Hello Fajar, Thanks , " fuidshift" is what I was looking for :) It's working . I already made my own script to move it from one host (LXC) to the other one (LXD) . I guess the one that you were talking about is : https://github.com/lxc/lxd/blob/master/scripts/lxc-to-lxd
Have a nice day Cordialement, Benoît De: "Fajar A. Nugraha" <[email protected]> À: "lxc-users" <[email protected]> Envoyé: Lundi 11 Juillet 2016 02:16:34 Objet: Re: [lxc-users] move unprivileged containers - uid/gid map On Sun, Jul 10, 2016 at 7:20 AM, Benoit GEORGELIN - Association Web4all < [email protected] > wrote: Hi, I'm looking to move unprivileged containers from one host to another. I'm actually moving pure LXC containers to a new LXD/LXC host I would like to know how should I deal with the uid/gid inside the container. The root uid/gid is différent on the new host. But I can simply remplace the old UID/GUID by the new one with a find request but how should I do with the other users id used inside the container ? use fuidshift from lxd-tools package BQ_BEGIN I did not understand where the uid/gid map is done Inside the container root@w4a:~# id ubuntu uid=1000(ubuntu) gid=1000(ubuntu) Folder : drwxr-xr-x 2 ubuntu ubuntu 6 Jul 8 23:17 ubuntu Outside the container drwxr-xr-x 2 166536 166536 6 Jul 8 23:17 ubuntu How the system know about uid/gid 1000 inside container = uid/gid 166536 outside the container It look like root uid = 165536 outside the container and it is defined by lxc configuration id 1000 inside the container will be root uid + user id , so 165536 + 1000 = 166536 BQ_END yes BQ_BEGIN But what is two container have a user uid 100 ? they will both avec the same uid outside the container ? BQ_END short version, yes. BQ_BEGIN About migrate the container from, how should I manage it ? Should I re-do the mapping myself ? Like looking into /etc/passwd inside the container then use the root uid + the id found for that user in /etc/passwd and replace the old uid/gid by the new one ? Maybe there is faster/better solution ? BQ_END Don't mess with passwd/group inside the container. Just use fuidshift. BQ_BEGIN I was looking to add an uid/gid mapping to match the container configuration as it was before, but it does not look to work I have this as an example in a config file dedicated for the container on the LXC pure host. # Container specific configuration lxc.id_map = u 0 951968 65536 lxc.id_map = g 0 951968 65536 Here is what I did to the new host : cat /etc/subuid gxd:100000:65536 root:165536:65536 root:951968:65536 BQ_END The easiest way is to NOT change anything. lxd currently only supports one uid range for unpriv containers. Undo your changes. BQ_BEGIN I also tried to set lxc.raw cat << EOF |lxc config set test-ct raw.lxc - lxc.id_map = u 0 951968 65536 lxc.id_map = g 0 951968 65536 EOF But in that case, container does't start. BQ_END ... which, as you've found out, doesn't work. There's a script to convert lxc -> lxd somewhere on this list, but I usually do things manually: (1) create a container in lxd. Start it, stop it, then look at its uid mapping (i.e. "which u/gid owns /var/lib/lxd/containers/container_name/rootfs") (2) use fuidshift with "-r" to shift your lxc container u/gid back to privileged, using the starting u/gid value in your original lxc config (should be 951968) (3) use fuidshift again, but this time without "-r", to shift your lxc container to unprivileged, using the starting u/gid value from (1) (4) move your new lxd container's original rootfs somewhere else (or delete it if you want), then replace it with rootfs from (3) (5) start your lxd containers -- Fajar _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
