172
edits
Changes
Initial edition
This article is basicaly written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ.
So, as you probably know, OpenVZ allows the user to create '''VE'''s - Virtual Environments, which seems very much
like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc.
In the same way VE can be based on various OS (Operating System) '''templates'''. On the LiveCD only Debian minimal
template is installed and it is used by default. Each VE is indentified by its identification number '''veid'''.
So, how to create a VE with veid 1 based on Debian template? Very easy. Just type the following commands in your
terminal (you must be root):
<pre>
root@Knoppix:~# vzctl create 1
Creating VE private area (debian-3.1-i386-minimal)
Performing postcreate actions
VE private area was created
</pre>
'''vzctl''' - is the tool that manages VEs. You can get the list of all created VEs on '''HN''' (Hardware Node) by '''vzlist''' command:
<pre>
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
1 - stopped - -
</pre>
As you see, VE #1 is in stopped state now. Let's start it:
<pre>
root@Knoppix:~# vzctl start 1
Starting VE ...
VE is mounted
Setting CPU units: 1000
VE start in progress...
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
1 5 running -
</pre>
Five processes are running in VE, but who are they? Beeing on usual hardware node you can use ps command to identify them,
and the same command can be used here. The only difference is that this command should be called inside VE.
In order to perform any command inside VE `vzctl exec` is used:
<pre>
root@Knoppix:~# vzctl exec 1 ps
PID TTY TIME CMD
1 ? 00:00:00 init
7672 ? 00:00:00 rc
7674 ? 00:00:00 S10sysklogd
7677 ? 00:00:00 syslogd
7678 ? 00:00:00 syslogd
7683 ? 00:00:00 ps
</pre>
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell:
<pre>
root@Knoppix:~# vzctl enter 1
entered into VE 1
Knoppix:/#
</pre>
In this shell you can do almost all you can do on the real HN. For example create a new user:
<pre>
Knoppix:/# useradd new-user
Knoppix:/# passwd new-user
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Knoppix:/# mkdir /home/new-user
Knoppix:/# chown new-user /home/new-user/
Knoppix:/# su new-user
Knoppix:/$ cd ~
Knoppix:~$ pwd
/home/new-user
exit
Knoppix:/#
</pre>
In order to exit from VEs shell, just type exit:
<pre>
Knoppix:/# exit
logout
exited from VE 1
root@Knoppix:~#
</pre>
I guess you've noted that there is not much soft in VE. It is because minimal template was used.
But of course, you can install any soft in VE by yourself. For example in Debian usual apt-get tool can be used.
The only small problem is that all the packages should be downloaded from Internet so let's set up network in VE.
<pre>
root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@Knoppix:~# ifconfig venet0 up
root@Knoppix:~# vzctl set 1 --ipadd 10.1.1.1 --save
Adding IP address(es): 10.1.1.1
Saved parameters for VE 1
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
1 4 running 10.1.1.1 -
</pre>
Now your '''HN''' (Hardware Node) can ping VE and VE can ping HN:
<pre>
root@Knoppix:~# ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms
--- 10.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms
root@Knoppix:~#
root@Knoppix:~# vzctl exec 1 ping 192.168.0.244
PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data.
64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms
root@Knoppix:~#
</pre>
However, it isn't possible to ping other computers in the network: for it we need to
set up NAT (Network Address Translation) and nameserver.
Assume that you've set up network on HN (for example via DHCP) and the IP address
of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1.
<pre>
root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244
root@Knoppix:~# vzctl set 1 --nameserver 192.168.1.1 --save
File resolv.conf was modified
Saved parameters for VE 1
root@Knoppix:~# vzctl exec 1 ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms
</pre>
Now, for example, we can install gcc inside VE #1 for developing purposes:
<pre>
root@Knoppix:~# vzctl enter 1
entered into VE 1
Knoppix:/#
Knoppix:/# apt-get install gcc
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
binutils cpp cpp-3.3 gcc-3.3
Suggested packages:
binutils-doc cpp-doc make manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-3.3-doc
Recommended packages:
libc-dev libc6-dev
The following NEW packages will be installed:
binutils cpp cpp-3.3 gcc gcc-3.3
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 5220kB of archives.
