Container migration to new server

[frederico.nascimento]

Hello!

I need some help in here! I have a container installed on a ProxMox server version 3.2-4 and I want to migrate the container to a new ProxMox server version 6.1 that is installed on a VMware environment (nested hypervisor). At this moment, this container is using a shared NFS storage. My final goal is to power off this storage and the old ProxMox server.

I need some help on the new ProxMox too because I can't get the network connectivity to work. Is there something I have to do specially being this a nested hypervisor?

How can I achieve this? Or is there a simple way to this and I am overthinking?


EDIT: I already did a backup/restore to a new container into the new server.

Many thanks in advance!

Best regards,
Frederico Nascimento

 

[Stefan_R]

EDIT: I already did a backup/restore to a new container into the new server.

Well, did it not work? That's the recommended way of doing a migration the way you described...

For networking, I'm not too familiar with VMware, but potentially you need to select a different virtualized NIC model? What does 'ip a' show on the new PVE host?

 

[frederico.nascimento]

Hello,


ip add New ProxMox:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
link/ether 00:50:56:af:43:9c brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:56:af:43:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.140/24 brd 192.168.1.255 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:feaf:439c/64 scope link
valid_lft forever preferred_lft forever
14: veth175i0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
link/ether fe:5c:4c:0a:8e:80 brd ff:ff:ff:ff:ff:ff link-netnsid 0


Output of /etc/network/interfaces on the new ProxMox server:
auto lo
iface lo inet loopback

iface ens160 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.1.140
netmask 255.255.255.0
gateway 192.168.1.252
bridge_ports ens160
bridge_stp off
bridge_fd 0


ip add container:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
13: venet0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 66:5e:95:bb:0f:f9 brd ff:ff:ff:ff:ff:ff
inet 127.0.0.2/8 brd 127.255.255.255 scope host venet0
valid_lft forever preferred_lft forever
inet 192.168.1.141/24 brd 192.168.1.255 scope global venet0:0
valid_lft forever preferred_lft forever
inet6 fe80::645e:95ff:febb:ff9/64 scope link
valid_lft forever preferred_lft forever


Output of /etc/networks/interfaces on the container:
# Auto generated lo interface
auto lo
iface lo inet loopback

# Auto generated venet0 interface
auto venet0
iface venet0 inet static
address 192.168.1.141
netmask 255.255.255.0
gateway 192.168.1.252
up ifconfig venet0 up
up ifconfig venet0 127.0.0.2
up route add default dev venet0
down route del default dev venet0
down ifconfig venet0 down


auto venet0:0
iface venet0:0 inet static
address 192.168.1.141
netmask 255.255.255.0
gateway 192.168.1.252



If I am logged in on the container I just can ping my new ProxMox server and nothing else. What am I doing wrong?


Thanks!

 

[Stefan_R]

Can you ping outside addresses from your PVE host? I.e. is your PVE GUI/SSH reachable over the network? Is your gateway configured correctly?

The configs you posted look correct on a cursory glance.

 

[frederico.nascimento]

Hello Stefan,

Yes, I can ping outside address from the host and I can access it via SSH and HTTPS. And yeah, the gateway is fine.

So:
my PVE host 192.168.1.140/24
my container 192.168.1.141/24
another machine 192.168.1.82
Gateway 192.168.1.252

PVE <-> another machine - SUCCESS
PVE <-> Gateway - SUCESS
Container <-> PVE - SUCCESS
Container <-> Gateway - ERROR (Host unreachable)
Container <-> another machine - ERROR (Host unreachable)


I can't understand what I am missing.

Thanks in advance.

Fred

 

[frederico.nascimento]

UPDATE:

If i enter ifconfig on the containers, I have two different MAC Addresses:

Old Container (original one):
root@apch2:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:18221 errors:0 dropped:0 overruns:0 frame:0
TX packets:18221 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2287584 (2.1 MiB) TX bytes:2287584 (2.1 MiB)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:214251 errors:0 dropped:0 overruns:0 frame:0
TX packets:215309 errors:0 dropped:2 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:68352626 (65.1 MiB) TX bytes:54711528 (52.1 MiB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.1.82 P-t-P:192.168.1.82 Bcast:192.168.1.82 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1




New container (restored one):
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:160 errors:0 dropped:0 overruns:0 frame:0
TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11596 (11.3 KiB) TX bytes:11596 (11.3 KiB)

venet0 Link encap:Ethernet HWaddr 66:5e:95:bb:0f:f9
inet addr:127.0.0.2 Bcast:127.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::645e:95ff:febb:ff9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1685 errors:0 dropped:1 overruns:0 frame:0
TX packets:175 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:108031 (105.4 KiB) TX bytes:8682 (8.4 KiB)

venet0:0 Link encap:Ethernet HWaddr 66:5e:95:bb:0f:f9
inet addr:192.168.1.141 Bcast:192.168.1.141 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1


It can be useful... I don't know.

Fred

 

[Stefan_R]

Yes, the changed MAC address is normal, and shouldn't cause an issue, unless you hardcoded the old one somewhere.

Do you have the PVE firewall (or a different one) enabled? Are you're routes set up properly ('ip route' in container and PVE host)?

You can try running tcpdump -i any icmp on a remote machine, your pve host and your container, then try to ping the remote from the CT and observe the packets. That could give you an indication of where they get lost.

 

[frederico.nascimento]

Hi again.

Thanks for the reply.

The PVE firewall is disabled and I don't have anymore configured. (if I run iptables -L it shows me an output but with no rules. when I try to stop it /etc/init.d/iptables stop it tells me that the service doesn't exist...)

Output of ip route:
Host:
root@pve:/proc/sys/net/ipv4# ip route
default via 192.168.1.252 dev vmbr0 onlink
192.168.1.0/24 dev vmbr0 proto kernel scope link src 192.168.1.140


Container:
root@apch2:~# ip route
default dev venet0 scope link
127.0.0.0/8 dev venet0 proto kernel scope link src 127.0.0.2


I already ran the command tcpdump -i any icmp too.
Output on the Host:
root@pve:/proc/sys/net/ipv4# tcpdump -i any icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
16:40:32.584590 IP 192.168.1.141 > 192.168.1.252: ICMP echo request, id 4187, seq 1, length 64
16:40:32.584606 IP 192.168.1.141 > 192.168.1.252: ICMP echo request, id 4187, seq 1, length 64
16:40:33.615342 IP 192.168.1.141 > 192.168.1.252: ICMP echo request, id 4187, seq 2, length 64
16:40:33.615356 IP 192.168.1.141 > 192.168.1.252: ICMP echo request, id 4187, seq 2, length 64

That is the result of the tcpdump -i any icmp if on the CT i try to ping my gateway.

Many thanks!

Fred

 

[Stefan_R]

That is the result of the tcpdump -i any icmp if on the CT i try to ping my gateway.

Can you run tcpdump on the gateway as well? Or try another computer as a target and run it there.