OpenVZ Virtuozzo Containers Wiki - User contributions [en]

Getting started with OpenVZ live CD

2007-05-27T21:55:54Z

Kingneutron: /* Starting VE */

This article is written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ.

== Introduction ==
So, as you probably know, OpenVZ allows the user to create [[VE]]s, or Virtual Environments, which seem very much
like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc.
In the same way, a VE can be based on various [[OS template|OS (Operating System) templates]]. On the LiveCD only few minimal OS templates are installed because of disk space limit. Each VE is indentified by its number -- a '''VEID'''.

== VE creation ==
So, how to create a VE with VEID of 101 based on Debian template? Very easy. Just type the following commands in your
terminal (you must be root):
<pre>
root@Knoppix:~# vzctl create 101 --ostemplate debian-3.1-i386-minimal
Creating VE private area (debian-3.1-i386-minimal)
Performing postcreate actions
VE private area was created
</pre>

'''vzctl''' is the tool that manages VEs. Look in <tt>/var/lib/vz/template/cache/</tt> directory for other OS templates available on LiveCD:
<pre>
root@Knoppix:~# ls -1 /var/lib/vz/template/cache/
centos-4-i386-minimal.tar.gz
debian-3.1-i386-minimal.tar.gz
fedora-core-5-i386-minimal.tar.gz
</pre>

== List of VEs ==
You can get the list of all created VEs on '''HN''' (Hardware Node) using '''vzlist''' command:
<pre>
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 - stopped - -
</pre>

As you see, VE 101 is in stopped state now.

== Starting VE ==
Let's start it:
<pre>
root@Knoppix:~# vzctl start 101
Starting VE ...
VE is mounted
Setting CPU units: 1000
VE start in progress...
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 5 running -
</pre>

o Note: In the LiveCD environment, you may have to increase SHMPAGES for the VE or you will run out of "disk space" when trying to install software. You can do this "on the fly" by issuing:

<pre>
' vzctl set 101 --shmpages $((8192*8)):$((8192*8)) --save '
</pre>

o This will give VE 101 64MB of shmpages; you may wish to give it more if you're planning on doing more than just basic openvz testing.

o You can verify the change from the host by issuing:

<pre>
' vzctl exec 101 cat /proc/user_beancounters '
</pre>

== Executing commands in VE ==
From the "vzlist" command you see that 5 processes are running inside VE 101. (The "NPROC" field indicates the number of Processes, or PIDs, that are active in the VE -- not the number of Processors, or CPUs.) Being on usual [[hardware node]] you can use <code>ps</code> command to identify those, and the same command can be used here. The only difference is that this command should be called inside VE.

In order to perform any command inside VE `vzctl exec` is used:
<pre>
root@Knoppix:~# vzctl exec 101 ps
PID TTY TIME CMD
1 ? 00:00:00 init
7672 ? 00:00:00 rc
7674 ? 00:00:00 S10sysklogd
7677 ? 00:00:00 syslogd
7678 ? 00:00:00 syslogd
7683 ? 00:00:00 ps
</pre>

== Entering VE ==
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
</pre>

In this shell you can do almost all you can do on the real HN. For example create a new user:
<pre>
Knoppix:/# useradd new-user
Knoppix:/# passwd new-user
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Knoppix:/# mkdir /home/new-user
Knoppix:/# chown new-user /home/new-user/
Knoppix:/# su new-user
Knoppix:/$ cd ~
Knoppix:~$ pwd
/home/new-user
exit
Knoppix:/#
</pre>

In order to exit from VEs shell, just type exit:
<pre>
Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Setting up VE networking ==
Let's set up networking in VE.

<pre>
root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@Knoppix:~# ifconfig venet0 up
root@Knoppix:~# vzctl set 101 --ipadd 10.1.1.1 --save
Adding IP address(es): 10.1.1.1
Saved parameters for VE 1
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 4 running 10.1.1.1 -
</pre>

Now your [[Hardware Node]] can ping VE and VE can ping HN:
<pre>
root@Knoppix:~# ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms

--- 10.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms
root@Knoppix:~#
root@Knoppix:~# vzctl exec 101 ping 192.168.0.244
PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data.
64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms

root@Knoppix:~#
</pre>

However, it is not possible to ping other computers in the network: for it we need to
set up NAT (Network Address Translation) and set the nameserver.

Assume that you've set up network on HN (for example via DHCP) and the IP address
of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1.
<pre>
root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244
root@Knoppix:~# vzctl set 101 --nameserver 192.168.1.1 --save
File resolv.conf was modified
Saved parameters for VE 101
root@Knoppix:~# vzctl exec 101 ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms
</pre>

== Installing software inside VE ==
I guess you've noted that there is not so many packages in VE. It is because minimal template was used.
But of course, you can install any software in VE by yourself. For example, in Debian usual apt-get tool can be used.

Now, for example, we can install gcc inside VE 101 for developing purposes:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
Knoppix:/# apt-get install gcc
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
binutils cpp cpp-3.3 gcc-3.3
Suggested packages:
binutils-doc cpp-doc make manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-3.3-doc
Recommended packages:
libc-dev libc6-dev
The following NEW packages will be installed:
binutils cpp cpp-3.3 gcc gcc-3.3
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 5220kB of archives.
After unpacking 13.6MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.freenet.de stable/main binutils 2.15-6 [2221kB]
Get:2 http://ftp.freenet.de stable/main cpp-3.3 1:3.3.5-13 [1393kB]
Get:3 http://ftp.freenet.de stable/main cpp 4:3.3.5-3 [29.6kB]
Get:4 http://ftp.freenet.de stable/main gcc-3.3 1:3.3.5-13 [1570kB]
Get:5 http://ftp.freenet.de stable/main gcc 4:3.3.5-3 [4906B]
Fetched 5220kB in 10s (507kB/s)
Selecting previously deselected package binutils.
(Reading database ... 7436 files and directories currently installed.)
Unpacking binutils (from .../binutils_2.15-6_i386.deb) ...
Selecting previously deselected package cpp-3.3.
Unpacking cpp-3.3 (from .../cpp-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package cpp.
Unpacking cpp (from .../cpp_4%3a3.3.5-3_i386.deb) ...
Selecting previously deselected package gcc-3.3.
Unpacking gcc-3.3 (from .../gcc-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package gcc.
Unpacking gcc (from .../gcc_4%3a3.3.5-3_i386.deb) ...
Setting up binutils (2.15-6) ...

Setting up cpp-3.3 (3.3.5-13) ...
Setting up cpp (3.3.5-3) ...
Setting up gcc-3.3 (3.3.5-13) ...
Setting up gcc (3.3.5-3) ...

Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Resource limiting ==
The very important feature of VE is that you can limit it by resources: CPU, memory, disk space.
It is also performed via vzctl. Current usage values and limits of memory-related resources can be viewed through
<code>/proc/bc/VEID/resources</code> file:
<pre>
root@Knoppix:~# cat /proc/bc/101/resources
kmemsize 628209 976969 2752512 2936012 0
lockedpages 0 0 32 32 0
privvmpages 5238 6885 49152 53575 0
shmpages 5012 5014 8192 8192 0
numproc 3 11 65 65 0
physpages 5084 6020 0 2147483647 0
vmguarpages 0 0 6144 2147483647 0
oomguarpages 5084 6020 6144 2147483647 0
numtcpsock 0 2 80 80 0
numflock 1 5 100 110 0
numpty 0 1 16 16 0
numsiginfo 0 6 256 256 0
tcpsndbuf 0 4440 319488 524288 0
tcprcvbuf 0 42180 319488 524288 0
othersockbuf 2220 6660 132096 336896 0
dgramrcvbuf 0 2220 132096 132096 0
numothersock 1 6 80 80 0
dcachesize 0 0 1048576 1097728 0
numfile 106 339 2048 2048 0
numiptent 10 10 128 128 0
root@Knoppix:~#
</pre>
First column is resource name, second is current usage, third is peak usage, forth and fifth are barrier and limit, and last column is fail counter.

Note that if you have nonzero values in the last column, it means that this VE
experienced a resource shortage. This is very common reason why some application fail to
work in a VE. In this case you should increase limits/barriers accordingly; see
[[resource shortage]] for more info.

