OpenVZ Virtuozzo Containers Wiki - User contributions [en]

Gentoo template creation

2008-05-18T17:53:13Z

David455: /* Create directory for the new VE and unarchive stage3 */

This page is about making a template cache for OpenVZ VE from Gentoo Linux. The method is basically the same as described in [[Slackware template creation]] article.

===Download stage3===

We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.

===Create directory for the new VE and unarchive stage3 ===

<pre>
mkdir /vz/private/777
tar -xjf /root/stage3-i686-2008.0_beta2.tar.bz2 -C /vz/private/777
</pre>

===Create VE config===
Now you need to create the configuration file for the VE, 777.conf:

<pre>
vzctl set 777 --applyconfig vps.basic --save
</pre>

===Edit VE config===

Add the following to <code>/etc/vz/conf/777.conf</code>:
<pre>
DISTRIBUTION="gentoo"
OSTEMPLATE="gentoo"
</pre>

===Make /etc/mtab a symlink to /proc/mounts===
The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to a non-working df command.
<pre>
rm -f /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab
</pre>
After replacing <code>/etc/mtab</code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>.

===Replace /etc/fstab===

<pre>
echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab
</pre>

We need only <code>/proc</code> to be mounted at boot time.

===Edit /etc/inittab===

Edit <code>/vz/private/777/etc/inittab</code> and put a hash mark (#) at the beginning of the lines containing:

<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre>

This prevents <code>getty</code> and login from starting on ttys that do not exist in VEs.

===Edit /etc/shadow===

Edit <code>/vz/private/777/etc/shadow</code> and change root's password in the first line to an exclamation mark (!):

<pre>root:!:10071:0:::::</pre>

This will disable root login until the password is changed with <code>vzctl set VEID --userpasswd root:password</code>.

===Disable unneeded init scripts===

The checkroot and consolefont init scripts should not be started inside VEs:

<pre>
rm /vz/private/777/etc/runlevels/boot/checkroot
rm /vz/private/777/etc/runlevels/boot/consolefont
</pre>

===Edit /sbin/rc===

Edit <code>/vz/private/777/sbin/rc</code> and put a hash mark (#) at the beginning of line 244 (your line number may be different):

<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre>

This prevents the VE from attempting to mount <code>/sys</code>.

To ensure that this change isn't automatically overwritten on update, add the following to <code>/vz/private/777/etc/make.conf</code>:

<pre>CONFIG_PROTECT = /sbin/rc</pre>

===Set up udev===

<div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div>

Delete <code>/lib/udev-state/devices.tar.bz2</code> and create some device nodes needed to enter a VE:

<pre>
cd /vz/private/777/lib
rm udev-state/devices.tar.bz2
mknod udev/devices/ttyp0 c 3 0
mknod udev/devices/ptyp0 c 2 0
mknod udev/devices/ptmx c 5 2
</pre>

Edit <code>/vz/private/777/etc/conf.d/rc</code> and change the <code>RC_DEVICES</code> line to:

<pre>
RC_DEVICES="static"
</pre>

You have to leave the directory you are in for the next step to be OK, otherwise you will get this error message : <br>
vzquota : (error) Quota on syscall for 777: Device or resource busy <br>
vzquota on failed [3] <br>

<pre>
cd /
</pre>

===Test===

<pre>
vzctl start 777
vzctl enter 777
</pre>

You can check running services:

<pre>
rc-status -a
</pre>

All services in boot and default runlevels must be started. If everything all right, stop the VE:

<pre>
vzctl stop 777
</pre>

===Making distfiles and portage tree of the host system available in a VE===

{{Warning|This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully!}}

To install software into a VE with portage, you should mount <code>/usr/portage</code> into the VE with the "bind" option. Do the following on the host after the VE is started:

<pre>
mkdir /vz/root/777/usr/portage
mount -o bind /usr/portage /vz/root/777/usr/portage
</pre>

If your <code>/usr/portage/distfiles</code> directory resides on a different partition than your <code>/usr/portage</code> directory, do the following:

<pre>
mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles
</pre>

Now, to install a package into a VE, you just need to enter the VE using <code>vzctl enter</code> and run

<pre>
emerge package_name
</pre>

while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system.

