Problems after migrating from OpenVZ to LXC

Discussion in 'Proxmox VE: Installation and configuration' started by corianito, Jul 20, 2019.

Tags:
  1. corianito

    corianito New Member
    Proxmox Subscriber

    Joined:
    Jul 20, 2019
    Messages:
    7
    Likes Received:
    0
    Hello!

    Sorry about the translation, I use an online translator.

    I have migrated OpenVZ servers from the "virtualizor" panel to "proxmox" with LXC.

    Everything seems to work fine, they are servers with CPanel, the servers run cron jobs, but we are getting this error:

    Failed to make mounts private: Permission denied

    Turns out we've contacted CPanel and they tell us the error is this:

    ***
    Hello,

    Thank you for your patience while I investigated this issue.

    It looks like the following mount points are set to ReadOnly, which is likely causing the issues you are seeing:
    =====
    [root@server2 ~]# mount -l | grep ro, | grep -v virtfs
    proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime)
    proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime)
    sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
    tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
    =====

    Can you please remove the read-only flag from the above mount points, and then attempt to create a cron job again?
    ***

    Does anyone know how I can correct it? These are my first steps with proxmox.
     
  2. t.lamprecht

    t.lamprecht Proxmox Staff Member
    Staff Member

    Joined:
    Jul 28, 2015
    Messages:
    1,296
    Likes Received:
    188
    That those are read only is a feature for CTs, it's required to ensure that the one having admin access to the CT can not increase memory/cpu limits, or similar stuff for priviledged CTs like you use.

    If it's enough that "/sys/ is writeable then just use "unprivileged" CTs (can do by backup CT and restore with unprivileged ticked on". They can actual have a writeable "/sys" as they are much more contained (heh) and confined than privileged CTs. If that works for you that'd be the best solution.

    If you require more and do not 100% fully trust those who have access to this virtual server then it's best to use a Virtual Machine (VM), there you do not have any such problems.

    But, if you trust the CT fully you could make both procfs and sysfs read/writeable with:
    Code:
    echo "lxc.mount.auto = proc:rw sys:rw" >> /etc/pve/nodes/<NODENAME>/lxc/<VMID>.conf
    As said, only do this if you fully trust the CT, it's software and the people having access to this container..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. corianito

    corianito New Member
    Proxmox Subscriber

    Joined:
    Jul 20, 2019
    Messages:
    7
    Likes Received:
    0
    Okay.

    A "silly" question. Do you have any way to migrate from LXC to QEMU for newbies like me?
     
  4. oguz

    oguz Proxmox Staff Member
    Staff Member

    Joined:
    Nov 19, 2018
    Messages:
    645
    Likes Received:
    67
    there's no "official method" or a one-click button/one-liner command for it, but if you're looking for some ideas on how to do that, take a look at this thread[0]

    [0]: https://forum.proxmox.com/threads/migrate-lxc-to-kvm.56298/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice