Getting started with OpenVZ live CD
This article is written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ. (Download live CD)
So, as you probably know, OpenVZ allows the user to create VEs, or Virtual Environments, which seem very much like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc. In the same way, a VE can be based on various OS (Operating System) templates. On the LiveCD only few minimal OS templates are installed because of disk space limit. Each VE is identified by its number -- a VEID.
So, how to create a VE with VEID of 101 based on Debian template? Very easy. Just type the following commands in your terminal (you must be root):
# vzctl create 101 --ostemplate debian-3.1-i386-minimal Creating VE private area (debian-3.1-i386-minimal) Performing postcreate actions VE private area was created
vzctl is the tool that manages VEs. Look in /vz/template/cache/ (CentOS LiveCD) or in /var/lib/vz/template/cache/ (KNOPPIX LiveCD) directories for other OS templates available on LiveCD:
# ls -1 /var/lib/vz/template/cache/ centos-4-i386-minimal.tar.gz debian-3.1-i386-minimal.tar.gz fedora-core-5-i386-minimal.tar.gz
List of VEs
You can get the list of all created VEs on HN (Hardware Node) using vzlist command:
# vzlist -a VEID NPROC STATUS IP_ADDR HOSTNAME 101 - stopped - -
As you see, VE 101 is in stopped state now.
Let's start it:
# vzctl start 101 Starting VE ... VE is mounted Setting CPU units: 1000 VE start in progress... # vzlist -a VEID NPROC STATUS IP_ADDR HOSTNAME 101 5 running -
Executing commands in VE
From the "vzlist" command you see that 5 processes are running inside VE 101. (The "NPROC" field indicates the number of Processes, or PIDs, that are active in the VE -- not the number of Processors, or CPUs.) Being on usual hardware node you can use
ps command to identify those, and the same command can be used here. The only difference is that this command should be called inside VE.
In order to perform any command inside VE `vzctl exec` is used:
# vzctl exec 101 ps PID TTY TIME CMD 1 ? 00:00:00 init 7672 ? 00:00:00 rc 7674 ? 00:00:00 S10sysklogd 7677 ? 00:00:00 syslogd 7678 ? 00:00:00 syslogd 7683 ? 00:00:00 ps
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell:
# vzctl enter 101 entered into VE 101 #
In this shell you can do almost all you can do on the real HN. For example create a new user:
# useradd new-user # passwd new-user Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully # mkdir /home/new-user # chown new-user /home/new-user/ # su new-user $ cd ~ $ pwd /home/new-user exit #
In order to exit from VEs shell, just type exit:
# exit logout exited from VE 101 #
Setting up VE networking
Let's set up networking in VE.
# echo 1 > /proc/sys/net/ipv4/ip_forward # ifconfig venet0 up # vzctl set 101 --ipadd 10.1.1.1 --save Adding IP address(es): 10.1.1.1 Saved parameters for VE 1 # vzlist -a VEID NPROC STATUS IP_ADDR HOSTNAME 101 4 running 10.1.1.1 -
Now your Hardware Node can ping VE and VE can ping HN:
# ping 10.1.1.1 PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms --- 10.1.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms # # vzctl exec 101 ping 192.168.0.244 PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data. 64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms #
However, it is not possible to ping other computers in the network: for it we need to set up NAT (Network Address Translation) and set the nameserver.
Assume that you've set up network on HN (for example via DHCP) and the IP address of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1.
# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244 # vzctl set 101 --nameserver 192.168.1.1 --save File resolv.conf was modified Saved parameters for VE 101 # vzctl exec 101 ping google.com PING google.com (188.8.131.52) 56(84) bytes of data. 64 bytes from py-in-f99.google.com (184.108.40.206): icmp_seq=1 ttl=241 time=23.0 ms
Installing software inside VE
I guess you've noted that there is not so many packages in VE. It is because minimal template was used. But of course, you can install any software in VE by yourself. For example, in Debian usual apt-get tool can be used.
