cal/claude-home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
claude-home/vm-management/scripts/LXC-MIGRATION-GUIDE.md
Cal Corum 11b96bce2c CLAUDE: Add LXC migration guides and scripts 
- Add LXC migration plan and quick-start guide
- Add wave 1 and wave 2 migration results
- Add lxc-docker-create.sh for container creation
- Add fix-docker-apparmor.sh for AppArmor issues
- Add comprehensive LXC migration guide

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-07 00:48:30 -06:00

243 lines
6.7 KiB
Markdown
Raw Permalink Blame History

# LXC Migration Automation Scripts
This guide covers automation scripts for migrating VM-based Docker containers to LXC containers.
## Scripts Overview
### 1. `lxc-docker-create.sh` - LXC Container Creation
Automates the creation of LXC containers with Docker pre-installed and configured for container workloads.
**Usage:**
```bash
./lxc-docker-create.sh <VMID> <HOSTNAME> <IP> <DISK_SIZE> <MEMORY> <CORES> [PROXMOX_HOST]
```
**Example (local Proxmox):**
```bash
./lxc-docker-create.sh 214 docker-pittsburgh-lxc 10.10.0.214 128G 16384 4
```
**Example (remote Proxmox):**
```bash
./lxc-docker-create.sh 214 docker-pittsburgh-lxc 10.10.0.214 128G 16384 4 root@10.10.0.11
```
**What it does:**
- Creates LXC container with specified resources
- Configures AppArmor for Docker compatibility
- Enables nesting and keyctl features
- Installs Docker and docker-compose-plugin
- Sets container to start on boot
**Time:** ~10 minutes (includes Docker installation)
---
### 2. `fix-docker-apparmor.sh` - Docker Compose AppArmor Fix
Adds AppArmor unconfined security options to all services in docker-compose.yml files. Required for Docker containers running inside LXC.
**Usage:**
```bash
./fix-docker-apparmor.sh <LXC_IP> [COMPOSE_DIR]
```
**Example:**
```bash
./fix-docker-apparmor.sh 10.10.0.214
./fix-docker-apparmor.sh 10.10.0.214 /home/cal/container-data
```
**What it does:**
- SSHs into the LXC container
- Finds all docker-compose.yml files
- Adds `security_opt: ["apparmor=unconfined"]` to each service
- Creates backups of original files
**Time:** ~1-2 minutes
---
## Complete Migration Workflow
### Wave 2 Example: VM 114 (Pittsburgh) → LXC 214
#### Step 1: Create LXC Container
```bash
cd /mnt/NV2/Development/claude-home/vm-management/scripts
./lxc-docker-create.sh 214 docker-pittsburgh-lxc 10.10.0.214 128G 16384 4 root@10.10.0.11
```
**Wait ~10 minutes for Docker installation**
#### Step 2: Copy SSH Key (if needed)
```bash
ssh root@10.10.0.11 "cat ~/.ssh/id_rsa.pub | pct exec 214 -- tee /root/.ssh/authorized_keys"
```
Or setup password-less SSH to LXC:
```bash
ssh root@10.10.0.11 "
ssh-keyscan -H 10.10.0.214 >> ~/.ssh/known_hosts 2>/dev/null
pct exec 214 -- mkdir -p /root/.ssh
cat ~/.ssh/id_rsa.pub | pct exec 214 -- tee -a /root/.ssh/authorized_keys
"
```
#### Step 3: Migrate Data
**Option A: rsync from VM (recommended)**
```bash
# From Proxmox host - direct rsync from old VM to new LXC
ssh root@10.10.0.11 "
rsync -avz --info=progress2 \
/mnt/vm114/home/cal/container-data/ \
root@10.10.0.214:/home/cal/container-data/
"
```
**Option B: Mount and copy from backup**
```bash
# If VM is already shut down and you have backups/snapshots
ssh root@10.10.0.11 "
mount /dev/vm114-vg/vm114-data /mnt/vm114
rsync -avz /mnt/vm114/home/cal/container-data/ root@10.10.0.214:/home/cal/container-data/
"
```
#### Step 4: Fix AppArmor in Docker Compose Files
```bash
./fix-docker-apparmor.sh 10.10.0.214
```
#### Step 5: Start Containers
```bash
ssh root@10.10.0.214
# Navigate to service directory
cd /home/cal/container-data/[service-name]
# Start containers
docker compose up -d
# Check status
docker compose ps
docker compose logs -f
```
