CT migration from one node to another

I

ieronymous

Well-Known Member
Apr 1, 2019
285
21
58
44
Hi

Noticed today that after backup of an LXC, when tried restoring it to another node I got a msg ....

Code: 
tar: ./etc/vzdump/pct.conf: time stamp 2024-11-03 11:50:15.351796943 is 10308.553838456 s in the future
tar: ./etc/vzdump/pct.fw: time stamp 2024-11-03 11:50:15.371796943 is 10308.57333834 s in the future
tar: ./var/log/journal/3b821d64736e45268431965288f4a618/user-1000.journal: Warning: Cannot acl_from_text: Invalid argument
tar: ./var/log/journal/3b821d64736e45268431965288f4a618/user-1000@2b953820758c4775be25e125a8cf5b99-0000000000004dde-000613781c066e3b.journal: Warning: Cannot acl_from_text: Invalid argument

In the path /var/lib/lxc, on the old node didn't have a folder named apparmor while after migration there is now one existent. That directory contains this inside 'lxc-303_<-var-lib-lxc>' , written exactly like thi with the ' ' and <>


I compared between the nodes all the conf files of the LXC like config and rules.seccomp and found only one difference here at the config file

Code: 
cat config
lxc.cgroup.relative = 0
lxc.cgroup.dir.monitor = lxc.monitor/303
lxc.cgroup.dir.container = lxc/303
lxc.cgroup.dir.container.inner = ns
lxc.arch = amd64
lxc.include = /usr/share/lxc/config/debian.common.conf
lxc.include = /usr/share/lxc/config/debian.userns.conf
lxc.seccomp.profile = /var/lib/lxc/303/rules.seccomp
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
lxc.mount.auto = sys:mixed
lxc.monitor.unshare = 1
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.tty.max = 2
lxc.environment = TERM=linux
lxc.uts.name = docker
lxc.cgroup2.memory.max = 2147483648
lxc.cgroup2.memory.high = 2130706432
lxc.cgroup2.memory.swap.max = 536870912
lxc.rootfs.path = /var/lib/lxc/303/rootfs
lxc.net.0.type = veth
lxc.net.0.veth.pair = veth303i0
lxc.net.0.hwaddr = BC:24:11:A1:61:CF
lxc.net.0.name = eth0
lxc.net.0.mtu = 1500
lxc.net.0.script.up = /usr/share/lxc/lxcnetaddbr
lxc.cgroup2.cpuset.cpus = 29

On the old node the last line: lxc.cgroup2.cpuset.cpus = 29, has an arithmetic value of 29 while on the new node is empty of values with just the = symbol like: lxc.cgroup2.cpuset.cpus =

The cat rules.seccomp gives the same output for the LXC on both nodes

Code: 
2
denylist
reject_force_umount  # comment this to allow umount -f;  not recommended
[all]
kexec_load errno 1
open_by_handle_at errno 1
init_module errno 1
finit_module errno 1
delete_module errno 1
ioctl errno 1 [1,0x9400,SCMP_CMP_MASKED_EQ,0xff00]
keyctl errno 38

The LXC worked afterwards but I wonder why that happened. The first two lines indicate that the servers had different time settings configured without that being true.

Tried afterwards another LXC and had the same warning message during restoring it and afterwards the migrated LXC had one extra folder
apparmor and the line lxc.cgroup2.cpuset.cpus = 28, changed from 28 on the old node to 7 on the new one.

PS The LXC restored with Privilege option set as <<From Backup>>
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back