Import 5210R from OpenVZ 7 (6109R) to Incus
Existing clients with older Aventurin{e} 6109R probably have OpenVZ 7 Containers that they want to move to Aventuri{e} 6110R, which runs Incus.
This document will explain how such a migration is performed.
Please note: This is for migrating a BlueOnyx 5210R from OpenVZ 7 to Incus!
Older EOL BlueOnyx versions such as 5209R or older cannot be migrated this way.
Initial preparation:
On your Aventurin{e} 6110R node login to the GUI and navigate to "Incus Manegement" / "Settings" and make sure that the "API Address" is set to 0.0.0.0:8443 as shown in the image below:
In your Firewalld configuration you need to open up port 8443/TCP. If you do have the BlueOnyx shop PKG "Firewalld" installed, then you can do so via the GUI under "Server Management" / "Network Services" / "Security" / "Firewalld":
Otherwise you can do so via the shell as "root":
firewall-cmd --zone=public --add-port=8443/tcp --permanent
firewall-cmd --reload
Locate the following two files on your Aventurin{e} 6110R node and copy them to the OpenVZ 7 Container that you want to import:
/usr/sausalito/license/client.crt
/usr/sausalito/license/client.key
In the OpenVZ 7 Container place them directly into the / directory.
Inside the OpenVZ 7 Container:
Either use "prlctl enter <VPSID>" on the old Aventurin{e} 6109R node or SSH directly into the OpenVZ 7 container that you want to migrate.
Make sure that you have the Incus certificate and key in the right place (you copied them over as instructed, right?)
CT-36b88c17-d6eb-4a8f-98e2-e1720a4175ca /# ls -la /client.*
-rw-r--r-- 1 root root 2037 Aug 26 12:01 /client.crt
-rw-r--r-- 1 root root 3272 Aug 26 12:01 /client.key
Now run these commands to fetch the migration binary:
cd /
wget https://github.com/lxc/incus/releases/latest/download/bin.linux.incus-migrate.x86_64
chmod 755 bin.linux.incus-migrate.x86_64
Also make sure that your OpenVZ 7 Container is fully YUM updated:
yum clean all
yum update
Then run the migration binary as root and fill in the blanks:
CT-36b88c17-d6eb-4a8f-98e2-e1720a4175ca /# ./bin.linux.incus-migrate.x86_64
Please provide Incus server URL: https://incus.smd.net:8443/
Certificate fingerprint: bd5441eacb2fe1a08c5eea3ad19f97dbb6eb27e1ec738fa1dc4c891e374408f2
ok (y/n)? y
1) Use a certificate token
2) Use an existing TLS authentication certificate
3) Generate a temporary TLS authentication certificate
Please pick an authentication mechanism above: 2
Please provide the certificate path: /client.crt
Please provide the keyfile path: /client.key
Remote server:
Hostname: incus.smd.net
Version: 6.3
Would you like to create a container (1) or virtual-machine (2)?: 1
Name of the new instance: sofia
Please provide the path to a root filesystem: /
Do you want to add additional filesystem mounts? [default=no]: no
Instance to be created:
Name: sofia
Project: default
Type: container
Source: /
Additional overrides can be applied at this stage:
1) Begin the migration with the above configuration
2) Override profile list
3) Set additional configuration options
4) Change instance storage pool or volume size
5) Change instance network
Please pick one of the options above [default=1]: 1
Instance sofia successfully created
The bold items in the display above are the input that needs to be provided. These are:
Incus server URL: That is the HTTPS URL of your 6110R node with the API port 8443 specified. So if the target server is incus.smd.net as in this example? Then we enter https://incus.smd.net:8443/ as shown above.
Accept the certificate fingerprint with "y".
Please pick an authentication mechanism above: Choose "2".
Please provide the certificate path: Specify the path to the client certificate that you copied over from your Aventurin{e} 6110R node: /client.crt
Please provide the keyfile path: Specify the path to the client key that you copied over from your Aventurin{e} 6110R node: /client.key
Would you like to create a container (1) or virtual-machine (2)?: Choose "1" for Container.
Name of the new instance: Give the new Incus instance a name. Alphanumeric, all lower case, no dots, no spaces.
