Debian template creation

2011-01-27T21:44:19Z

Alevchuk: Remove module-init-tools to avoid seeing "modules.dep: No such file or directory" errors

These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ [[VE]]s based on Debian Etch (4.0). (see also <tt>/usr/share/doc/vzctl/README.Debian</tt> in the ''vzctl'' Debian package)

'''Notes:'''
* You shouldn't be running as root, but as a user that is permitted to use sudo instead. It's a dangerous idea, run as root at your peril.
* Anywhere you see <tt>/vz</tt>, you might really need to use <tt>/var/lib/vz</tt> instead, especially on a Debian Etch host.
* Anywhere you see <tt>http://http.us.debian.org/debian/</tt>, you can substitute your favorite Debian mirror. ([http://www.debian.org/mirror/list List of official Debian Mirrors])

== Prerequisites ==
You need to have a working copy of <tt>debootstrap</tt> running on your hardware node.

For Debian:
sudo apt-get install debootstrap

For Gentoo:
sudo emerge debootstrap

For Fedora (at least Fedora 8 have it, not sure about earlier versions):
sudo yum install debootstrap

For other distros you might need to install it from sources, or search for an appropriate package for your distribution. An RPM is available on the [http://forum.openvz.org/index.php?t=tree&th=142&mid=584 OpenVZ Forum].

== Bootstrapping Debian ==

You can install different releases of Debian into a VE's private directory using the debootstrap command.

The command parameters are:

debootstrap --arch ARCH NAME DIRECTORY URL

Specify your architecture instead of <tt>i386</tt> if you're using something other than i386/x86. For example, for AMD64/x86_64, use <tt>amd64</tt> or for ia64, use <tt>ia64</tt>. You can use http or ftp in the URL.

We use VE ID of 777 for this example, but it can be any unused ID.

=== Lenny (current Debian stable) ===

debootstrap --arch i386 lenny /vz/private/777 http://http.us.debian.org/debian/
or
debootstrap --arch amd64 lenny /vz/private/777 ftp://ftp.us.debian.org/debian/

=== Etch (old release) ===

debootstrap --arch i386 etch /vz/private/777 http://http.us.debian.org/debian/

=== Sarge (very old release) ===

debootstrap sarge /vz/private/777 http://archive.debian.org/debian

== Preparing the HN network ==
Append the following lines to /etc/sysctl.conf, adjust to taste and then execute "sysctl -p" for them to take effect.
### OpenVZ settings

# On Hardware Node we generally need packet
# forwarding enabled and proxy arp disabled

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1

# Enables source route verification
net.ipv4.conf.all.rp_filter = 1

# Enables the magic-sysrq key
kernel.sysrq = 1

# TCP Explict Congestion Notification
net.ipv4.tcp_ecn = 0

# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

== Preparing and starting the VE ==

=== Setting VE config ===
First, we need a config for the [[VE]]:
sudo vzctl set 777 --applyconfig vps.basic --save


=== Setting VE OSTEMPLATE ===
Also, we need <tt>OSTEMPLATE</tt> to be set in VE configuration file, for the [[vzctl]] to work properly.

sudo sh -c 'echo "OSTEMPLATE=debian-5.0" >> /etc/vz/conf/777.conf'

=== Setting VE IP address ===
For the [[VE]] to be able to download updates from the Internet, we need a valid IP address for it:
sudo vzctl set 777 --ipadd x.x.x.x --save

{{Note|if you use private IP for the VE, you might have to set up NAT as described in [[Using NAT for VE with private IPs]].}}

=== Setting DNS server for VE ===
For the [[VE]] to be able to download updates from the Internet, we also need to specify a DNS for it:
sudo vzctl set 777 --nameserver x.x.x.x --save

=== Creating /dev/ptmx ===
The ptmx character device should normally exist, but if it doesn't, create one.
sudo mknod --mode 666 /var/lib/vz/private/777/dev/ptmx c 5 2

=== Starting VE ===
Now start the VE:
sudo vzctl start 777

== Customizing the installation ==
A few things need to be done inside a newly created VE for it to become suitable for OpenVZ. Enter the VE to begin the configuration. Exporting the path is optional.
sudo vzctl enter 777
export PATH=/sbin:/usr/sbin:/bin:/usr/bin

{{Warning|Do not run the commands below on the hardware node, they are only to be run within the VE!}}

=== Set Debian repositories ===
cat <<EOF > /etc/apt/sources.list
deb http://http.us.debian.org/debian lenny main contrib
deb http://security.debian.org lenny/updates main contrib
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib
EOF

=== Get new security updates ===
apt-get update
apt-get upgrade

=== Install some more packages ===
Installing packages could be an interactive process so the system might ask some questions. You can install more packages if you'd like. For example:
apt-get install ssh quota less

=== Set sane permissions for <tt>/root</tt> directory ===
chmod 700 /root

=== Disable root login ===
This will disable root login by default.
usermod -L root

