Lxd-p2c Sangoma 7 Distro (FreePBX) migration help

I´m trying to migrate a Sangoma 7 distro to a container. Sangoma is a derivative of CentOS and is the default way of getting a FreePBX system up and running with commercial modules support.

After successfully running lxd-p2c, the vm was migrated but a lot of things were broken.

After wiping out /etc/fstab, the system appears to be working better, but I still have a few failed services.

[root@freepbx ~]# systemctl --failed
  UNIT                    LOAD   ACTIVE SUB    DESCRIPTION
dev-hugepages.mount     loaded failed failed Huge Pages File System
sys-kernel-config.mount loaded failed failed Configuration File System
auditd.service          loaded failed failed Security Auditing Service
chronyd.service         loaded failed failed NTP client/server
kdump.service           loaded failed failed Crash recovery kernel arming
lm_sensors.service      loaded failed failed Initialize hardware monitoring sensors
plymouth-start.service  loaded failed failed Show Plymouth Boot Screen
systemd-sysctl.service  loaded failed failed Apply Kernel Variables
wpa_supplicant.service  loaded failed failed WPA Supplicant daemon

lm_sensors and wpa_supplicant are not really necessary, but I don´t know about the others.

I´m trying to get the container to a state as near as possible to the working vm.

What would be the recommended way of sorting this out?

Thanks a lot.

None of those are necessary and they can likely be disabled/masked if that helps.

  • dev-hugepages => Hugepages aren’t currently namespaced (we’re working on it)
  • sys-kernel-config => Kernel configuration can’t be accessed from containers
  • auditd => The audit subsystem can’t be accessed from containers
  • chronyd => System time is global and can’t be altered by containers
  • kdump => Kernel crashdump is a kernel feature and can’t be accessed by containers
  • lm_sensors => Fan monitoring doesn’t make sense in containers
  • plymouth-start => Graphical console splash screen doesn’t apply to containers
  • systemd-sysctl => Not all sysctls can be accessed/set inside containers. Newever versions of systemd handle failures differently there, so this one will go away on systems with a newer systemd.
  • wpa_supplicant => Wifi doesn’t make much sense in most containers.

So not seeing anything problematic. It’d be good if systemd-sysctl would behave a bit better (handle expected errors and move on) but it’s also not really a big deal if it fails.

Hello, @stgraber! Thanks for the input. I´ll keep trying it out. LXD is such a great software and made life much easier. Thanks a lot for your work.

In case anyone whish to have Sangoma 7 FreePBX running in a container, here are the steps I´ve went through. It seems to be working just fine.

My LXD server is an Ubuntu 18.04 box (x86_64).

Make sure your LXD server accepts network connection and you know the trust password. You will need it in order to start the migration.

  1. Compile the lxd-p2c binary in your LXD box

sudo apt install -y software-properties-common
sudo add-apt-repository ppa:dqlite/stable
sudo apt update
sudo apt install -y lxc-dev libcap-dev libacl1-dev libdqlite-dev golang-go
go get -v -x github.com/lxc/lxd/lxd-p2c

The binary will be in ~/go/bin/lxd-p2c

Copy the lxd-p2c and the required libraries to the Sangoma VM (which should be the same arch, in my case x86_64):

scp ~/go/bin/lxd-p2c root@[vmipaddress]:/tmp
scp -r /snap/lxd/13487/lib root@[vmipaddress]:/tmp

  1. Inside the Sangoma virtual machine:

Upgrade the system

yum update -y
fwconsole moduleadmin upgradeall

Install dependencies

yum install python2-lxc tcl libuv -y


shutdown -r now

Stop FreePBX services

fwconsole stop

Disable services that won´t run inside the future container

systemctl disable dev-hugepages.mount
systemctl mask dev-hugepages.mount
systemctl disable wpa_supplicant.service
systemctl mask wpa_supplicant.service
systemctl disable plymouth-start.service
systemctl mask plymouth-start.service
systemctl disable auditd.service
systemctl mask auditd.service
systemctl disable chronyd.service
systemctl mask chronyd.service
systemctl disable kdump.service
systemctl mask kdump.service
systemctl disable lm_sensors.service
systemctl mask lm_sensors.service
systemctl disable sys-kernel-config.mount
systemctl mask sys-kernel-config.mount
systemctl disable systemd-sysctl.service
systemctl mask systemd-sysctl.service
systemctl disable tuned.service
systemctl mask tuned.service

Wipe fstab out

mv /etc/fstab /etc/fstab.orig
touch /etc/fstab

Define library dir env variable in order to run lxd-p2c


Start the migration process

/tmp/lxd-p2c https://[lxdserveripaddress]:8443 sng7-pbx / --rsync-args “–stats --progress”

Now you can shutdown the VM and go to your LXD server.

  1. In your LXD server

Start the container

lxc start sng7-pbx

Take a look if it´s fine

lxc exec sng7-pbx – bash

Make sure to start all FreePBX services

fwconsole start

If you want to create an image

lxc stop sng7-pbx
lxc publish sng7-pbx --alias sng7-pbx-64bit

Now you can spin containers like a breeze

lxc init sng7-pbx-64bit mypbxcontainer
lxc start mypbxcontainer

Hope it helps.

In case you get these messages inside the container:

Firewall Rules corrupted! Restarting in 5 seconds
More information available in /tmp/firewall.log

And this error in /tmp/firewall.log:

PHP Warning: Invalid argument supplied for foreach() in /var/www/html/admin/modules/firewall/drivers/Iptables.class.php on line 483
1583855689: /sbin/ip6tables -w5 -W10000 -A fpbxinterfaces -i eth0 -j zone-external
ip6tables v1.4.21: can’t initialize ip6tables table `filter’: Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
1583855689: /sbin/iptables -w5 -W10000 -A fpbxinterfaces -i eth0 -j zone-external
1583855689: /sbin/iptables -w5 -W10000 -t nat -A masq-output -o eth0 -j MARK --set-xmark 0x2/0x2

This is because the correct modules are not being automatically loaded.

To fix it, set iptables kernel modules to load before starting the instance:

lxc config set mypbxcontainer linux.kernel_modules ip_tables,ip6_tables

Hope it helps.

You may also want to disable weekly raid-check because you will get a permission error anyway:

/usr/sbin/raid-check: line 96: /sys/block/md0/md/sync_action: Permission denied

So you can just remove the /etc/cron.d/raid-check or comment the line:

# 0 1 * * Sun root /usr/sbin/raid-check