Introduction
The page documents my experience developing a trixie rollout plan.
Key questions I wish to answer are:
- inside a trixie LXC container running on a trixie host, does
topshow the right thing? (At the time of doing this, my systems were – with the exception of the Check_MK server – all running Debian bookworm, wheretopshowed no CPU or memory information when run as root and listed host CPU and memory when run as non-root.) - Work out the packages that need to installed or removed to align DI-based installations with lxc-based installations as much as possible.
pass #1: PM/KVM-VM installation
- Note the following commands (one of the links below executes them, for now just note them):
create-perfect-drbd-vol -v --remote=ziti --name=trofie --size=21G --name1=pici --ip1=192.168.3.10 --name2=ziti --ip2=192.168.3.13 create-perfect-drbd-vol -v --remote=ziti --name=trofie_images --size=20G --name1=pici --ip1=192.168.3.10 --name2=ziti --ip2=192.168.3.13 create-perfect-kvm-vm --remote=ziti --name=trofie --release=trixie --mem=8G --cpus=4 --disk=block:/dev/drbd_trofie --disk=block:/dev/drbd_trofie_images --nic=bridge:br0
Note:
- these commands were run on Debian bookworm, so although they are to be used to install Debian trixie, they themselves do not need to run in Debian trixie (yet)
- trofie does not have an interface on the storage shortcut network; this is not required for a test machine.
- Complete Installing Debian 13 on a PM or KVM VM.
- Immediately save the installed package list:
mkdir -p ~/tmp dpkg -l > ~/tmp/pristine.dpkg-l
- Install and run PCMS (the host page should now specify this as makes previous procedure neater). To get this working:
- some changes to gen-facility-local were required particular prefixing regexps with
r'to avoid complains about\dnot being a valid escape sequence generatorshwas losing the return code of the script on which it was the#!line- In order to get each of my local packages into the trixie Packages files, I needed to do the following as repomaster@farfalle:
- Run:
paa listrepos paa editrepo ... ...
in order to add trixie to the list of releases for which it prepared control files.
- In /pub/computing/software/local/debian/localpublic-deb/pool/ copy the newest .deb files for each page (but not the _latest.deb files) into ../../localpublic-deb.queue and then run:
bs -v ep ade # any single package will trigger insertion of all packages
- To do the equivalent in the localprivate-deb directory.
- Run:
- some changes to gen-facility-local were required particular prefixing regexps with
- Complete Configuring virtualisation services (revision 6).
- Ensure everything is committed.
pass #1: container installatio
- Create a 5GB volume volume for container ‘dalza’:
dd if=/dev/zero of=/vol/local/images/dalza.img bs=1g count=5
- Note the following commands (one of the links below executes them, for now just note them):
~/opt/virttools/bin/create-basic-lxc-cnt -v --name=dalza --mem=2G --cpus=1 \ --disk=file:/vol/local/images/dalza.img --nic=bridge:br0 --release=trixie \ --method=my-templates --offset=900000 - After BTS#1088929 was fixed I was able to complete. Installing Debian 13 on an LXC container.
- Install and run PCMS (the host page should now specify this as makes previous procedure neater).
At this point I had made so many changes to scripts and had rerun many commands that I felt reinstalling both the DI-install host and the container it ran was warranted.
pass #2: PM/KVM-VM installation #2
- Make note of the following commands :
create-perfect-drbd-vol -v --remote=ziti --name=trofie --size=21G --name1=pici --ip1=192.168.3.10 --name2=ziti --ip2=192.168.3.13 create-perfect-drbd-vol -v --remote=ziti --name=trofie_images --size=60G --name1=pici --ip1=192.168.3.10 --name2=ziti --ip2=192.168.3.13 create-perfect-kvm-vm --remote=ziti --name=trofie --release=trixie --mem=8G --cpus=4 --disk=block:/dev/drbd_trofie --disk=block:/dev/drbd_trofie_images --nic=bridge:br0
Note:
- these commands were run on Debian bookworm, so although they are to be used to install Debian trixie, they themselves do not need to run in Debian trixie (yet)
- trofie does not have an interface on the storage shortcut network; this is not required for a test machine.
- the 60GB trofie_images is, according to my disk image sizing standard (revision 1), enough space store one container and one VM, plus image backups, which will be created later in this procedure.
- Complete Installing Debian 13 on a PM or KVM VM.
- Before running PCMS, set up the device for disk images as follows:
pvcreate /dev/vdb vgcreate vg1 /dev/vdb lvcreate --extents=100%FREE --name=local vg1 mkfs -t ext4 /dev/vg1/local
- Install and run PCMS.
- Complete Configuring virtualisation services (revision 6).