After unpacking 13.6MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.freenet.de stable/main binutils 2.15-6 [2221kB]
Get:2 http://ftp.freenet.de stable/main cpp-3.3 1:3.3.5-13 [1393kB]
Get:3 http://ftp.freenet.de stable/main cpp 4:3.3.5-3 [29.6kB]
Get:4 http://ftp.freenet.de stable/main gcc-3.3 1:3.3.5-13 [1570kB]
Get:5 http://ftp.freenet.de stable/main gcc 4:3.3.5-3 [4906B]
Fetched 5220kB in 10s (507kB/s)
Selecting previously deselected package binutils.
(Reading database ... 7436 files and directories currently installed.)
Unpacking binutils (from .../binutils_2.15-6_i386.deb) ...
Selecting previously deselected package cpp-3.3.
Unpacking cpp-3.3 (from .../cpp-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package cpp.
Unpacking cpp (from .../cpp_4%3a3.3.5-3_i386.deb) ...
Selecting previously deselected package gcc-3.3.
Unpacking gcc-3.3 (from .../gcc-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package gcc.
Unpacking gcc (from .../gcc_4%3a3.3.5-3_i386.deb) ...
Setting up binutils (2.15-6) ...
Setting up cpp-3.3 (3.3.5-13) ...
Setting up cpp (3.3.5-3) ...
Setting up gcc-3.3 (3.3.5-13) ...
Setting up gcc (3.3.5-3) ...
Knoppix:/# exit
logout
exited from VE 1
root@Knoppix:~#
</pre>
The very important feature of VEs is that you can limit them by resources: cpu, memory, disk space.
It's done by vzctl also. Crelayurrent usage/limits of memory related resources can be veiwed through
'''/proc/user_beancounters''' file:
<pre>
root@Knoppix:~# cat /proc/user_beancounters
Version: 2.5
uid resource held maxheld barrier limit failcnt
1: kmemsize 628209 976969 2752512 2936012 0
lockedpages 0 0 32 32 0
privvmpages 5238 6885 49152 53575 0
shmpages 5012 5014 8192 8192 0
dummy 0 0 0 0 0
numproc 3 11 65 65 0
physpages 5084 6020 0 2147483647 0
vmguarpages 0 0 6144 2147483647 0
oomguarpages 5084 6020 6144 2147483647 0
numtcpsock 0 2 80 80 0
numflock 1 5 100 110 0
numpty 0 1 16 16 0
numsiginfo 0 6 256 256 0
tcpsndbuf 0 4440 319488 524288 0
tcprcvbuf 0 42180 319488 524288 0
othersockbuf 2220 6660 132096 336896 0
dgramrcvbuf 0 2220 132096 132096 0
numothersock 1 6 80 80 0
dcachesize 0 0 1048576 1097728 0
numfile 106 339 2048 2048 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
numiptent 10 10 128 128 0
0: kmemsize 7843131 9967098 2147483647 2147483647 0
lockedpages 0 0 2147483647 2147483647 0
privvmpages 89600 127711 2147483647 2147483647 0
shmpages 63290 90159 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
numproc 73 78 2147483647 2147483647 0
physpages 85729 112341 2147483647 2147483647 0
vmguarpages 0 0 2147483647 2147483647 0
oomguarpages 85729 112341 2147483647 2147483647 1
numtcpsock 5 6 2147483647 2147483647 0
numflock 0 1 2147483647 2147483647 0
numpty 3 3 2147483647 2147483647 0
numsiginfo 0 3 2147483647 2147483647 0
tcpsndbuf 46620 48840 2147483647 2147483647 0
tcprcvbuf 81920 125476 2147483647 2147483647 0
othersockbuf 228660 339664 2147483647 2147483647 0
dgramrcvbuf 0 267484 2147483647 2147483647 0
numothersock 120 136 2147483647 2147483647 0
dcachesize 0 0 2147483647 2147483647 0
numfile 3111 3145 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
numiptent 15 15 2147483647 2147483647 0
root@Knoppix:~#
</pre>
Note, that if you have failcounters in the last column, it means, that appropriate VE
expirienced resource shortage. This is very common reason, why some applications fail to
run in VE. In this case you should increase limits/barriers.
Well, let's stop VE and destroy it:
<pre>
root@Knoppix:~# vzctl stop 1
Stopping VE ...
VE was stopped
VE is unmounted
root@Knoppix:~# rm -rf /var/lib/vz/private/1 # THIS STEP IS TEMPORARY: http://bugzilla.openvz.org/show_bug.cgi?id=455
root@Knoppix:~# vzctl destroy 1
Destroying VE private area: /var/lib/vz/private/1
VE private area was destroyed
root@Knoppix:~#
</pre>
That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org.
If you expirience some difficulties contact us via http://forum.openvz.org. Templates and other tools at http://download.openvz.org.
