Changes

Jump to: navigation, search

Debian template creation

59 bytes added, 05:13, 10 April 2007
Updated for Debian Etch release
These are rough instructions of how to manually create minimal basic Debian Sarge Etch (34.10) template cache, which can be used to create OpenVZ [[VE]]s based on Debian Sarge Etch (34.10).
== Prerequisites =='''Notes:'''I have used OpenVZ on a Gentoo Linux for this work* You shouldn't be running as root, but any distribution as a user that is finepermitted to use sudo instead. It's a dangerous idea, run as long as root at your peril.* Anywhere you see <tt>/vz</tt>, you can have might really need to use <tt>/var/lib/vz</tt> instead, especially on a working Debian Etch host.* Anywhere you see <tt>debootstraphttp://debian.osuosl.org/debian/</tt> utility on it, you can substitute your favorite Debian mirror. ([http://www.debian.org/mirror/list List of official Debian Mirrors])
For Gentoo, run
<pre>emerge debootstrap</pre>
For other distros you might == Prerequisites ==You need to install it from sources, or google for an appropriate package for have a working copy of <tt>debootstrap</tt> running on your distro. An RPM is available from [http://forum.openvz.org/index.php?t=tree&th=142&mid=584]hardware node.
== Bootstrapping For Debian ==:All the commands below are executed from the root shell. We use VE ID of 777 for this example; surely it can be any other unused ID. sudo apt-get install debootstrap
For Debian Sarge on an '''x86''' (a.k.a. '''i386''') architectureGentoo:<pre> sudo emerge debootstrap --arch i386 sarge /vz/private/777 http://ftp.freenet.de/debian</pre>
For Debian Sarge on other distros you might need to install it from sources, or search for an '''x86_64''' (a.kappropriate package for your distribution.a. '''AMD64''') architecture (Sarge/amd64 An RPM is not official so we have to use another repository):<pre>debootstrap --arch amd64 sarge /vz/private/777 available on the [http://amd64forum.debianopenvz.netorg/debian</pre>index.php?t=tree&th=142&mid=584 OpenVZ Forum].
For == Bootstrapping Debian ==Download Debian Sarge on an ''Etch to a directory called "etch-temp". Specify your architecture instead of <tt>i386</tt> if you're using something other than i386/x86. For example, for AMD64/x86_64, use <tt>amd64</tt> or for ia64, use <tt>ia64''' architecture:<pre/tt>. We use VE ID of 777 for this example; surely it can be any other unused ID. sudo debootstrap --arch ia64 sarge i386 etch /vz/private/777 http://ftpdebian.freenetosuosl.deorg/debian</pre>
== Preparing and starting the VE ==
=== Setting VE config ===
First, we need a config for the [[VE]]:
<pre> sudo vzctl set 777 --applyconfig vps.basic --save</pre>
=== Setting VE OSTEMPLATE ===
Also, we need <tt>OSTEMPLATE</tt> to be set in VE configuration file, for the [[vzctl]] to work properly.
<pre> sudo sh -c 'echo "OSTEMPLATE=debian-34.10" >> /etc/vz/conf/777.conf</pre>'
=== Setting VE IP address ===
For the [[VE]] to be able to download updates from the Internet, we need a valid IP address for it:
<pre> sudo vzctl set 777 --ipadd x.x.x.x --save</pre>
{{Note|if you use private IP for the VE, you have to set up NAT as described in [[Using NAT for VE with private IPs]].}}
=== Setting DNS server for VE ===
For the [[VE]] to be able to download updates from the Internet, we also need to specify a DNS for it:
<pre> sudo vzctl set 777 --nameserver x.x.x.x --save</pre> === Setting Debian repositories ===For '''x86_64''':<pre>cat << EOF > /vz/private/777/etc/apt/sources.listdeb http://amd64.debian.net/debian stable main contrib non-freedeb http://security.debian.org stable/updates main contrib non-freeEOF</pre> For '''i386''' and '''ia64''':<pre>cat << EOF > /vz/private/777/etc/apt/sources.listdeb http://ftp.freenet.de/debian stable main contrib non-freedeb http://security.debian.org stable/updates main contrib non-freeEOF</pre>
=== Starting VE ===
Now start the VE:
<pre> sudo vzctl start 777</pre>
== Customizing the installation ==
A few things need to be done inside a newly created VE for it to become suitable for OpenVZ. All those things are done inside the VE, so first command is:
sudo vzctl enter 777
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
A few things needs to be done inside a newly created VE for it to become suitable for OpenVZ. All those things are done inside the VE, so first command is <tt>vzctl enter</tt>.{{Note|'''Warning!''' Do not run these the commands inside host systembelow on the hardware node, they are only for to be run within the VE!}} <pre>vzctl enter 777export PATH=/sbin:/usr/sbin:/bin:/usr/bin</pre>
=== Convert the system to use shadow passwords Set Debian repositories === cat <pre<EOF >/etc/apt/sources.listpwconv deb http://debian.osuosl.org/debian/ etch main contrib< deb http://security.debian.org etch/pre>updates main contrib EOF