- Ensure everything is committed.
pass #2: container installation
- Note the following commands (one of the links below executes them, for now just note them):
dd if=/dev/zero of=/vol/local/images/dalza.img bs=1G count=5 ~/opt/virttools/bin/create-basic-lxc-cnt -v --name=dalza --mem=2G --cpus=1 \ --disk=file:/vol/local/images/dalza.img --nic=bridge:br0 --release=trixie \ --offset=900000 - Complete Installing Debian 13 on an LXC container.
- Save the disk image:
virsh shutdown dalza cp /vol/local/images/dalza.img /vol/local/images/dalza.img.pre-pcms virsh start dalza
- Install and run PCMS (the host page should now specify this as makes previous procedure neater).
pass #2: KVM-VM-in-PM/KVM-VM installation
I need to be able:
- compare a pristine package list of a trixie container with a trixie VM
- compare debfoster lists (this is really the most useful)
- investigate the effects of attempting to remove some packages.
The VM I’ve installed can only run a container once I’ve installed a lot more packages (with PCMS), which makes it itself unsuitable for a comparison.
- Note that the commands below will be run on the trixie VM, though not yet. I note this so that I don’t run it real hardware.
- Note the following commands (one of the links below executes them, for now just note them):
dd if=/dev/zero of=/vol/local/images/egret.img bs=1G count=21 ~/opt/virttools/bin/create-perfect-kvm-vm -v --name=egret --mem=4G --cpus=1 \ --disk=file:/vol/local/images/egret.img --nic=bridge:br0 --release=trixie - Complete Installing Debian 13 on a PM or KVM VM.
pass #2: PM/KVM-VM/container package alignment
The packages installed by a minimal DI-based installation and a minimal create-basic-lxc-cnt/lxc-create-based installation will be different (e.g. the former should get a kernel, the latter not). Here we seek to increase the alignment.
- On both the just-created KVM-based VM and the just-created container, run:
mkdir ~/tmp && cd ~/tmp dpkg -l > $HOSTNAME-pristine.dpkg apt-get -y install debfoster debfoster -q cp /var/lib/debfoster/keepers $HOSTNAME-almost-pristine.keepers apt-get -y install openssh-server # does nothing on the container, where already installed echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config systemctl restart ssh ip addr
- Copy the just-created files to a common location.
- Tidy them as follows:
HOSTS="egret dalza" for HOST in $HOSTS; do sed -e 1,5d $HOST-pristine.dpkg-l | awk '{ print $2 }' | grep -v '^lib' | sort > $HOST.ls sort $HOST-almost-pristine.keepers | grep -v ^lib > $HOST.keepers done - Diff the package lists with:
comm -3 $(printf "%s.keepers " $HOSTS)
For me that produced:
sugo$ comm -3 $(printf "%s.keepers " $HOSTS) apt-transport-https console-setup dialog dosfstools eject grub-efi-amd64 installation-report intel-microcode linux-image-6.12.6-amd64 linux-image-amd64 locales lvm2 openssh-server qemu-guest-agent task-english usbutils usr-is-merged whiptail sugo$
(i.e. left column is PM/KVM-VM only; right column is container only.)
- Move those differences that are due to machine type to a second list and append justifications, which, in my case gives this:
console-setup # container doesn't have real console eject # container doesn't have physical CD drive grub-efi-amd64 # container doesn't have UEFI BIOS installation-report # installation of contains of interest to debian's LXC team, not Debian's DI team intel-microcode # container doesn't have real CPU linux-image-6.12.6-amd64 # container doesn't have kernel linux-image-amd64 # container doesn't have kernel lvm2 # container filesystems are managed by host qemu-guest-agent # container is not QEMU guest task-english # depends on locales, which we would remove usbutils # lsusb can't initialise USB bus in container
- Work out what is left, which, in my case gives this:
apt-transport-https dialog dosfstools locales openssh-server usr-is-merged whiptail
- Since the PM/KVM-VM was a minimal installation and we ran no extra package installation/removal commands, we should not now install/remove packages on the KVM-VM/PM to increase PM/KVM-VM/container alignment. Instead we will install/remove packages from the container. So we turn the above list into a
apt-getcommand to install the missing packages anddebfostercommand to remove the superfluous packages (not anaptorapt-getcommand as these won’t remove the prerequisites which would otherwise newly be reported as “leaf” dependencies):apt-get install dosfstools usr-is-merged whiptail debfoster -f -o RemoveCmd="apt-get -y --purge remove" apt-transport-https- dialog- locales- openssh-server-
- Try running the commands manually lest they won’t install or pull in unforeseen inappropriate packages.
