Proxmox, Ubuntu 24.04 VM to LXC conversion, experience

[DannyJanmaat]

I followed the instructions and this is my experience :

Proxmox by default does not have 'git' installed. I created the files manually :
mkdir /usr/local/convertvmtolxc
nano /usr/local/convertvmtolxc/convert.sh
paste in content of https://github.com/my5t3ry/machine-to-proxmox-lxc-ct-converter/blob/master/convert.sh
nano /usr/local/convertvmtolxc/bashconvert
paste in content of https://github.com/my5t3ry/machine-to-proxmox-lxc-ct-converter/blob/master/bashconvert
chmod +x /usr/local/convertvmtolxc/convert.sh /usr/local/convertvmtolxc/bashconvert

Install 'git' :
apt-get install git

I had difficulties with the RSA-keys. The instruction does not give any detailed information. In the first place it didn't work, but I saw that the script uses the root-user for RSA-key and I setup the RSA-key in my own account with sudo rights.
It's also a bit confusing it asks for the SSH Uri what is like root@ip-address-remote-server but in the end I had only type the ip-address of the remote server.

Proxmox :
sudo su
ssh-keygen -b 4096
enter for creating key
overwrite > y
2x enter for create without password
cat ~/.ssh/id_rsa.pub
copy public key begins with 'ssh -rsa' and end with '@host'.

Remote server :
sudo su
sudo echo YOURPUBLICKEY >> ~/.ssh/authorized_keys
sudo chmod -R go= ~/.ssh

sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config && systemctl restart ssh

Test from Proxmox :
ssh root@ip-address-remote-server -p portnumber
typ 'yes' and press to add the connection to the list of known hosts.
typ 'exit' and press to exit the ssh connection.

Bashconvert :
With script ./convert.sh it doesn't show any output. It keeps waiting and looks like it hangs. But with ./bashconvert you do have an output. Conversion does also take a very long time and is for the remote server very CPU intensive and uses a lot of memory; I had to expand memory to 4GB and cores to 4 for this job, and even then it uses almost continu all resources. My machine uses a enterpise SSD so that should not be the cullprit. The machine normally uses only 1 core and 2GB memory.

**Edit :
On the remote-server there are mnt-points configured, it looks like the conversion follows the path of the mnt-points and copies that information. The mnt-points pointing to a Synology NAS with a lot of data...
I had to stop the script and unmount first all mnt-points on the remote-server :
umount -a and/or nano /etc/fstab and add # before the line(s) to unmount.

Show mounts : mount -l or cat /proc/mounts

Changed to :

./bashconvert -n 'name-of-new-lxc-server' -t 'ip-address-of-remote-server' -P 'ssh-port-number-remote-server' -i 'proxmox-new-server-id' -s 'number-storage-in-gb-new-lxc-server' -a 'ip-address-of-new-lxc-server' -b 'name-of-bridge-network-like-vmbr0' -g 'ip-address-of-network-gateway' -m 'number-memory-in-mb-new-lxc-server' -d 'storage-location-proxmox-like-local-zfs' -p 'password-new-lxc-server'

Example :
./bashconvert -n LXCNewServer -t 10.1.1.216 -P 26 -i 207 -s 4 -a 10.1.0.216 -b vmbr0 -g 10.1.1.254 -m 2048 -d local-zfs -p 'Password@!123.!'

Summary :

• Current VM IP-address : 10.1.1.216
• Current VM SSH port : 26
• New LXC server hostname : LXCNewServer
• New LXC server Proxmox Id : 207
• New LXC server disk size : 4GB
• New LXC server IP-address : 10.1.0.216
• New LXC server bridge connection : vmbr0
• New LXC server default gateway : 10.1.1.254
• New LXC server memory size : 2GB
• New LXC server storage location : local-zfs
• New LXC server password : Password@!123.!

If set before, enter passphrase RSA public key. Then conversion starts.

I looked into the script 'bashconvert' and in the first place I see the following :

• No parameters for '--one-file-system', that's why mnt-points are also copied.
  
• No parameter for DNS server, default is 8.8.8.8
• No parameter for subnet, default is /24
• No parameter for ssh-user, default is root
• No option for autostart.
• No parameter for CPU cores.
• No parameter for swap file size.
• No parameter for privileged/unprivileged LXC container, default is privileged.
• No parameter for target LXC OS.