#### Step 6: Verify and Test
- Test service functionality
- Check container logs for errors
- Verify network connectivity
- Test external access (if applicable)
#### Step 7: Update Documentation
- Mark VM as migrated in wave plan
- Document any issues encountered
- Update service inventory with new IP
---
## Time Estimates
| Step | Duration | Notes |
|------|----------|-------|
| Create LXC | 10 min | Includes Docker installation |
| Setup SSH | 1 min | One-time setup |
| Data migration | Varies | Depends on data size (58GB ≈ 60 min @ 16MB/s) |
| Fix AppArmor | 2 min | Automated script |
| Start containers | 5 min | Per service stack |
| **Total (small data)** | **~20 min** | For <10GB data |
| **Total (large data)** | **~80 min** | For ~60GB data like Wave 1 |
---
## Migration Waves Reference
Based on `vm-management/wave1-migration-results.md`:
### Remaining Migrations
| Wave | VM | Hostname | Services | Data Size | LXC ID | Priority |
|------|-----|----------|----------|-----------|--------|----------|
| 2 | 114 | Pittsburgh | Docker services | ~30GB | 214 | High |
| 3 | 112 | Louisville | Docker services | ~20GB | 212 | High |
| 4 | 115 | Denver | Docker services | ~25GB | 215 | Medium |
| 5 | 113 | Fresno | Docker services | ~15GB | 213 | Medium |
| 6 | Multiple | Misc services | Varies | Varies | TBD | Low |
---
## Troubleshooting
### Container Creation Fails
- **Check:** Template exists: `pct list | grep template`
- **Check:** VMID not in use: `pct list | grep <VMID>`
- **Check:** Sufficient storage: `pvesm status`
### SSH Connection Failed
- **Check:** Container is running: `pct status <VMID>`
- **Check:** SSH key copied: `pct exec <VMID> -- cat /root/.ssh/authorized_keys`
- **Check:** Network connectivity: `ping <IP>`
### Docker Containers Won't Start
- **Check:** AppArmor fix applied: `grep security_opt docker-compose.yml`
- **Check:** Docker service running: `systemctl status docker`
- **Check:** Container logs: `docker compose logs`
### Data Migration Slow
- **Use:** rsync with compression: `rsync -avz`
- **Use:** Direct VM-to-LXC transfer (avoid copying to intermediate location)
- **Monitor:** Network usage: `iftop` or `nload`
---
## Best Practices
1. **Always create backups** before destroying source VMs
2. **Test services** thoroughly before decommissioning VMs
3. **Document changes** in wave results files
4. **Monitor resources** during migration (CPU, RAM, disk I/O)
5. **Schedule migrations** during low-usage periods
6. **Keep scripts updated** with learnings from each wave
---
## Script Maintenance
### Adding New Features
Both scripts are designed to be easily extended:
- **lxc-docker-create.sh**: Add additional package installations, configuration steps, or validation checks
- **fix-docker-apparmor.sh**: Modify the Python script to add additional docker-compose fixes
### Testing Changes
Before using updated scripts in production:
1. Test on a non-critical VM migration
2. Verify all steps complete successfully
3. Check container functionality post-migration
4. Document any new issues or improvements
---
## Related Documentation
- [Wave 1 Migration Results](../wave1-migration-results.md) - Lessons learned from first migration
- [Migration Quick Start](../migration-quick-start.md) - Fast reference guide
- [LXC Migration Plan](../lxc-migration-plan.md) - Overall migration strategy
- [VM Management Context](../CONTEXT.md) - VM infrastructure overview
---
## Support
For issues or questions:
1. Check troubleshooting section above
2. Review wave results for similar issues
3. Check Proxmox logs: `journalctl -u pve-container@<VMID>`
4. Review Docker logs: `docker compose logs`
Reference in New Issue View Git Blame Copy Permalink