Please provide the path to a root filesystem: As this is an OpenVZ 7 Container we only have one partition. So enter "/".
Do you want to add additional filesystem mounts? Choose "no"
Please pick one of the options above [default=1]: Choose "1"
That then connects to the Incus API on the target server, authenticates with the SSL certificate, creates a new Incus instance with the auto-detected network settings, CPU/RAM/Diskspace values and then copies the data of all specified mountpoints. In our case just '/' as we are migrating an OpenVZ 7 Container.
Once it says "Instance <Name> successfully created" you should be able to see the migrated instance on the target Aventurin{e} 6110R.
OpenVZ 7 Post Migration Cleanups:
Stop the OpenVZ 7 Container on the old Aventurin{e} 6110R node and disable auto-start of it:
prlctl stop <VPSID>
prlctl set <VPSID> --autostart no
On the Aventurin{e} 6110R:
Login by SSH as "root" and also login to the GUI.
On the shell (as "root") find the migrated container:
incus list
That will show a list of all existing Incus instances. You should see that your freshly migrated instance is in state "Stopped". Before we can start it, we need to fix its configuration:
incus config device add <instance_name> eth0 nic nictype=bridged parent=br0
incus config device add <instance_name> root disk path=/ pool=default size=100GiB
You may want to change the "size=100GiB" directly to the correct disk space allowance now, or you can change it in the GUI in the next step.
In the GUI: Find the Instance in the Instance list. Fix the Instance configuration via the GUI by going to "Incus Management" / "Instances". Click on the imported instance and in the "Configuration" page adjust the following settings:
- Instance Hostname
- Autostart (optional, adjust as needed)
- CPU Limits (optional, adjust as needed)
- RAM (optional, adjust as needed)
- DISK Space (optional, adjust as needed)
- Parent Network Interface (leave at 'br0')
- IPv4 (required for IPv4)
- IPv4 Gateway IP address (required for IPv4 - if unsure: It's the IP of your network gateway. NOT the node IP!)
- IPv6 (only required for IPv6 - if you don't use IPv6 leave empty)
- IPv6 Gateway IPv6 address (only required for IPv6 - if unsure: It's the IPv6 IP of your network gateway. NOT the nodes IPv6 IP!)
- DNS Nameservers (The IPs of your DNS servers. One per line.)
Save the changes. If you have "Autostart" enabled, then the instance will now be started as well.
Go back to SSH on the node and check with "incus list" and you should see the instance is now in state "running". If it is not running, start it:
incus start <instance-name>
Now enter the Incus instance:
incus shell <instance-name>
That gives you a root-shell inside the Incus instance.
Migrated Instance network conversion:
Once you have finished the migration, you need to edit the network configuration inside the migrated CT. For that you need to enter the new Incus Instance ("incus shell <instance-name>" and perform some post-migration tasks. For migrated BlueOnyx 5210R OpenVZ 7 containers we do have a script in BlueOnyx that can help you with that.
Under OpenVZ 7 the Containers used "venet" interfaces. In Incus they use a traditional "eth0" interface. However: In CODB and in the configuration files of this migrated Container you still have "venet" networking configured and we need to change that before this instance can communicate with the network.
Inside the migrated Incus Instance run this script to convert the network settings from OpenVZ 7 to Incus:
/usr/sausalito/sbin/convert_venet_to_incus.pl
It will tell you at the end that you now need to run /root/network_settings.sh. Do so:
/root/network_settings.sh
Once that is done, try to see if you can ping anything in your internal network or the internet. It may take 5-10 seconds until it goes through for the first time.
When you do have a working internet connection, please do the following:
yum install NetworkManager
systemctl enable NetworkManager
systemctl start NetworkManager
That installs, enables and starts NetworkManager. We couldn't use it under OpenVZ 7, but it IS actually the default on EL8 and we should have it and should use it.
Final cleanup:
Remove the Incus certificate, key and migration binary from the migrate system (this is VERY important!):
rm /client.crt /client.key /bin.linux.incus-migrate.x86_64
All done!
Your old OpenVZ 7 Container has now been successfully converted into an Incus Instance of type Container. Enjoy!