Change the following and copy paste in Proxmox to execute :

remote_rootuser='root'
remote_ip='10.1.1.214'
remote_port='26'
proxmox_lxcid='214'
proxmox_lxchostname='LXCHOSTNAME'
proxmox_lxcdescription='LXC'
proxmox_lxcmemory='2048'
proxmox_lxcnameserver='10.1.1.100'
proxmox_lxcip='10.1.0.214'
proxmox_lxcipcidr='23'
proxmox_lxcgateway='10.1.1.254'
proxmox_lxcbridge='vmbr0'
proxmox_lxcdisksize='4'
proxmox_lxcstoragelocation='local-zfs'
proxmox_lxcstorageswapfile='512'
proxmox_lxccpucores='1'
proxmox_lxcpassword='YOURPASSWORD'
proxmox_lxcunprivileged='0'
proxmox_lxcstartonproxmoxboot='1'

CreateTar(){
tar -czvvf - --one-file-system -C / --exclude="sys" --exclude="dev" --exclude="run" --exclude="proc" --exclude="*.log" --exclude="*.log*" --exclude="*.gz" --exclude="*.sql" --exclude="swap.img" --exclude="*.zip" --exclude="*.journal~" --exclude="*debug.*.txt" --exclude="*/drivers/*" --exclude="*/logs/*" /
}

ssh -p $remote_port $remote_rootuser@$remote_ip "$(typeset -f CreateTar); CreateTar" > '/tmp/pct_tmp.tar.gz'
pct create $proxmox_lxcid '/tmp/pct_tmp.tar.gz' \
           --description $proxmox_lxcdescription \
           --hostname $proxmox_lxchostname \
           --features mknod=1,nesting=1,keyctl=1 \
           --memory $proxmox_lxcmemory \
           --nameserver $proxmox_lxcnameserver \
           -net0 name=eth0,ip=$proxmox_lxcip/$proxmox_lxcipcidr,gw=$proxmox_lxcgateway,bridge=$proxmox_lxcbridge \
           --rootfs $proxmox_lxcdisksize \
           --unprivileged $proxmox_lxcunprivileged \
           --storage $proxmox_lxcstoragelocation \
           --swap $proxmox_lxcstorageswapfile \
           --cores $proxmox_lxccpucores \
           --onboot $proxmox_lxcstartonproxmoxboot \
           -password $proxmox_lxcpassword
rm -rf '/tmp/pct_tmp.tar.gz'

Documentation pct : https://pve.proxmox.com/pve-docs/pct.1.html

Finally :
Login via ssh to LXC container and execute :
apt-get update -y && apt-get upgrade -y
sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config && systemctl restart ssh

sudo nano /etc/apt/sources.list

Docker :
I run LXC in Ubuntu 24.04.

Proxmox :
echo -e "overlay\naufs" >> /etc/modules-load.d/modules.conf
Reboot.

LXC container :
Install Docker, see instructions : https://docs.docker.com/engine/install/ubuntu/

Use the following configuration to get Docker working :

Old docker-compose.yaml : remove ' version' information, and add as part of your configuration file :

Else you get this error :

Problem solving :
Use 'docker compose' instead of 'docker-compose' :

Problem starting LXC in Proxmox :
run_apparmor_parser: 916 Failed to run apparmor_parser on "/var/lib/lxc/200/apparmor/lxc-200<-var-lib-lxc>": Found reference to variable PROC, but is never declared
apparmor_prepare: 1088 Failed to load generated AppArmor profile
lxc_init: 877 Failed to initialize LSM
_lxc_start: 2034 Failed to initialize container "200"
TASK ERROR: startup for container '200' failed

If in Proxmox file not exists create nano /etc/apparmor.d/tunables/proc and add the following line :
@{PROC}=/proc/
No reboot required.

From the outside the LXC container is reachable, but I don't have access to the Docker containers. I understand that LXC and Docker are some sort the same and it's not best practice having Docker within a LXC container.
I was blind trying to get this solved, and I will get this solved but on the other hand it's better for me to have my Docker applications running directly in LXC/Ubuntu and not in a container. I have to reinstall and reconfigure my webapplications to get this working but then not prone to any future updates.

Documentation 'apparmor-profiles' in Docker : https://docs.docker.com/engine/security/apparmor/
Check this other cool script for creating LXC containers : https://github.com/tteck/Proxmox