Opened 13 months ago

Last modified 13 months ago

#3020 closed task

Creating backup of osgeo6 as lxc container on osgeo7 — at Version 3

Reported by: robe Owned by: sac@…
Priority: normal Milestone: Sysadmin Contract 2023-I
Component: SysAdmin Keywords:
Cc:

Description (last modified by robe)

Doing this so we can test upgrades and other stuff. It went thru okay (first time I'm successfully using lxd-migration (a 5.0 version though, couldn't get the new one to compile as it complained about dqlite, of which I had no success installing)

Steps are listed in https://git.osgeo.org/gitea/sac/osgeo7/wiki/osgeo6-backup----IN-PROGRESS, but I'll repeat here since nothing top secret about it

On osgeo6

sudo -i
screen  #create new screen so if get disconnected will still be running

# worked this time 54.8GB copied

./lxd-migrate 

1) Url: https://osgeo7.osgeo.osuosl.org:8443
2) choose 1 - certificate token
   a) create on osgeo7 using (lxd config trust add (specify osgeo6 for name), copy token

3) a) Choose create container
  b) name: osgeo6-2023-11-05
4) root path: /
5) Extra mounts: yes
6) mount: /var 
7) mount: /var/lib/mailman 
8) mount: /home  
9) enter #will end list
9) 1) begin migration

Ctrl a d #exit out of screen and detach to keep it running
screen -r #pick the job # to reconnect

# after migration is complete 
systemctl enable rsyslog
systemctl start rsyslog

Note I didn't bother copying /var/www, so sites will not start, most of that stuff is deprecated, so I plan to rsync it over after the container starts up.

# on osgeo7

lxc start osgeo6-2023-11-05

It took a really long time to start up, was on "Remapping filesystem for long time (like 20 minutes)

At this point it has no ip, cause well old was hard-coded

# on osge7

lxc snapshot osgeo6-2023-11-05 before-changes
lxc exec osgeo6-2023-11-05 bash

# in osgeo6 backup container

#disable services  
systemctl disable mailman
systemctl disable postfix #stop mail from sending
systemctl disable fail2ban
systemctl disable bacula-fd
systemctl stop mailman
systemctl enable rsyslog
systemctl stop cron.d
systemctl disable cron.d

#systemctl mask systemd-journald
systemctl start systemd-journald

systemctl disable munin-node #removed on osgeo6 so not needed to disable any more
systemctl disable lvm2
systemctl stop lvm2


systemctl start rsyslog


nano /etc/hostname #change to osgeo6-backup
mv /etc/fstab /etc/fstab.orig
touch /etc/fstab #save blank

mv /etc/network/interfaces /etc/network/interfaces.orig
nano /etc/network/interfaces #change 
```

#contents after changing to static private
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

--
```
reboot

#should have an ip at this point. In osgeo7 take another snapshot

lxc snapshot osgeo6-2023-11-05 after-network-dhcp

Change History (3)

comment:1 by robe, 13 months ago

Description: modified (diff)

comment:2 by robe, 13 months ago

Note that at this point

systemctl list-units --failed

shows these failed services

  UNIT                          LOAD   ACTIVE SUB    DESCRIPTION
● apache2.service               loaded failed failed The Apache HTTP Server
● smartd.service                loaded failed failed Self Monitoring and Reporting Technology (SMART) Daemon
● systemd-journald-audit.socket loaded failed failed Journal Audit Socket


apache2 is failed presumably cause I didn't bring over the /var/www volume. I'll do that next. The other stuff well smartd I think is hardware checker, which makes no sense for an os container. I think systemd-journal-audit often fails especially when no security.nesting=true is enabled on server. I'm going to disable both, cause I don't think they are useful

systemctl mask smartd.service
systemctl disable systemd-journald-audit.socket
systemctl disable saslauthd postfix #don't want it sending mail, except when testing mail

# copy over from osgeo6 - key is already installed, so we can get straight to rsync

rsync -avz --exclude=DEPRECATED root@osgeo6.osgeo.osuosl.org:/var/www/* /var/www/

#once that is over then apache starts fine

a2dissite mapserver.org  #these have hard-coded ips so don't start on container which has a different ip
a2dissite mapserver.org-le-ssl
systemctl start apache2
Last edited 13 months ago by robe (previous) (diff)

comment:3 by robe, 13 months ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.