I want to take lxc container backup. We have server with 12.04 LTS ubuntu server
and I have installed LXC - 1.0.0.alpha2
in it. I wanted to update our
I agree with Brad Jasperson. I do it this way:
lxc-clone -KMP /path/to/backup name name
If something goes wrong with your container, and downtime costs a lot, you can run the copy:
lxc-start -n name -P /path/to/backup
and stop:
lxc-stop -n name -P /path/to/backup
you can copy it back in place later in appropriate time. Good luck!
In case you stumbled upon this post, my answer is really about moving the LXC containers between systems, since that seemed to be the question being asked.
If you want to backup your LXC containers, see @Stuart's answer for some great options.
This is how I migrate LXC containers between systems. I've successfully moved ubuntu based 12.04 containers to a 14.04 host, and they work great.
Shutdown the container
# lxc-stop -n $NAME
Archive container rootfs & config
# cd /var/lib/lxc/$NAME/
# tar --numeric-owner -czvf container_fs.tar.gz ./*
The --numeric-owner
flag is very important! Without it, the container may not boot because the uid/gids get mangled in the extracted filesystem.
When tar creates an archive, it preserves user / group ownership information. By default, when extracting, tar tries to resolve the archive user/group ownership names with the ids on the system running tar. This is intended to ensure that user ownership is resolved on the new system, in case the UID numeric values differ between systems.
This is bad for an LXC filesystem because the numeric uid/gid ownership is intended to be preserved for the whole filesystem. If it gets resolved to a different value, bad things happen.
Copy the file to your new server
# rsync -avh container_fs.tar.gz user@newserver:/var/lib/lxc/
Extract rootfs
# mkdir /var/lib/lxc/$NAME/
# cd /var/lib/lxc/$NAME/
# tar --numeric-owner -xzvf container_fs.tar.gz .
If you're using an overlay backed container, you'll also need to migrate the container this new one is based off of. Lastly, you might see a few warnings about skipped socket files:
tar: /var/lib/lxc/$NAME/rootfs/dev/log: socket ignored
I've ignored this error, and haven't had any issues with any of the containers I manage. If you have further issues, add your error messages to the original post and I'll elaborate.
To backup an lxc
container quickly to a remote
host without a btrfs
filesystem I mount a filesystem from the remote
host with sshfs
& cd
into the mount. Stop the container & create a tar.xz
archive of it.
I now run my lxc
containers on a btrfs
filesystem to make it simpler to take a snapshot
of the running containers. btrfs sub snap
detects proc run sys
are virtual filesystems & does not include them in the snapshot.
I use Duply to backup LXC containers. Unlike backing up a normal machine you DO want to include /dev
from the LXC container in the backup.
apt-get install duply
duply mybackup create
In ~/.duply/mybackup/exclude
I used:
- /cdrom
- /dev
- /lost+found
- /media
- /mnt
- /proc
- /run
- /sys
- /tmp
- /var/backup/restore/*
- /var/backup/tmp/*
- /var/lib/lxc/*/rootfs/lost+found
- /var/lib/lxc/*/rootfs/media/*
- /var/lib/lxc/*/rootfs/mnt/*
- /var/lib/lxc/*/rootfs/proc/*
- /var/lib/lxc/*/rootfs/run/*
- /var/lib/lxc/*/rootfs/sys/*
- /var/lib/lxc/*/rootfs/tmp/*
- /var/lib/lxcfs/*
The above will backup the whole machine & all the LXC containers.
To just backup containers edit ~/.duply/mybackup/conf
& change SOURCE='/'
to SOURCE='/var/lib/lxc'
& remove the non lxc lines from ~/.duply/mybackup/exclude
Tested with running Alpine Linux LXC containers - will also work on Debian.
Simple Backups with Duply - you can also just do very simple unencrypted backups to a local file (set TARGET='file://[relative|/absolute]/local/path'
in ~/.duply/mybackup/conf
)
To sign Duply backups see GnuPG in Automated Environments ( password-less signing key instead of storing the password in plaintext ).
Set GPG_TEST='disabled'
in the Duply conf
file for cron jobs.
If you do not store any plaintext passwords in your conf
do not disable GPG_TEST
on restores - so gpg-agent caches your passwords.
I find the simplest way to back up a container is to just run lxc-clone.
lxc-clone -o NAMEOFCONTAINER -n NAMEOFCONTAINER -P BACKUPDIR
Restoring it is as simple as copying or moving the backup back to /var/lib/lxc You can also tar it to save space.