For security reasons, you should have these directories mounted only while installing software into a VE.

{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VE.}}

===Create the template cache file===

<pre>
cd /vz/private/777/
tar czf /vz/template/cache/gentoo.tar.gz *
</pre>

===Test the new template cache file===

Create a new VE from the template file:

<pre>
vzctl create 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps
</pre>

If the VE was created successfully, try to start it:

<pre>
vzctl start 800
</pre>

If it started, and you can ssh in, congratulations, you've got a working Gentoo template!

[[Category: HOWTO]]
[[Category: Templates]]
[[Category: Gentoo]]

Gentoo template creation

2008-05-18T17:44:08Z

David455:

This page is about making a template cache for OpenVZ VE from Gentoo Linux. The method is basically the same as described in [[Slackware template creation]] article.

===Download stage3===

We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.

===Create directory for the new VE and unarchive stage3 ===

<pre>
mkdir /vz/private/777
tar -xjf /root/stage3-i686-2006.0.tar.bz2 -C /vz/private/777
</pre>

===Create VE config===
Now you need to create the configuration file for the VE, 777.conf:

<pre>
vzctl set 777 --applyconfig vps.basic --save
</pre>

===Edit VE config===

Add the following to <code>/etc/vz/conf/777.conf</code>:
<pre>
DISTRIBUTION="gentoo"
OSTEMPLATE="gentoo"
</pre>

===Make /etc/mtab a symlink to /proc/mounts===
The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to a non-working df command.
<pre>
rm -f /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab
</pre>
After replacing <code>/etc/mtab</code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>.

===Replace /etc/fstab===

<pre>
echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab
</pre>

We need only <code>/proc</code> to be mounted at boot time.

===Edit /etc/inittab===

Edit <code>/vz/private/777/etc/inittab</code> and put a hash mark (#) at the beginning of the lines containing:

<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre>

This prevents <code>getty</code> and login from starting on ttys that do not exist in VEs.

===Edit /etc/shadow===

Edit <code>/vz/private/777/etc/shadow</code> and change root's password in the first line to an exclamation mark (!):

<pre>root:!:10071:0:::::</pre>

This will disable root login until the password is changed with <code>vzctl set VEID --userpasswd root:password</code>.

===Disable unneeded init scripts===

The checkroot and consolefont init scripts should not be started inside VEs:

<pre>
rm /vz/private/777/etc/runlevels/boot/checkroot
rm /vz/private/777/etc/runlevels/boot/consolefont
</pre>

===Edit /sbin/rc===

Edit <code>/vz/private/777/sbin/rc</code> and put a hash mark (#) at the beginning of line 244 (your line number may be different):

<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre>

This prevents the VE from attempting to mount <code>/sys</code>.

To ensure that this change isn't automatically overwritten on update, add the following to <code>/vz/private/777/etc/make.conf</code>:

<pre>CONFIG_PROTECT = /sbin/rc</pre>

===Set up udev===

<div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div>

Delete <code>/lib/udev-state/devices.tar.bz2</code> and create some device nodes needed to enter a VE:

<pre>
cd /vz/private/777/lib
rm udev-state/devices.tar.bz2
mknod udev/devices/ttyp0 c 3 0
mknod udev/devices/ptyp0 c 2 0
mknod udev/devices/ptmx c 5 2
</pre>

Edit <code>/vz/private/777/etc/conf.d/rc</code> and change the <code>RC_DEVICES</code> line to:

<pre>
RC_DEVICES="static"
</pre>

You have to leave the directory you are in for the next step to be OK, otherwise you will get this error message : <br>
vzquota : (error) Quota on syscall for 777: Device or resource busy <br>
vzquota on failed [3] <br>

<pre>
cd /
</pre>

===Test===

<pre>
vzctl start 777
vzctl enter 777
</pre>

You can check running services:

<pre>
rc-status -a
</pre>

All services in boot and default runlevels must be started. If everything all right, stop the VE:

<pre>
vzctl stop 777
</pre>

===Making distfiles and portage tree of the host system available in a VE===

{{Warning|This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully!}}

To install software into a VE with portage, you should mount <code>/usr/portage</code> into the VE with the "bind" option. Do the following on the host after the VE is started:

<pre>
mkdir /vz/root/777/usr/portage
mount -o bind /usr/portage /vz/root/777/usr/portage
</pre>

If your <code>/usr/portage/distfiles</code> directory resides on a different partition than your <code>/usr/portage</code> directory, do the following:

<pre>
mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles
</pre>

Now, to install a package into a VE, you just need to enter the VE using <code>vzctl enter</code> and run

<pre>
emerge package_name
</pre>

while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system.

For security reasons, you should have these directories mounted only while installing software into a VE.

{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VE.}}

===Create the template cache file===

<pre>
cd /vz/private/777/
tar czf /vz/template/cache/gentoo.tar.gz *
</pre>

===Test the new template cache file===

Create a new VE from the template file:

<pre>
vzctl create 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps
</pre>

If the VE was created successfully, try to start it:

<pre>
vzctl start 800
</pre>

If it started, and you can ssh in, congratulations, you've got a working Gentoo template!

[[Category: HOWTO]]
[[Category: Templates]]
[[Category: Gentoo]]

Gentoo template creation

2008-05-18T17:42:28Z

David455: /* Set up udev */

This page is about making a template cache for OpenVZ VE from Gentoo Linux. The method is basically the same as described in [[Slackware template creation]] article.

===Download stage3===

We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.

===Create directory for the new VE and unarchive stage3 ===

<pre>
mkdir /vz/private/777
tar -xjf /root/stage3-i686-2006.0.tar.bz2 -C /vz/private/777
</pre>

===Create VE config===
Now you need to create the configuration file for the VE, 777.conf:

<pre>
vzctl set 777 --applyconfig vps.basic --save
</pre>

===Edit VE config===

Add the following to <code>/etc/vz/conf/777.conf</code>:
<pre>
DISTRIBUTION="gentoo"
OSTEMPLATE="gentoo"
</pre>

===Make /etc/mtab a symlink to /proc/mounts===
The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to a non-working df command.
<pre>
rm -f /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab
</pre>
After replacing <code>/etc/mtab</code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>.

===Replace /etc/fstab===

<pre>
echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab
</pre>

We need only <code>/proc</code> to be mounted at boot time.

===Edit /etc/inittab===

Edit <code>/vz/private/777/etc/inittab</code>, and put a hash mark (#) at the beginning of the lines containing:

<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre>

This prevents <code>getty</code> and login from starting on ttys that do not exist in VEs.

===Edit /etc/shadow===

Edit <code>/vz/private/777/etc/shadow</code>, and change root's password in the first line to an exclamation mark (!):

<pre>root:!:10071:0:::::</pre>

This will disable root login until the password is changed with <code>vzctl set VEID --userpasswd root:password</code>.

===Disable unneeded init scripts===

The checkroot and consolefont init scripts should not be started inside VEs:

<pre>
rm /vz/private/777/etc/runlevels/boot/checkroot
rm /vz/private/777/etc/runlevels/boot/consolefont
</pre>

===Edit /sbin/rc===

Edit <code>/vz/private/777/sbin/rc</code>, and put a hash mark (#) at the beginning of line 244 (your line number may be different):

<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre>

This prevents the VE from attempting to mount <code>/sys</code>.