=== Get new security updates ===
<pre> apt-get update apt-get upgrade</pre>
=== Install some more packages ===
This Installing packages could be an interactive process so the system would might ask some questions. Here you You can add install more packages if you 'd like to be present, like <tt>less</tt>, <tt>vim</tt> etc. For example: <pre> apt-get install ssh quota</pre>
=== Disable Set sane permissions for <tt>/root login</tt> directory ===<pre>usermod -L chmod 700 /root</pre>
{{Note|The === Disable root login ===This will be enabled back then you use <tt>vzctl set ''VEID'' disable root login by default. usermod --userpasswd L root:''xxxx''</tt>.}}
=== Disable getty ===
Disable running <tt>getty</tt>s on terminals as a VE does not have any:
<pre> sed -i -e '/getty/d' /etc/inittab</pre> === Put sane permissions for <tt>/root</tt> directory ===<pre>chmod 700 /root</pre>
=== Disable <tt>sync()</tt> for syslog ===
Turn off doing <tt>sync()</tt> on every write for <tt>syslog</tt>'s log files, to improve I/O performance:
<pre> sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf</pre>
=== Fix <tt>/etc/mtab</tt> ===
Link <tt>/etc/mtab</tt> to <tt>/proc/mounts</tt>, so <tt>df</tt> and stuff friends will work:<pre> rm -f /etc/mtab ln -s /proc/mounts /etc/mtab</pre>
=== Remove some unneeded packages ===
If you have any packages you'd like to remove, now's the time for it. Here's an example:<pre> dpkg --purge modutilsdpkg --purge ppp pppoeconf pppoe pppconfig</pre>
=== Disable services ===
Do not start some services, stick to bare minimum:
<pre> update-rc.d -f klogd remove update-rc.d -f quotarpc remove update-rc.d -f exim4 remove update-rc.d -f inetd remove</pre>
=== Fix SSH host keys ===
This is only useful if you installed SSH. Each individual [[VE]] should have its own pair of SSH host keys should be . The code below will wipe out the existing SSH keys and instruct the newly-created later, upon the first [[VE]] start:<pre>to create new SSH keys on first boot. rm -f /etc/ssh/ssh_host_* cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys #!/bin/bash ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N '' ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N '' rm -f \$0 EOF chmod a+x /etc/rc2.d/S15ssh_gen_host_keys</pre>
=== Clean packages ===
<pre>After installing packages, you'll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out. apt-get clean</pre>
Now everything is done. Exit from the VE by pressing Ctrl-D (or typing <tt>template and go back to the hardware node. exit</tt>).
== Preparing for and packing template cache ==
We don't need an IP for the VE anymore, and we definitely do not need it in template cache, so remove it:
<pre> sudo vzctl set 777 --ipdel all --save</pre>Also, remove DNS server and search domain information from ''/etc/resolv.conf'' file '''in VE''': sudo nano /vz/private/777/etc/resolv.conf
Stop the VE:
<pre> sudo vzctl stop 777</pre>
Go to the VE directory:
<pre> cd /vz/private/777</pre> Now create a cached OS tarball. For '''i386''':<pre>tar czf /vz/template/cache/debian-3.1-i386-minimal.tar.gz .</pre>
For Now create a cached OS tarball. In the command below, you'''AMD64''':ll want to replace <tt>i386<pre/tt>with your architecture (i386, amd64, ia64, etc). sudo tar czf -zcf /vz/template/cache/debian-34.10-x86_64i386-minimal.tar.gz .</pre>
Look at the resulting tarball to see its size is sane:
<pre> # ls -lh /vz/template/cache/de* -rw-r--r-- 1 root root 42M Nov 17 23 51M Apr 10 03:50 /vz/template/cache/16 debian-34.10-x86_64i386-minimal.tar.gz</pre>
== Checking if template cache works ==
We can now create a VE based on the just-created template cache. Be sure to change <tt>i386</tt> to your architecture just like you did when you named the tarball above.
sudo vzctl create 123456 --ostemplate debian-4.0-i386-minimal
We can now create a VE based on the just-created template cache. For '''x86_64'''Now make sure that it works:<pre> sudo vzctl create 1002 --ostemplate debian-3.1-x86_64-minimal</pre> For '''i386''':<pre>start 123456 sudo vzctl create 1002 --ostemplate debian-3.1-i386-minimal</pre>exec 123456 ps ax
Now check that it works:
<pre>
vzctl start 1002
vzctl exec 1002 ps ax
</pre>
You should see that a few processes are running.
== Final cleanups cleanup == Let's stop Stop and remove the test VE we used to test a new cacheyou just created:<pre> sudo vzctl stop 1002123456 sudo vzctl destroy 1002123456< sudo rm /etc/vz/conf/pre>123456.conf.destroyed
Finally, let's remove the VE we used for OS template cache creation:
<pre> sudo vzctl destroy 777< sudo rm /pre>etc/vz/conf/777.conf.destroyed
[[Category: HOWTO]]
[[Category: Templates]]
31
edits

Navigation menu