2,253
edits
Changes
m
Robot: Automated text replacement (-VEs +containers)
1) We have limited range of IP adresses granted by ISP.
We want to assign as much granted IPs to VEs containers as possible.We do not want to protect VEs containers from Internet.2) We want to protect the HN OS (VE0) from Internet and make it possible to manage VEs containers from VE0 within local area network.
Assume we have a HN with 2 ethernet cards (interfaces eth0 and eth1), OpenVZ kernel 2.6.18-028stab033, vzctl version 3.0.16,
Let us pass through the setup process step by step.
1) Create 2 VEs containers on the HN as described in http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf.
For testing purposes I've used opensuse-10 precreated template from openvz.org:
<pre>
[HN]# vzctl set 101 --userpasswd root:XXX --save
</pre>
And do the same for VE 102 ... VE N. When ready - start VEscontainers:
<pre>
[HN]# vzctl start 101
102 4 running 10.0.98.97 -
</pre>
2) By default VEs containers use venet device for networking (http://wiki.openvz.org/Venet). But current
configuration requires using alternative networking - through veth devices (http://wiki.openvz.org/Virtual_Ethernet_device).
Switch VE 101 to veth by doing the following:
Now plug eth1 of HN into network wall outlet provided by ISP and carry out the following testing:
- It should be tested that VEs containers are accessible from Internet:
<pre>
[INET]# ssh root@10.0.98.96
inaccessible
</pre>
- VEs containers can be managed from HN:
<pre>
[HN]# vzctl enter 101
[VE 101]# ...
</pre>
- VEs containers VE 101, VE 102 .. VE N "see" each other (ping).
If all the steps are done as written, it should work.
Enjoy.