To ensure that this change isn't automatically overwritten on update, add the following to <code>/vz/private/777/etc/make.conf</code>:

<pre>CONFIG_PROTECT = /sbin/rc</pre>

===Set up udev===

<div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div>

Delete <code>/lib/udev-state/devices.tar.bz2</code> and create some device nodes needed to enter a VE:

<pre>
cd /vz/private/777/lib
rm udev-state/devices.tar.bz2
mknod udev/devices/ttyp0 c 3 0
mknod udev/devices/ptyp0 c 2 0
mknod udev/devices/ptmx c 5 2
</pre>

Edit <code>/vz/private/777/etc/conf.d/rc</code> and change the <code>RC_DEVICES</code> line to:

<pre>
RC_DEVICES="static"
</pre>

You have to leave the directory you are in for the next step to be OK, otherwise you will get this error message : <br>
vzquota : (error) Quota on syscall for 777: Device or resource busy <br>
vzquota on failed [3] <br>

<pre>
cd /
</pre>

===Test===

<pre>
vzctl start 777
vzctl enter 777
</pre>

You can check running services:

<pre>
rc-status -a
</pre>

All services in boot and default runlevels must be started. If everything all right, stop the VE:

<pre>
vzctl stop 777
</pre>

===Making distfiles and portage tree of the host system available in a VE===

{{Warning|This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully!}}

To install software into a VE with portage, you should mount <code>/usr/portage</code> into the VE with the "bind" option. Do the following on the host after the VE is started:

<pre>
mkdir /vz/root/777/usr/portage
mount -o bind /usr/portage /vz/root/777/usr/portage
</pre>

If your <code>/usr/portage/distfiles</code> directory resides on a different partition than your <code>/usr/portage</code> directory, do the following:

<pre>
mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles
</pre>

Now, to install a package into a VE, you just need to enter the VE using <code>vzctl enter</code> and run

<pre>
emerge package_name
</pre>

while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system.

For security reasons, you should have these directories mounted only while installing software into a VE.

{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VE.}}

===Create the template cache file===

<pre>
cd /vz/private/777/
tar czf /vz/template/cache/gentoo.tar.gz *
</pre>

===Test the new template cache file===

Create a new VE from the template file:

<pre>
vzctl create 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps
</pre>

If the VE was created successfully, try to start it:

<pre>
vzctl start 800
</pre>

If it started, and you can ssh in, congratulations, you've got a working Gentoo template!

[[Category: HOWTO]]
[[Category: Templates]]
[[Category: Gentoo]]

Gentoo template creation

2008-05-18T17:27:49Z

David455:

This page is about making a template cache for OpenVZ VE from Gentoo Linux. The method is basically the same as described in [[Slackware template creation]] article.

===Download stage3===

We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.

===Create directory for the new VE and unarchive stage3 ===

<pre>
mkdir /vz/private/777
tar -xjf /root/stage3-i686-2006.0.tar.bz2 -C /vz/private/777
</pre>

===Create VE config===
Now you need to create the configuration file for the VE, 777.conf:

<pre>
vzctl set 777 --applyconfig vps.basic --save
</pre>

===Edit VE config===

Add the following to <code>/etc/vz/conf/777.conf</code>:
<pre>
DISTRIBUTION="gentoo"
OSTEMPLATE="gentoo"
</pre>

===Make /etc/mtab a symlink to /proc/mounts===
The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to a non-working df command.
<pre>
rm -f /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab
</pre>
After replacing <code>/etc/mtab</code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>.

===Replace /etc/fstab===

<pre>
echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab
</pre>

We need only <code>/proc</code> to be mounted at boot time.

===Edit /etc/inittab===

Edit <code>/vz/private/777/etc/inittab</code>, and put a hash mark (#) at the beginning of the lines containing:

<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre>

This prevents <code>getty</code> and login from starting on ttys that do not exist in VEs.

===Edit /etc/shadow===

Edit <code>/vz/private/777/etc/shadow</code>, and change root's password in the first line to an exclamation mark (!):

<pre>root:!:10071:0:::::</pre>

This will disable root login until the password is changed with <code>vzctl set VEID --userpasswd root:password</code>.

===Disable unneeded init scripts===

The checkroot and consolefont init scripts should not be started inside VEs:

<pre>
rm /vz/private/777/etc/runlevels/boot/checkroot
rm /vz/private/777/etc/runlevels/boot/consolefont
</pre>

===Edit /sbin/rc===

Edit <code>/vz/private/777/sbin/rc</code>, and put a hash mark (#) at the beginning of line 244 (your line number may be different):

<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre>

This prevents the VE from attempting to mount <code>/sys</code>.

