Upgrading Debian Squeeze with OpenVZ to Debian 7/8 with LXC

Question

I have a few servers which are running Debian 6 (Squeeze) which uses OpenVZ to run containers. The containers are some Debian 6 and some Debian 7.

Squeeze was the last version of Debian to support OpenVZ, for the next versions, users are recommended to run LXC containers.

I was holding off this, but Squeeze recently went EOL. And now I'm kinda cornered, because I don't know an easy path to upgrade.

I have no High-Availability, and machines are running on it 24/7, I can't expect too much downtime (such as setting up LXC on another machine and copying them over).

I was wondering if anyone have done this upgrade, I'm thinking of setting up LXC to work on Debian Squeeze together with OpenVZ, so I can start my containers on the same folder and machine as OpenVZ, but with LXC, so when all machines are running via LXC, I then proceed to upgrade the Debian version to 7 and 8 after.

Has anyone ever done this? Do you guys recommend what am I going to do?

Answer 1

I would suggest to keep the system as is but take measures to counter any potential security issue due to leaving it on debian squeeze. However, at the same time set up a fresh debian stable system with LXC containers and then slowly migrate things over after testing it out.

If that is not practical then I believe you can upgrade to wheezy (debian 7) and keep using OpenVZ. I think OpenVZ would not automatically be removed, but would be in the list of packages that could be removed with "apt-get autoremove" and you could also "pin" it to prevent removal. I did not check it to be sure. I do not think it would be without problems and if you depend on the system to be up most of the time don't try it. You should only do it if you can permit some downtime.

In that case the option left is the one you suggested. Trying to get LXC to work on Debian Squeeze together with OpenVZ, and upgrade after that.

Note: as long as you're on Debian Squeeze make sure to keep close attention to security alerts and patches and if there is a major one (such as heartbleed), either close it or fix it by hand. You do not want your system to slowly become an IT security hazard.

I would only really recommend the first solution I provided, however I can understand there are situations where it is not an option.