So, as you probably know, OpenVZ allows the user to create '''VE'''s - Virtual Environments, which seems very much
like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc.
In the same way VE can be based on various OS (Operating System) '''templates'''. On the LiveCD only Debian minimal
template is installed and it is used by default. Each VE is indentified by its identification number '''veid'''.
So, how to create a VE with veid 1 based on Debian template? Very easy. Just type the following commands in your
terminal (you must be root):
<pre>
root@Knoppix:~# vzctl create 1
Creating VE private area (debian-3.1-i386-minimal)
Performing postcreate actions
VE private area was created
</pre>
'''vzctl''' - is the tool that manages VEs. You can get the list of all created VEs on '''HN''' (Hardware Node) by '''vzlist''' command:
<pre>
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
1 - stopped - -
</pre>
As you see, VE #1 is in stopped state now. Let's start it:
<pre>
root@Knoppix:~# vzctl start 1
Starting VE ...
VE is mounted
Setting CPU units: 1000
VE start in progress...
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
1 5 running -
</pre>
Five processes are running in VE, but who are they? Beeing on usual hardware node you can use ps command to identify them,
and the same command can be used here. The only difference is that this command should be called inside VE.
In order to perform any command inside VE `vzctl exec` is used:
<pre>
root@Knoppix:~# vzctl exec 1 ps
PID TTY TIME CMD
1 ? 00:00:00 init
7672 ? 00:00:00 rc
7674 ? 00:00:00 S10sysklogd
7677 ? 00:00:00 syslogd
7678 ? 00:00:00 syslogd
7683 ? 00:00:00 ps
</pre>
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell:
<pre>
root@Knoppix:~# vzctl enter 1
entered into VE 1
Knoppix:/#
</pre>
In this shell you can do almost all you can do on the real HN. For example create a new user:
<pre>
Knoppix:/# useradd new-user
Knoppix:/# passwd new-user
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Knoppix:/# mkdir /home/new-user
Knoppix:/# chown new-user /home/new-user/
Knoppix:/# su new-user
Knoppix:/$ cd ~
Knoppix:~$ pwd
/home/new-user
exit
Knoppix:/#
</pre>
In order to exit from VEs shell, just type exit:
<pre>
Knoppix:/# exit
logout
exited from VE 1
root@Knoppix:~#
</pre>
I guess you've noted that there is not much soft in VE. It is because minimal template was used.
But of course, you can install any soft in VE by yourself. For example in Debian usual apt-get tool can be used.
The only small problem is that all the packages should be downloaded from Internet so let's set up network in VE.
<pre>
root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@Knoppix:~# ifconfig venet0 up
root@Knoppix:~# vzctl set 1 --ipadd 10.1.1.1 --save
Adding IP address(es): 10.1.1.1
Saved parameters for VE 1
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
1 4 running 10.1.1.1 -
</pre>
Now your '''HN''' (Hardware Node) can ping VE and VE can ping HN:
<pre>
root@Knoppix:~# ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms
--- 10.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms
root@Knoppix:~#
root@Knoppix:~# vzctl exec 1 ping 192.168.0.244
PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data.
64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms
root@Knoppix:~#
</pre>
However, it isn't possible to ping other computers in the network: for it we need to
set up NAT (Network Address Translation) and nameserver.
Assume that you've set up network on HN (for example via DHCP) and the IP address
of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1.
<pre>
root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244
root@Knoppix:~# vzctl set 1 --nameserver 192.168.1.1 --save
File resolv.conf was modified
Saved parameters for VE 1
root@Knoppix:~# vzctl exec 1 ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms
</pre>
Now, for example, we can install gcc inside VE #1 for developing purposes:
<pre>
root@Knoppix:~# vzctl enter 1
entered into VE 1
Knoppix:/#
Knoppix:/# apt-get install gcc
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
binutils cpp cpp-3.3 gcc-3.3
Suggested packages:
binutils-doc cpp-doc make manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-3.3-doc
Recommended packages:
libc-dev libc6-dev
The following NEW packages will be installed:
binutils cpp cpp-3.3 gcc gcc-3.3
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 5220kB of archives.
After unpacking 13.6MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.freenet.de stable/main binutils 2.15-6 [2221kB]
Get:2 http://ftp.freenet.de stable/main cpp-3.3 1:3.3.5-13 [1393kB]
Get:3 http://ftp.freenet.de stable/main cpp 4:3.3.5-3 [29.6kB]
Get:4 http://ftp.freenet.de stable/main gcc-3.3 1:3.3.5-13 [1570kB]
Get:5 http://ftp.freenet.de stable/main gcc 4:3.3.5-3 [4906B]
Fetched 5220kB in 10s (507kB/s)
Selecting previously deselected package binutils.