To ensure that this change isn't automatically overwritten on update, add the following to <code>/vz/private/777/etc/make.conf</code>:

<pre>CONFIG_PROTECT = /sbin/rc</pre>

===Set up udev===

<div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div>

Delete /lib/udev-state/devices.tar.bz2 and create some device nodes needed to enter a VE:

<pre>
cd /vz/private/777/lib
rm udev-state/devices.tar.bz2
mknod udev/devices/ttyp0 c 3 0
mknod udev/devices/ptyp0 c 2 0
mknod udev/devices/ptmx c 5 2
</pre>
Set RC_DEVICES="static" in /vz/private/777/etc/conf.d/rc

You have to leave the directory you are in for the next step to be ok, otherwise you will get this error message : <br>
vzquota : (error) Quota on syscall for 777: Device or resource busy <br>
vzquota on failed [3] <br>

<pre>
cd /
</pre>

===Test===

<pre>
vzctl start 777
vzctl enter 777
</pre>

You can check running services:

<pre>
rc-status -a
</pre>

All services in boot and default runlevels must be started. If everything all right, stop the VE:

<pre>
vzctl stop 777
</pre>

===Making distfiles and portage tree of the host system available in a VE===

{{Warning|This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully!}}

To install software into a VE with portage, you should mount <code>/usr/portage</code> into the VE with the "bind" option. Do the following on the host after the VE is started:

<pre>
mkdir /vz/root/777/usr/portage
mount -o bind /usr/portage /vz/root/777/usr/portage
</pre>

If your <code>/usr/portage/distfiles</code> directory resides on a different partition than your <code>/usr/portage</code> directory, do the following:

<pre>
mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles
</pre>

Now, to install a package into a VE, you just need to enter the VE using <code>vzctl enter</code> and run

<pre>
emerge package_name
</pre>

while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system.

For security reasons, you should have these directories mounted only while installing software into a VE.

{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VE.}}

===Create the template cache file===

<pre>
cd /vz/private/777/
tar czf /vz/template/cache/gentoo.tar.gz *
</pre>

===Test the new template cache file===

Create a new VE from the template file:

<pre>
vzctl create 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps
</pre>

If the VE was created successfully, try to start it:

<pre>
vzctl start 800
</pre>

If it started, and you can ssh in, congratulations, you've got a working Gentoo template!

[[Category: HOWTO]]
[[Category: Templates]]
[[Category: Gentoo]]

Gentoo template creation

2008-05-18T16:14:42Z

David455: /* Download stage3 */

This page is about making a template cache for OpenVZ VE from Gentoo Linux. The method is basically the same as described in [[Slackware template creation]] article.

===Download stage3===

We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.

===Create directory for the new VE and unarchive stage3 ===

<pre>
mkdir /vz/private/777
tar -xjf /root/stage3-i686-2006.0.tar.bz2 -C /vz/private/777
</pre>

===Create VE config===
Now you need to create the configuration file for the VE, 777.conf:

<pre>
vzctl set 777 --applyconfig vps.basic --save
</pre>

===Edit config===

Add to the /etc/vz/conf/777.conf:
<pre>
DISTRIBUTION="gentoo"
OSTEMPLATE="gentoo"
</pre>

===Make /etc/mtab a symlink to /proc/mounts===
The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to df command non-working.
<pre>
rm -f /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab
</pre>
After replacing /etc/mtab with a symlink to /proc/mounts, you will always have up-to-date information of what is mounted in /etc/mtab.

===Edit /etc/fstab===

<pre>
echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab
</pre>

We need only <code>/proc</code> to be mounted at the boot time.

===Edit /etc/inittab===

Edit <code>/vz/private/777/etc/inittab</code>, putting a hashmark (#) before the lines containing:

<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre>

This prevents from starting <code>getty</code> and login on ttys that does not exist in VEs.