=== Disable getty ===
Disable running <tt>getty</tt>s on terminals as a VE does not have any:
sed -i -e '/getty/d' /etc/inittab

=== Disable <tt>sync()</tt> for syslog ===
Turn off doing <tt>sync()</tt> on every write for <tt>syslog</tt>'s log files, to improve I/O performance:
<pre>sed -i -e 's@$[[:space:]]$$/var/log/$@\1-\2@' /etc/*syslog.conf</pre>

=== Fix <tt>/etc/mtab</tt> ===
Link <tt>/etc/mtab</tt> to <tt>/proc/mounts</tt>, so <tt>df</tt> and friends will work:
rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab

=== Remove some unneeded packages ===
If you have any packages you'd like to remove, now's the time for it. Here's an example:
dpkg --purge modutils ppp pppoeconf pppoe pppconfig module-init-tools

=== Disable services ===
Do not start some services, stick to bare minimum:
update-rc.d -f klogd remove
update-rc.d -f quotarpc remove
update-rc.d -f exim4 remove
update-rc.d -f inetd remove

For dependency-based boot sequence introduced with Squeeze type:

update-rc.d-insserv -f klogd remove
update-rc.d-insserv -f quotarpc remove
update-rc.d-insserv -f exim4 remove
update-rc.d-insserv -f inetd remove

=== Fix SSH host keys ===
This is only useful if you installed SSH. Each individual [[VE]] should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created [[VE]] to create new SSH keys on first boot.


<source lang="bash">
rm -f /etc/ssh/ssh_host_*
cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
#!/bin/bash
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
rm -f \$0
EOF
chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
</source>

{{Note|This will not work using the dependency-based boot sequence introduced with Squeeze...
-- what is required to get this fixed? }}

=== Change timezone ===

You might want to change timezone if you do not live in $UTC. The following example is for Germany

<source lang="bash">
ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
</source>
or even better
<source lang="bash">
dpkg-reconfigure tzdata
</source>

=== Clean packages ===
After installing packages, you'll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out.
apt-get --purge clean

Now everything is done. Exit from the template and go back to the hardware node.
exit

== Preparing for and packing template cache ==

We don't need an IP for the VE anymore, and we definitely do not need it in template cache, so remove it:
sudo vzctl set 777 --ipdel all --save

Also, remove DNS server and search domain information from ''/etc/resolv.conf'' file '''in VE''':
sudo nano /vz/private/777/etc/resolv.conf

Also, remove ''/etc/hostname'' file '''in VE''':
sudo rm -f /vz/private/777/etc/hostname

Stop the VE:
sudo vzctl stop 777

Go to the VE directory:
cd /vz/private/777

Now create a cached OS tarball. In the command below, you'll want to replace <tt>i386</tt> with your architecture (i386, amd64, ia64, etc).
sudo tar --numeric-owner -zcf /vz/template/cache/debian-5.0-i386-minimal.tar.gz .

Look at the resulting tarball to see its size is sane:
# ls -lh /vz/template/cache
-rw-r--r-- 1 root root 51M Apr 10 03:16 debian-5.0-i386-minimal.tar.gz

== Checking if template cache works ==
We can now create a VE based on the just-created template cache. Be sure to change <tt>i386</tt> to your architecture just like you did when you named the tarball above.
sudo vzctl create 123456 --ostemplate debian-5.0-i386-minimal

Now make sure that it works:
sudo vzctl start 123456
sudo vzctl exec 123456 ps ax

You should see that a few processes are running.

== Final cleanup ==
Stop and remove the test VE you just created:
sudo vzctl stop 123456
sudo vzctl destroy 123456
sudo rm /etc/vz/conf/123456.conf.destroyed

Finally, let's remove the VE we used for OS template cache creation:
sudo vzctl destroy 777
sudo rm /etc/vz/conf/777.conf.destroyed

You might want to edit /etc/vz/vz.conf and change DEF_OSTEMPLATE to the name of the template you use most often so that you don't have to specify the template when creating a VE.
DEF_OSTEMPLATE="debian-5.0-i386-minimal"
If you use iptables, you might want to include additional modules in the list for IPTABLES in /etc/vz/vz.conf. See ''man vzctl'' for a list of available modules.

[[Category: HOWTO]]
[[Category: Templates]]
[[Category: Debian]]

LONG MAX

2008-07-22T08:07:54Z

Alevchuk: English correction

'''MAX_ULONG''' is a constant which is equal to <code>2147483647</code> (2<sup>32</sup>-1) on 32-bit architectures (such as x86) and to <code>9223372036854775807</code> (2<sup>64</sup>-1) on 64-bit architectures (such as x86_64).

[[Category:Definitions]]

OpenVZ Virtuozzo Containers Wiki - User contributions [en]

Debian template creation

LONG MAX