- Add these commands (with
-y, insidechrootcalls, bracketed by installation and removal of debfoster) to the lxc-create template (my own template has a function specifically for this), in total giving:miniade_evaler "chroot \"$CONTAINER_ROOTDIR\" apt-get -y install dosfstools usr-is-merged whiptail" miniade_evaler "chroot \"$CONTAINER_ROOTDIR\" apt-get -y install debfoster" miniade_evaler "chroot \"$CONTAINER_ROOTDIR\" debfoster -f -o RemoveCmd=\"apt-get -y --purge remove\" apt-transport-https- dialog- locales- openssh-server-" miniade_evaler "chroot \"$CONTAINER_ROOTDIR\" debfoster -f -o RemoveCmd=\"apt-get -y --purge remove\" debfoster-"
pass #2.1: PM/KVM-VM/container package alignment … again
- Recreate the container using the same command as above (but with additional
--undefineoption):virsh destroy dalza ~/opt/virttools/bin/create-basic-lxc-cnt -v --name=dalza --mem=2G --cpus=1 \ --disk=file:/vol/local/images/dalza.img --nic=bridge:br0 --release=trixie \ --offset=900000 --undefine - Note that what follows is (or at least it originally was) a copy of the ‘pass #2: package alignment’ section above.
- On both the just-created container, run:
mkdir ~/tmp && cd ~/tmp dpkg -l > $HOSTNAME-pristine.dpkg apt-get -y install debfoster debfoster -q cp /var/lib/debfoster/keepers $HOSTNAME-almost-pristine.keepers apt-get -y install openssh-server # no longer does nothing on the container, since openssh-server now removed by my lxc template! echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config systemctl restart ssh ip addr
- Copy the just-created files to a common location.
- Tidy them as follows:
HOSTS="egret dalza" for HOST in $HOSTS; do sed -e 1,5d $HOST-pristine.dpkg-l | awk '{ print $2 }' | grep -v '^lib' | sort > $HOST.ls sort $HOST-almost-pristine.keepers | grep -v ^lib > $HOST.keepers done - Diff the package lists with:
comm -3 $(printf "%s.keepers " $HOSTS)
- This produced only items on the “explanation” list above. Woohoo!
pass #3: installation of KVM VM inside VM
pass #3: installation of container
pass #3: KVM-VM-with-DRBD-in PM/KVM-VM installation
- In trofie, I undefined egret.
- I saved trofie’s dalza image to outside of the trofie_images filesystem:
cd /vol/local gzip -i dalza.img mv dalza.img.gz /root
- I shut down trofie
- I cloned:
- trofie’s disk images to egret
virsh dumpxml trofie > egret.xml; edited to change all occurences of hostname, bumped UUID and MAC address;virsh define egret.xml
- I started up egret and changed:
- hostname in /etc/hostname and /etc/hosts
- IP address in /etc/hosts and /etc/network/interfaces.d/br0
- machine ID as follows:
rm -f /etc/machine-id /var/lib/dbus/machine-id dbus-uuidgen --ensure=/etc/machine-id dbus-uuidgen --ensure reboot
(Without this we encounter kernel messages:
br0: received packet on enp7s0 with own source address (addr:aa:bb:cc:dd:ee:ff, vlan:0
see here for more details.)
- its name and IP address from trofie’s to egret’s
- I started up trofie.
- On both machines I unmounted /vol/local and deleted the LV /dev/vg1/local.
- I set up ssh to allow bidirection access between trofie and egret.
- On trofie I ran:
create-perfect-drbd-vol -v --vg=vg1 --remote=egret --name=dalza --size=6G --name1=trofie --ip1=192.168.1.38 --name2=egret --ip2=192.168.1.39
(Note that the command does the replication over the public interface rather than over a replication network; this is because, in the
create-perfect-kvm-vmcommand at the top of this page, I forgot to define a second interface. Note also that 6GB is not a typo: see a few lines down.) - I saved the definition of thr dalza container and removed the definition:
export LIBVIRT_DEFAULT_URI=lxc:///system virsh dumpxml dalza > dalza.xml virsh undefine dalza
- I checked that GB/GiB differences wouldn’t mean the backup of the dalza container wouldn’t fit on the DRBD device:
dd if=/dev/zero of=/dev/drbd_dalza bs=1G count=5
(A 5GB DRBD device was insufficient to git the 5GB disk image, presumably due to meta data overhead. As a result of that I went back and increased the size of the DRBD device a few lines up from 5GB to 6GB.)
- I wrote the backup of dalza’s disk image to the DRBD device:
zcat /root/dalza.img.gz | dd of=/dev/drbd_dalza bs=1M
- I made sure my working copies were up to date:
svn up ~/opt/* svn st ~/opt/*
- I created a new dalza container, using the DRBD device as storage:
~/opt/virttools/bin/create-basic-lxc-cnt -v --name=dalza --mem=2G --cpus=1 \ --disk=block:/dev/drbd_dalza --nic=bridge:br0 --release=trixie \ --offset=900000 - It all looks good. Project completed.