(Reading database ... 7436 files and directories currently installed.)
Unpacking binutils (from .../binutils_2.15-6_i386.deb) ...
Selecting previously deselected package cpp-3.3.
Unpacking cpp-3.3 (from .../cpp-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package cpp.
Unpacking cpp (from .../cpp_4%3a3.3.5-3_i386.deb) ...
Selecting previously deselected package gcc-3.3.
Unpacking gcc-3.3 (from .../gcc-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package gcc.
Unpacking gcc (from .../gcc_4%3a3.3.5-3_i386.deb) ...
Setting up binutils (2.15-6) ...
Setting up cpp-3.3 (3.3.5-13) ...
Setting up cpp (3.3.5-3) ...
Setting up gcc-3.3 (3.3.5-13) ...
Setting up gcc (3.3.5-3) ...
Knoppix:/# exit
logout
exited from VE 1
root@Knoppix:~#
</pre>
The very important feature of VEs is that you can limit them by resources: cpu, memory, disk space.
It's done by vzctl also. Crelayurrent usage/limits of memory related resources can be veiwed through
'''/proc/user_beancounters''' file:
<pre>
root@Knoppix:~# cat /proc/user_beancounters
Version: 2.5
uid resource held maxheld barrier limit failcnt
1: kmemsize 628209 976969 2752512 2936012 0
lockedpages 0 0 32 32 0
privvmpages 5238 6885 49152 53575 0
shmpages 5012 5014 8192 8192 0
dummy 0 0 0 0 0
numproc 3 11 65 65 0
physpages 5084 6020 0 2147483647 0
vmguarpages 0 0 6144 2147483647 0
oomguarpages 5084 6020 6144 2147483647 0
numtcpsock 0 2 80 80 0
numflock 1 5 100 110 0
numpty 0 1 16 16 0
numsiginfo 0 6 256 256 0
tcpsndbuf 0 4440 319488 524288 0
tcprcvbuf 0 42180 319488 524288 0
othersockbuf 2220 6660 132096 336896 0
dgramrcvbuf 0 2220 132096 132096 0
numothersock 1 6 80 80 0
dcachesize 0 0 1048576 1097728 0
numfile 106 339 2048 2048 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
numiptent 10 10 128 128 0
0: kmemsize 7843131 9967098 2147483647 2147483647 0
lockedpages 0 0 2147483647 2147483647 0
privvmpages 89600 127711 2147483647 2147483647 0
shmpages 63290 90159 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
numproc 73 78 2147483647 2147483647 0
physpages 85729 112341 2147483647 2147483647 0
vmguarpages 0 0 2147483647 2147483647 0
oomguarpages 85729 112341 2147483647 2147483647 1
numtcpsock 5 6 2147483647 2147483647 0
numflock 0 1 2147483647 2147483647 0
numpty 3 3 2147483647 2147483647 0
numsiginfo 0 3 2147483647 2147483647 0
tcpsndbuf 46620 48840 2147483647 2147483647 0
tcprcvbuf 81920 125476 2147483647 2147483647 0
othersockbuf 228660 339664 2147483647 2147483647 0
dgramrcvbuf 0 267484 2147483647 2147483647 0
numothersock 120 136 2147483647 2147483647 0
dcachesize 0 0 2147483647 2147483647 0
numfile 3111 3145 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
numiptent 15 15 2147483647 2147483647 0
root@Knoppix:~#
</pre>
Note, that if you have failcounters in the last column, it means, that appropriate VE
expirienced resource shortage. This is very common reason, why some applications fail to
run in VE. In this case you should increase limits/barriers.
Well, let's stop VE and destroy it:
<pre>
root@Knoppix:~# vzctl stop 1
Stopping VE ...
VE was stopped
VE is unmounted
root@Knoppix:~# rm -rf /var/lib/vz/private/1 # THIS STEP IS TEMPORARY: http://bugzilla.openvz.org/show_bug.cgi?id=455
root@Knoppix:~# vzctl destroy 1
Destroying VE private area: /var/lib/vz/private/1
VE private area was destroyed
root@Knoppix:~#
</pre>
That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org.
If you expirience some difficulties contact us via http://forum.openvz.org. Templates and other tools at http://download.openvz.org.
