Link /etc/mtab to /proc/mounts, for df to work properly:

rm -f /vz/private/123/etc/mtab
ln -s /proc/mounts /vz/private/123/etc/mtab
The problem here is VE's root filesystem (/) is mounted not from the VE itself, but rather from the host system. That leaves /etc/mtab in VE without a record for / being mounted, thus df doesn't show it. By linking /etc/mtab → /proc/mounts we make sure /etc/mtab shows what is really mounted in a VE. Sure this is not the only way to fix df; you can just manually add a line to /etc/mtab telling / is mounted, and make sure this line will be there after a reboot.

/etc/fstab

Since you do not have any real disk partitions in a VE, /etc/fstab (or most part of it) is no longer needed. Empty it (excluding the line for /dev/pts):

cp /vz/private/123/etc/fstab /vz/private/123/etc/fstab.old
grep devpts /vz/private/123/etc/fstab.old > /vz/private/123/etc/fstab

You can also mount a devpts in a running (but not fully functional) VE:

vzctl exec 123 mount -t devpts none /dev/pts

/dev

Introduction: static /dev

In order for VE to work, some nodes should be present in VE's /dev. For modern distributions, udev is taking care of it. For a variety of reasons udev doesn't make much sense in a VE, so the best thing to do is to disable udev and create needed device nodes manually.

Note that in some distrubutions /dev is mounted on tmpfs — this will not work in case of static /dev. So what you need to do is find out where /dev is being mounted on tmpfs and remove this. This is highly distribution-dependent; please add info for your distro here.

After you made sure your /dev is static, populate it with needed device nodes.

tty device nodes

In order for vzctl enter to work, a VE need to have some entries in /dev. This can either be /dev/ttyp* and /dev/ptyp*, or /dev/ptmx and mounted /dev/pts.

/dev/ptmx

Check that /dev/ptmx exists. If it does not, create with:

mknod /vz/private/123/dev/ptmx c 5 2
/dev/pts/

Check that /dev/pts exists. It's a directory, if it does not exist, create with:

mkdir /vz/private/123/dev/pts
/dev/ttyp* and /dev/ptyp*

Check that /dev/ttyp* and /dev/ptyp* files are there. If not, you have to create those, either by using /sbin/MAKEDEV, or by copying them from the host system.

To copy:

cp -a /dev/ttyp* /dev/ptyp* /vz/private/123/dev/

To recreate with MAKEDEV, either

/sbin/MAKEDEV -d /vz/private/123/dev ttyp ptyp

or

cd /vz/private/123/dev && /sbin/MAKEDEV ttyp

/dev/null

Make sure sure /dev/null is not a file or directory, if unsure remove and recreate, If this is not correct sshd will not start correctly

rm -f /vz/private/123/dev/null
mknod /vz/private/123/dev/null c 1 3

/dev/urandom

Check that /dev/urandom exists. If it does not, create with:

mknod /vz/private/123/dev/urandom c 1 9

/proc

Make sure the /proc directory exists:

ls -la /vz/private/123/ | grep proc

If it doesn't, create it:

mkdir /vz/private/123/proc

/etc/init.d services

Some system services can (or in some cases should) be disabled. A few good candidates are:

  • acpid, amd (not needed)
  • checkfs, checkroot (no filesystem checking is required in VE)
  • clock (no clock setting is required/allowed in VE)
  • consolefont (VE does not have a console)
  • hdparm (VE does not have real hard drives)
  • klogd (unless you use iptables to LOG some packets)
  • keymaps (VE does not have a real keyboard)
  • kudzu (VE does not have real hardware)
  • lm_sensors (VE does not have access to hardware sensors)
  • microcodectl (VE can not update CPU microcode)
  • netplugd (VE does not have real Ethernet device)

To see which services are enabled:

  • RedHat/Fedora/SUSE: /sbin/chkconfig --list
  • Debian: Use ' rcconf ' (ncurses) or update-rc.d

( See: http://www.debianadmin.com/manage-linux-init-or-startup-scripts.html )

  • Gentoo: /sbin/rc-update show

To disable the service:

  • RedHat/Fedora/SUSE: /sbin/chkconfig --del SERVICENAME
  • Debian: ' update-rc.d -f hdparm remove '
  • Gentoo: /sbin/rc-update del SERVICENAME

Disable old network interface

You should disable your old physical network interface from starting at boot time. This is distribution-dependant.

Fedora/CentOS/Red Hat

Edit /vz/private/{VEID}/etc/sysconfig/network-scripts/ifcfg-ethx

Make the following look like this:

ONBOOT=no

Debian/Ubuntu

Edit /etc/network/interfaces

# /etc/network/interfaces -- configuration file for ifup(8),  ifdown(8)

# The loopback interface
# automatically added when upgrading
auto lo eth0
iface lo inet loopback

iface eth0 inet dhcp
       address 10.0.0.4
       netmask 255.0.0.0
       network 10.0.0.0
       broadcast 10.0.0.255

You can either comment out the eth* interface stanza(s), or take it out of the "auto" line(s).

openSUSE/SLES

Use Yast.

Other adjustments

There might be other adjustments needed. Please add those here (just above this section) if you have more info.

Starting a new VE

Try to start your new VE:

vzctl start 123

Now check that everything works fine. If not, see #Troubleshooting below.

Troubleshooting

Can't enter VE

If you can not enter your VE (using vzctl enter), you should be able to at least execute commands in it.

First, see the #tty device nodes section above.

Next, check if devpts is mounted:

vzctl exec 123 mount | grep pts

If it is not mounted, mount it:

vzctl exec 123 mount -t devpts none /dev/pts

Then, add the appropriate mount command to VE's startup scripts. On some distros, you need to have the appropriate line in VE's /etc/fstab.

In Fedora, try commenting out any udev entries in /vz/private/{VEID}/etc/rc.sysinit

vi /vz/private/{VEID}/etc/rc.sysinit

Locate the udev entry from within vim

/udev

Then comment the line similar to this:

#[ -x /sbin/start_udev ] && /sbin/start_udev

Other problems

If anything goes wrong, try to find out why and fix. If you have enough Linux experience, it can be handled. Also check out IRC and please report back on this page.

Success Stories

- Debian 3.1 Sarge with MySQL, apache2, PowerDNS --stoffell 08:41, 8 February 2007 (EST)

- Red Hat 7.2 with MySQL 3.23, apache, Chilisoft --stoffell 13:26, 9 February 2007 (EST)

- Gentoo with Courier, Postfix, MySQL, Apache2 --bfrackie 19:00, 18 March 2007 (EST)

- AltLinux Master with qmail, MySQL, Apache, etc - to Debian/testing with OpenVZ --alexkuklin