===Edit /etc/shadow===

Edit <code>/vz/private/777/etc/shadow</code>, change root's password in the first line to an exclamation mark (!):

<pre>root:!:10071:0:::::</pre>

This will disable the root login until the password changed with <code>vzctl set VEID --userpasswd root:password</code>.

===Disable unneeded init scripts===

The checkroot and consolefont init scripts should not be started inside VEs:

<pre>
rm /vz/private/777/etc/runlevels/boot/checkroot
rm /vz/private/777/etc/runlevels/boot/consolefont
</pre>

===Edit /sbin/rc===

Comment out line number 244 in /vz/private/777/sbin/rc:

<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre>

This prevents the VE from attempting to mount <code>/sys</code>.

To ensure that these changes aren't automatically overwritten on update, add the following to /vz/private/777/etc/make.conf:

<pre>CONFIG_PROTECT = /sbin/rc</pre>

===Set up udev===

<div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div>

Delete /lib/udev-state/devices.tar.bz2 and create some device nodes needed to enter a VE:

<pre>
cd /vz/private/777/lib
rm udev-state/devices.tar.bz2
mknod udev/devices/ttyp0 c 3 0
mknod udev/devices/ptyp0 c 2 0
mknod udev/devices/ptmx c 5 2
</pre>
Set RC_DEVICES="static" in /vz/private/777/etc/conf.d/rc

You have to leave the directory you are in for the next step to be ok, otherwise you will get this error message : <br>
vzquota : (error) Quota on syscall for 777: Device or resource busy <br>
vzquota on failed [3] <br>

<pre>
cd /
</pre>

===Test===

<pre>
vzctl start 777
vzctl enter 777
</pre>

You can check running services.

<pre>
rc-status -a
</pre>

All services in boot and default runlevels must be started. If everything all right, stop it

<pre>
vzctl stop 777
</pre>

===Make distfiles and portage tree of the host system available in a VE===

{{Warning|This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully!}}

To install software into a VE with portage you should mount /usr/portage into VE with "bind" option. Do this after VE starts:

<pre>
mkdir /vz/root/777/usr/portage
mount -o bind /usr/portage /vz/root/777/usr/portage
</pre>

If your /usr/portage/distfiles placed on the other partition do:

<pre>
mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles
</pre>

Now, to install package into a VE you just need enter there by <code>vzctl enter</code> and run

<pre>
emerge package_name
</pre>

while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system.

For security reasons hold this directories mounted only while you are installing software into a VE.

{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VE.}}

===Create the cache file===

<pre>
cd /vz/private/777/
tar czf /vz/template/cache/gentoo.tar.gz *
</pre>

===Test the new cache file===

<pre>
vzctl create 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps
</pre>

If created successfully, try to start it:

<pre>
vzctl start 800
</pre>

If it started, and you can ssh in, congratulations, you've got a working Gentoo template!

[[Category: HOWTO]]
[[Category: Templates]]
[[Category: Gentoo]]

Gentoo template creation

2008-05-18T16:03:11Z

David455: /* Edit /sbin/rc */ Update to reflect current /sbin/rc file and some minor edits

This page is about making a template cache for OpenVZ VE from Gentoo Linux. The method is basically the same as described in [[Slackware template creation]] article.

===Download stage3===

We shall make the template from stage3 file. OpenVZ OS template should be an archive of root of the working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.

===Create directory for the new VE and unarchive stage3 ===

<pre>
mkdir /vz/private/777
tar -xjf /root/stage3-i686-2006.0.tar.bz2 -C /vz/private/777
</pre>

===Create VE config===
Now you need to create the configuration file for the VE, 777.conf:

<pre>
vzctl set 777 --applyconfig vps.basic --save
</pre>

===Edit config===

Add to the /etc/vz/conf/777.conf:
<pre>
DISTRIBUTION="gentoo"
OSTEMPLATE="gentoo"
</pre>

===Make /etc/mtab a symlink to /proc/mounts===
The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to df command non-working.
<pre>
rm -f /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab
</pre>
After replacing /etc/mtab with a symlink to /proc/mounts, you will always have up-to-date information of what is mounted in /etc/mtab.

