[lxc-users] How to create lxc container from installed system

[Fajar A. Nugraha]

On Wed, Aug 12, 2015 at 10:32 PM, Bostjan Skufca <bostjan at a2o.si> wrote:
> I did not do what you describe exactly, but went through adaptation of
> regular linux to support container-based version.
>
> I short, what you need to take care of, is:
> - /dev - copy from one of existing containers, replace. You need very few
> devices in container.
> - filesystems /proc, dev and sys
> - udev must not be started
> - lvm must not run it's autoscan features
> - hwclock and ntp should be disabled
> - fsck of filesystems - depends whether you have explicit filesystems for
> containers or not
> - /etc/mtab - symlink to /proc/mounts
> - mounting filesystems: done by lxc if unprivileged containers
> - no swap activation
> - console setterm is pointless and does not work

Most of those should work as is. That is, IF you have a recent-enough
ubuntu installation, you could directly use it as container rootfs,
with the following exception:
- /etc/fstab -> use an empty one
- /etc/network/interfaces -> just use a generic dhcp config

Other things (e.g. udev, lvm, etc) should simply display warning or
errors that won't affect container boot process.

On my setup I create replacements for those files, and then setup
container config to mount it, so I don't have to edit anything inside
the rootfs. Something like

lxc.mount.entry = /var/lib/lxc/s11/mount/fstab etc/fstab none ro,bind 0 0
lxc.mount.entry = /var/lib/lxc/s11/mount/interfaces
etc/network/interfaces none ro,bind 0 0

That way I directly use the rootfs again later as native (i.e. not in
a container) when needed. This is handy if you want a "safe" distro
upgrade, with the ability to switch back to previous version:
- clone your existing rootfs (i.e. assuming you use clone-capable
storage, like btrfs or zfs)
- use the cloned directory as a container rootfs
- upgrade / install packages inside the container
- shutdown container
- setup grub to use the upgraded root (from the container) on next
reboot, with old root entry still in place

Note that I specifically said ubuntu, because I've tested it. I didn't
test other distros, but it should be similar (some things will
obviously be different, like network configuration file).

>
> These are basically the points you need to take care of, or at least I did.
>
> Now, I would recommend converting your OS into unprivileged container in the
> first place, as it gives you the following advantage:
> - if you fail to fix something properly, the worst thing is that container
> will not start properly
> (doing this on unprivileged container might crash your host)


Depending on what you need, I'd recommend using it inside a PRIVILEGED
container:
- using unprivileged container means you need to adjust uid/gid for
all files, which could be complicated and counterproductive if you
intend to use it like I do (for a "safe" upgrade, and it would be used
as a native rootfs again later)
- the default apparmor and cgroups setup on ubuntu should be enough to
prevent container from messing the host

-- 
Fajar


>
>
> Hope this helps,
> b.
>
>
>
> I went through the
>
> On 12 August 2015 at 16:53, Syraxes <syraxes at gmail.com> wrote:
>>
>> Hello all,
>>
>> I am wondering whether it is possible to copy the whole root directory of
>> an existing system into the rootfs of a container : can I hope that this
>> would work ?
>> Did anyone try this instead of lxc-create?
>>
>>
>> The reason for trying this is that I have a customized install dvd image
>> (it is oracle linux with some additional proprietary packages) and I need to
>> use it as container instead of virtual machine.
>>
>>
>> Thanks for any information,
>> Adrian
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users