# Migrate Jail from one host to another



## ryanm (May 21, 2012)

tl;dr -- Can I take a copy of a jail in FreeBSD 4.7 and move it to a new 4.7 basehost and have it work? Or does it have to be built on the server?

Long Version --

We have a legacy web server (v4.7) that we don't actively use but we have to keep it around for legal purposes.  We currently have it hosted right now with a company, but we're looking to get away from them and host this ourselves so we don't have to spend so much money to keep this thing alive. The hosting provider is completely unwilling to aid us in any backup operation, they won't share any information on how our server is virtualized (although a few things they have said lead me to believe we're in a jail) and essentially won't give us anything other than a snapshot of our data on an FTP server.

The unfortunate part with this server is that the web service that's running on it is completely dependent on it's current EXACT setup. Anything older or newer of any of the same packages (php, perl, apache, mysql, etc..) and it will not work, which is why it was never upgraded past 4.7. So I've tried rebuilding this server but we've run into so many missing dependencies, libraries and packages that we have failed in every attempt to actually make a second working copy of this server. So we consider this server 'fragile'. Now, legal reasons have popped up and we need to make some modifications to the server, but we're afraid of breaking it beyond repair in the process. And as I have mentioned, our hosting company could care less.

So I was wondering, if I take this data backup they've given me, can I build a new bare 4.7 system with jails, put the data backup into a directory, then configure rc.conf with the appropriate directives and start it up as a jail? Would this be possible without having access to the host system?


----------



## SirDice (May 22, 2012)

I certainly hope that server isn't facing the internet. It's probably been owned for quite a while. FreeBSD 4.7 went end-of-life more than 5 years ago. That means no security updates for the past 5 years.

Don't migrate to another totally unsupported version. Migrate to a recent, and supported version. Dump the hosting provider if they can't help you with that.


----------



## da1 (May 22, 2012)

ryanm said:
			
		

> So I was wondering, if I take this data backup they've given me, can I build a new bare 4.7 system with jails, put the data backup into a directory, then configure rc.conf with the appropriate directives and start it up as a jail? Would this be possible without having access to the host system?



ezjail comes to mind. I've never done it with ezjail but AFAIK it's doable. And since you already played a bit before, I think you can try one more thing.

Still, SirDice's advice regarding the security is worth mentioning.


----------



## ryanm (May 22, 2012)

SirDice said:
			
		

> I certainly hope that server isn't facing the internet. It's probably been owned for quite a while. FreeBSD 4.7 went end-of-life more than 5 years ago. That means no security updates for the past 5 years.
> 
> Don't migrate to another totally unsupported version. Migrate to a recent, and supported version. Dump the hosting provider if they can't help you with that.



Well, the whole point of migrating it would allow us to shut off our service with the hosting provider (which we absolutely loathe) and host it locally, off the Internet and away from bad guys, until our legal obligation is fulfilled. Unfortunately it is a publicly accessible server and the only thing that is preventing us from changing that is the fact that we haven't successfully been able to rebuild it and the hosting company is unwilling to help us transfer it. Believe me.. do you think I enjoy being the sys admin responsible for this ticking time bomb?



			
				da1 said:
			
		

> ezjail comes to mind. I've never done it with ezjail but AFAIK it's doable. And since you already played a bit before, I think you can try one more thing.
> 
> Still, SirDice's advice regarding the security is worth mentioning.



I'll look into it, thanks.

Another thing - Is there any way that I can confirm that I'm running inside a jail? A few reasons that lead me to believe that I am is 1) there's no /boot directory 2) there are only 5 or 6 items listed under /dev 3) the fact that they have "static backups" of the server but not bootable backups makes me think they're just making copies of the jail directory on the host. Is there anything else I can look for to confirm that I'm running in a jail before I attempt to rebuild the jail on another machine? The host refuses to tell us what we're running on.


----------



## SirDice (May 22, 2012)

Not sure if /boot/ already existed during 4.x. So it's possible it's not there.

In any case, I'd probably dump all the data from MySQL using mysqldump(1) or a similar tool. For the website itself just tar(1) it up. Transfer all that data to one of your own systems. Build a recent FreeBSD machine with the ports you need. Then try to "restore" the myqldump. This is probably the trickiest part and may need some "massaging" of the data to get it in. The website can just be put anywhere, configure apache to use that directory and fix any PHP errors that might occur. 

It might take some fiddling but in the end you'll have migrated to proper, supported version. If you keep it nicely up to date it'll run for another 5 years.


----------



## ryanm (May 22, 2012)

SirDice said:
			
		

> Not sure if /boot/ already existed during 4.x. So it's possible it's not there.
> 
> In any case, I'd probably dump all the data from MySQL using mysqldump(1) or a similar tool. For the website itself just tar(1) it up. Transfer all that data to one of your own systems. Build a recent FreeBSD machine with the ports you need. Then try to "restore" the myqldump. This is probably the trickiest part and may need some "massaging" of the data to get it in. The website can just be put anywhere, configure apache to use that directory and fix any PHP errors that might occur.
> 
> It might take some fiddling but in the end you'll have migrated to proper, supported version. If you keep it nicely up to date it'll run for another 5 years.




It's not that simple. We've tried that. We've paid other people to try it. As I mentioned in the original post, this thing has to be pieced together in the exact same way as it is now. It's been a while since I last tried so I can't remember exactly what packages had problems, but for example I know that we're using PHP functions that don't exist past 4.X, we can't use any version of mysql older than 4.0.x or newer than 4.1.x because the DBI version isn't compatible with program XYZ, and program XYZ only works with PHP 4.1.x, etc, etc. I know that's a crude example, but those were the issues I faced when trying to rebuild it. We retired this application several years ago, so we can't get management to approve man hours to fix the deprecated PHP code (plus, changing the way it originally worked wouldn't jive well with the legal stuff we're dealing with right now). Our ideal situation is to get a copy of this working on one of our own systems, make good backups of it, then lock it away in a storage closet until our legal obligation is fulfilled.


----------



## SirDice (May 22, 2012)

Any chance you can fulfull the legal obligation with just the dump of the database?

I mean, it looks as though the application doesn't even need to be working, just that the data needs to be available for the next X number of years.


----------



## ryanm (May 22, 2012)

Unfortunately, no. This application was an online school platform. We tried just delivering the content, but the requirement is that they be able to see how it was functioning and what content existed on any given day between 2003-2007. So not only do I need this site recreated for safety's sake, I actually have to make multiple copies of it with different code checkouts from multiple dates. You know, it's one of those projects that makes you wish you had become a designer or something else


----------