Now, for example, we can install gcc inside VE 101 for developing purposes:
# vzctl enter 101 entered into VE 101 # # apt-get install gcc Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: binutils cpp cpp-3.3 gcc-3.3 Suggested packages: binutils-doc cpp-doc make manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-3.3-doc Recommended packages: libc-dev libc6-dev The following NEW packages will be installed: binutils cpp cpp-3.3 gcc gcc-3.3 0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 5220kB of archives. After unpacking 13.6MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://ftp.freenet.de stable/main binutils 2.15-6 [2221kB] Get:2 http://ftp.freenet.de stable/main cpp-3.3 1:3.3.5-13 [1393kB] Get:3 http://ftp.freenet.de stable/main cpp 4:3.3.5-3 [29.6kB] Get:4 http://ftp.freenet.de stable/main gcc-3.3 1:3.3.5-13 [1570kB] Get:5 http://ftp.freenet.de stable/main gcc 4:3.3.5-3 [4906B] Fetched 5220kB in 10s (507kB/s) Selecting previously deselected package binutils. (Reading database ... 7436 files and directories currently installed.) Unpacking binutils (from .../binutils_2.15-6_i386.deb) ... Selecting previously deselected package cpp-3.3. Unpacking cpp-3.3 (from .../cpp-3.3_1%3a3.3.5-13_i386.deb) ... Selecting previously deselected package cpp. Unpacking cpp (from .../cpp_4%3a3.3.5-3_i386.deb) ... Selecting previously deselected package gcc-3.3. Unpacking gcc-3.3 (from .../gcc-3.3_1%3a3.3.5-13_i386.deb) ... Selecting previously deselected package gcc. Unpacking gcc (from .../gcc_4%3a3.3.5-3_i386.deb) ... Setting up binutils (2.15-6) ... Setting up cpp-3.3 (3.3.5-13) ... Setting up cpp (3.3.5-3) ... Setting up gcc-3.3 (3.3.5-13) ... Setting up gcc (3.3.5-3) ... # exit logout exited from VE 101 #
|Note: In the LiveCD environment, you may have to increase shmpages resource limit/barrier for the VE (read the next section) or you will run out of "disk space" when trying to install software|
The very important feature of VE is that you can limit it by resources: CPU, memory, disk space. It is also performed via vzctl. For example to set shmpages (shared memory pages) barrier:limit you should give this command:
vzctl set 101 --shmpages 16384:16384 --save
This will give VE 101 64MB of shmpages (one page equals 4Kb on i386: 4Kb * 16384 = 64Mb)
Current usage values and limits of memory-related resources can be viewed through
# cat /proc/bc/101/resources # or /proc/user_beancounters on 2.6.9 kernels kmemsize 628209 976969 2752512 2936012 0 lockedpages 0 0 32 32 0 privvmpages 5238 6885 49152 53575 0 shmpages 5012 5014 8192 8192 0 numproc 3 11 65 65 0 physpages 5084 6020 0 2147483647 0 vmguarpages 0 0 6144 2147483647 0 oomguarpages 5084 6020 6144 2147483647 0 numtcpsock 0 2 80 80 0 numflock 1 5 100 110 0 numpty 0 1 16 16 0 numsiginfo 0 6 256 256 0 tcpsndbuf 0 4440 319488 524288 0 tcprcvbuf 0 42180 319488 524288 0 othersockbuf 2220 6660 132096 336896 0 dgramrcvbuf 0 2220 132096 132096 0 numothersock 1 6 80 80 0 dcachesize 0 0 1048576 1097728 0 numfile 106 339 2048 2048 0 numiptent 10 10 128 128 0 #
First column is resource name, second is current usage, third is peak usage, forth and fifth are barrier and limit, and last column is fail counter.
Note that if you have nonzero values in the last column, it means that this VE experienced a resource shortage. This is very common reason why some application fail to work in a VE. In this case you should increase limits/barriers accordingly; see resource shortage for more info.
Well, let's stop VE and destroy it:
# vzctl stop 101 Stopping VE ... VE was stopped VE is unmounted # vzctl destroy 101 Destroying VE private area: /var/lib/vz/private/101 VE private area was destroyed #
That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org/ .