===Edit /etc/fstab===

<pre>
echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab
</pre>

We need only <code>/proc</code> to be mounted at the boot time.

===Edit /etc/inittab===

Edit <code>/vz/private/777/etc/inittab</code>, putting a hashmark (#) before the lines containing:

<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre>

This prevents from starting <code>getty</code> and login on ttys that does not exist in VEs.

===Edit /etc/shadow===

Edit <code>/vz/private/777/etc/shadow</code>, change root's password in the first line to an exclamation mark (!):

<pre>root:!:10071:0:::::</pre>

This will disable the root login until the password changed with <code>vzctl set VEID --userpasswd root:password</code>.

===Disable unneeded init scripts===

The checkroot and consolefont init scripts should not be started inside VEs:

<pre>
rm /vz/private/777/etc/runlevels/boot/checkroot
rm /vz/private/777/etc/runlevels/boot/consolefont
</pre>

===Edit /sbin/rc===

Comment out line number 244 in /vz/private/777/sbin/rc:

<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre>

This prevents the VE from attempting to mount <code>/sys</code>.

To ensure that these changes aren't automatically overwritten on update, add the following to /vz/private/777/etc/make.conf:

<pre>CONFIG_PROTECT = /sbin/rc</pre>

===Set up udev===

<div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div>

Delete /lib/udev-state/devices.tar.bz2 and create some device nodes needed to enter a VE:

<pre>
cd /vz/private/777/lib
rm udev-state/devices.tar.bz2
mknod udev/devices/ttyp0 c 3 0
mknod udev/devices/ptyp0 c 2 0
mknod udev/devices/ptmx c 5 2
</pre>
Set RC_DEVICES="static" in /vz/private/777/etc/conf.d/rc

You have to leave the directory you are in for the next step to be ok, otherwise you will get this error message : <br>
vzquota : (error) Quota on syscall for 777: Device or resource busy <br>
vzquota on failed [3] <br>

<pre>
cd /
</pre>

===Test===

<pre>
vzctl start 777
vzctl enter 777
</pre>

You can check running services.

<pre>
rc-status -a
</pre>

All services in boot and default runlevels must be started. If everything all right, stop it

<pre>
vzctl stop 777
</pre>

===Make distfiles and portage tree of the host system available in a VE===

{{Warning|This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully!}}

To install software into a VE with portage you should mount /usr/portage into VE with "bind" option. Do this after VE starts:

<pre>
mkdir /vz/root/777/usr/portage
mount -o bind /usr/portage /vz/root/777/usr/portage
</pre>

If your /usr/portage/distfiles placed on the other partition do:

<pre>
mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles
</pre>

Now, to install package into a VE you just need enter there by <code>vzctl enter</code> and run

<pre>
emerge package_name
</pre>

while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system.

For security reasons hold this directories mounted only while you are installing software into a VE.

{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VE.}}

===Create the cache file===

<pre>
cd /vz/private/777/
tar czf /vz/template/cache/gentoo.tar.gz *
</pre>

===Test the new cache file===

<pre>
vzctl create 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps
</pre>

If created successfully, try to start it:

<pre>
vzctl start 800
</pre>

If it started, and you can ssh in, congratulations, you've got a working Gentoo template!

[[Category: HOWTO]]
[[Category: Templates]]
[[Category: Gentoo]]

Gentoo template creation

2008-05-18T15:49:16Z

David455: /* Edit /etc/init.d/checkroot */

This page is about making a template cache for OpenVZ VE from Gentoo Linux. The method is basically the same as described in [[Slackware template creation]] article.

===Download stage3===

We shall make the template from stage3 file. OpenVZ OS template should be an archive of root of the working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.

