This page is about making a template cache for OpenVZ container from Gentoo Linux. The method is basically the same as described in [[Slackware template creation]] article.

== Download stage3 ==

We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.

== Create directory for the new container and unarchive stage3 ==

<pre>
mkdir /var/lib/vz/private/777
tar -xjf /root/stage3-i686-2008.0_beta2.tar.bz2 -C /var/lib/vz/private/777
</pre>

== Create CT config ==
Now you need to create the configuration file for the container, 777.conf:

<pre>
vzctl set 777 --applyconfig vps.basic --save
</pre>

== Edit CT config ==

Add the following to <code>/etc/vz/conf/777.conf</code>:
<pre>
OSTEMPLATE="gentoo"
</pre>

== Make /etc/mtab a symlink to /proc/mounts ==
The container's root filesystem is mounted by the host system, not the guest — and therefore root fs will not appear in <code>/etc/mtab</code>. It will lead to a non-working <code>df</code> command. To fix, link /etc/mtab to /proc/mounts.
<pre>
rm -f /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab
</pre>
After replacing <code>/etc/mtab</code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>.

== Replace /etc/fstab ==

<pre>
echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab
</pre>

We need only <code>/proc</code> to be mounted at boot time.

== Edit /etc/inittab ==

Edit <code>/vz/private/777/etc/inittab</code> and put a hash mark (#) at the beginning of the lines containing:

<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre>

This prevents <code>getty</code> and login from starting on ttys that do not exist in containers.

== Edit /etc/shadow ==

Edit <code>/vz/private/777/etc/shadow</code> and change root's password in the first line to an exclamation mark (!):

<pre>root:!:10071:0:::::</pre>

This will disable root login until the password is changed with <code>vzctl set CTID --userpasswd root:password</code>.

== Disable unneeded init scripts ==

The checkroot and consolefont init scripts should not be started inside containers:

<pre>
rm /vz/private/777/etc/runlevels/boot/checkroot
rm /vz/private/777/etc/runlevels/boot/consolefont
</pre>

== Edit /sbin/rc ==

Edit <code>/vz/private/777/sbin/rc</code> and put a hash mark (#) at the beginning of line 244 (your line number may be different):

<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre>

This prevents the container from attempting to mount <code>/sys</code>.

To ensure that this change isn't automatically overwritten on update, add the following to <code>/vz/private/777/etc/make.conf</code>:

<pre>CONFIG_PROTECT = /sbin/rc</pre>

== Set up udev ==

Using udev you will have problems since some devices nodes are not created.
For example sshd will fail to start since /dev/random and /dev/urandom are missing.
So it's recommended to disable udev.
Edit <code>/vz/private/777/etc/conf.d/rc</code> and change the <code>RC_DEVICES</code> line to:
<pre>
RC_DEVICES="static"
</pre>

If you want to enable udev read on.

Create some device nodes needed to enter a container:

<pre>
cd /vz/private/777/lib
mknod udev/devices/ttyp0 c 3 0
mknod udev/devices/ptyp0 c 2 0
mknod udev/devices/ptmx c 5 2
</pre>

Edit <code>/vz/private/777/etc/conf.d/rc</code> and change the <code>RC_DEVICES</code> and <code>RC_DEVICE_TARBALL</code> lines to:

<pre>
RC_DEVICES="udev"
RC_DEVICE_TARBALL="no"
</pre>

You have to leave the directory you are in for the next step to be OK, otherwise you will get this error message:
vzquota : (error) Quota on syscall for 777: Device or resource busy
vzquota on failed [3]

<pre>
cd /
</pre>

== Test ==

<pre>
vzctl start 777
vzctl enter 777
</pre>

You can check running services:

<pre>
rc-status -a
</pre>

All services in boot and default runlevels must be started. If everything all right, stop the container:

<pre>
vzctl stop 777
</pre>

== Making distfiles and portage tree of the host system available in a container ==

{{Warning|This step is optional and will result in shared files between containers! These steps can save space on disk but trade isolation and security... consider your options carefully!}}

To install software into a container with portage, you should mount <code>/usr/portage</code> into the container with the "bind" option. Do the following on the host after the container is started:

<pre>
mkdir /vz/root/777/usr/portage
mount -o bind /usr/portage /vz/root/777/usr/portage
</pre>

If your <code>/usr/portage/distfiles</code> directory resides on a different partition than your <code>/usr/portage</code> directory, do the following:

<pre>
mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles
</pre>

Now, to install a package into a container, you just need to enter the container using <code>vzctl enter</code> and run

<pre>
emerge package_name
</pre>

while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system.

For security reasons, you should have these directories mounted only while installing software into a container.

{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your container.}}

== Create the template cache file ==

<pre>
cd /vz/private/777/
tar czf /vz/template/cache/gentoo.tar.gz *
</pre>

== Test the new template cache file ==

Create a new container from the template file:

<pre>
vzctl create 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps
</pre>

If the container was created successfully, try to start it:

<pre>
vzctl start 800
</pre>

If it started, and you can ssh in, congratulations, you've got a working Gentoo template!

[[Category: HOWTO]]
[[Category: Templates]]
[[Category: Gentoo]]