===Create directory for the new VE and unarchive stage3 ===

<pre>
mkdir /vz/private/777
tar -xjf /root/stage3-i686-2006.0.tar.bz2 -C /vz/private/777
</pre>

===Create VE config===
Now you need to create the configuration file for the VE, 777.conf:

<pre>
vzctl set 777 --applyconfig vps.basic --save
</pre>

===Edit config===

Add to the /etc/vz/conf/777.conf:
<pre>
DISTRIBUTION="gentoo"
OSTEMPLATE="gentoo"
</pre>

===Make /etc/mtab a symlink to /proc/mounts===
The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to df command non-working.
<pre>
rm -f /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab
</pre>
After replacing /etc/mtab with a symlink to /proc/mounts, you will always have up-to-date information of what is mounted in /etc/mtab.

===Edit /etc/fstab===

<pre>
echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab
</pre>

We need only <code>/proc</code> to be mounted at the boot time.

===Edit /etc/inittab===

Edit <code>/vz/private/777/etc/inittab</code>, putting a hashmark (#) before the lines containing:

<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre>

This prevents from starting <code>getty</code> and login on ttys that does not exist in VEs.

===Edit /etc/shadow===

Edit <code>/vz/private/777/etc/shadow</code>, change root's password in the first line to an exclamation mark (!):

<pre>root:!:10071:0:::::</pre>

This will disable the root login until the password changed with <code>vzctl set VEID --userpasswd root:password</code>.

===Disable unneeded init scripts===

The checkroot and consolefont init scripts should not be started inside VEs:

<pre>
rm /vz/private/777/etc/runlevels/boot/checkroot
rm /vz/private/777/etc/runlevels/boot/consolefont
</pre>

===Edit /sbin/rc===

Comment line number 141 in /vz/private/777/sbin/rc:

<pre>try mount -n ${mntcmd:--t sysfs sysfs /sys}</pre>

This prevents from attepting to mount <code>/sys</code>.

To ensure these changes aren't automatically overwritten on update, add the following to /vz/private/777/etc/make.conf:

<pre>CONFIG_PROTECT = /sbin/rc</pre>

===Set up udev===

<div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div>

Delete /lib/udev-state/devices.tar.bz2 and create some device nodes needed to enter a VE:

<pre>
cd /vz/private/777/lib
rm udev-state/devices.tar.bz2
mknod udev/devices/ttyp0 c 3 0
mknod udev/devices/ptyp0 c 2 0
mknod udev/devices/ptmx c 5 2
</pre>
Set RC_DEVICES="static" in /vz/private/777/etc/conf.d/rc

You have to leave the directory you are in for the next step to be ok, otherwise you will get this error message : <br>
vzquota : (error) Quota on syscall for 777: Device or resource busy <br>
vzquota on failed [3] <br>

<pre>
cd /
</pre>

===Test===

<pre>
vzctl start 777
vzctl enter 777
</pre>

You can check running services.

<pre>
rc-status -a
</pre>

All services in boot and default runlevels must be started. If everything all right, stop it

<pre>
vzctl stop 777
</pre>

===Make distfiles and portage tree of the host system available in a VE===

{{Warning|This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully!}}

To install software into a VE with portage you should mount /usr/portage into VE with "bind" option. Do this after VE starts:

<pre>
mkdir /vz/root/777/usr/portage
mount -o bind /usr/portage /vz/root/777/usr/portage
</pre>

If your /usr/portage/distfiles placed on the other partition do:

<pre>
mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles
</pre>

Now, to install package into a VE you just need enter there by <code>vzctl enter</code> and run

<pre>
emerge package_name
</pre>

while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system.

For security reasons hold this directories mounted only while you are installing software into a VE.

{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VE.}}

===Create the cache file===

<pre>
cd /vz/private/777/
tar czf /vz/template/cache/gentoo.tar.gz *
</pre>

===Test the new cache file===

<pre>
vzctl create 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps
</pre>

If created successfully, try to start it:

<pre>
vzctl start 800
</pre>

If it started, and you can ssh in, congratulations, you've got a working Gentoo template!

[[Category: HOWTO]]
[[Category: Templates]]
[[Category: Gentoo]]