== Stopping/removing VE ==
Well, let's stop VE and destroy it:
<pre>
root@Knoppix:~# vzctl stop 101
Stopping VE ...
VE was stopped
VE is unmounted
root@Knoppix:~# vzctl destroy 101
Destroying VE private area: /var/lib/vz/private/101
VE private area was destroyed
root@Knoppix:~#
</pre>

== Links ==
That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org/ .

If you experience some difficulties, contact us via http://forum.openvz.org/ . Templates and other tools are available from http://download.openvz.org/ .

Getting started with OpenVZ live CD

2007-05-27T21:54:20Z

Kingneutron: /* Links */ spelling ==db

This article is written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ.

== Introduction ==
So, as you probably know, OpenVZ allows the user to create [[VE]]s, or Virtual Environments, which seem very much
like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc.
In the same way, a VE can be based on various [[OS template|OS (Operating System) templates]]. On the LiveCD only few minimal OS templates are installed because of disk space limit. Each VE is indentified by its number -- a '''VEID'''.

== VE creation ==
So, how to create a VE with VEID of 101 based on Debian template? Very easy. Just type the following commands in your
terminal (you must be root):
<pre>
root@Knoppix:~# vzctl create 101 --ostemplate debian-3.1-i386-minimal
Creating VE private area (debian-3.1-i386-minimal)
Performing postcreate actions
VE private area was created
</pre>

'''vzctl''' is the tool that manages VEs. Look in <tt>/var/lib/vz/template/cache/</tt> directory for other OS templates available on LiveCD:
<pre>
root@Knoppix:~# ls -1 /var/lib/vz/template/cache/
centos-4-i386-minimal.tar.gz
debian-3.1-i386-minimal.tar.gz
fedora-core-5-i386-minimal.tar.gz
</pre>

== List of VEs ==
You can get the list of all created VEs on '''HN''' (Hardware Node) using '''vzlist''' command:
<pre>
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 - stopped - -
</pre>

As you see, VE 101 is in stopped state now.

== Starting VE ==
Let's start it:
<pre>
root@Knoppix:~# vzctl start 101
Starting VE ...
VE is mounted
Setting CPU units: 1000
VE start in progress...
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 5 running -
</pre>

o Note: In the LiveCD environment, you may have to increase SHMPAGES for the VE or you will run out of "disk space" when trying to install software. You can do this "on the fly" by issuing:

<pre>
' vzctl set 101 --shmpages $((8192*8)):$((8192*8)) --save '
</pre>

o This will give VE 101 64MB of shmpages; you may wish to give it more if you're planning on doing more than just basic openvz testing.

o You can verify the change in-VE by issuing:

<pre>
' vzctl exec 101 cat /proc/user_beancounters '
</pre>

== Executing commands in VE ==
From the "vzlist" command you see that 5 processes are running inside VE 101. (The "NPROC" field indicates the number of Processes, or PIDs, that are active in the VE -- not the number of Processors, or CPUs.) Being on usual [[hardware node]] you can use <code>ps</code> command to identify those, and the same command can be used here. The only difference is that this command should be called inside VE.

In order to perform any command inside VE `vzctl exec` is used:
<pre>
root@Knoppix:~# vzctl exec 101 ps
PID TTY TIME CMD
1 ? 00:00:00 init
7672 ? 00:00:00 rc
7674 ? 00:00:00 S10sysklogd
7677 ? 00:00:00 syslogd
7678 ? 00:00:00 syslogd
7683 ? 00:00:00 ps
</pre>

== Entering VE ==
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
</pre>

In this shell you can do almost all you can do on the real HN. For example create a new user:
<pre>
Knoppix:/# useradd new-user
Knoppix:/# passwd new-user
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Knoppix:/# mkdir /home/new-user
Knoppix:/# chown new-user /home/new-user/
Knoppix:/# su new-user
Knoppix:/$ cd ~
Knoppix:~$ pwd
/home/new-user
exit
Knoppix:/#
</pre>

In order to exit from VEs shell, just type exit:
<pre>
Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Setting up VE networking ==
Let's set up networking in VE.

<pre>
root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@Knoppix:~# ifconfig venet0 up
root@Knoppix:~# vzctl set 101 --ipadd 10.1.1.1 --save
Adding IP address(es): 10.1.1.1
Saved parameters for VE 1
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 4 running 10.1.1.1 -
</pre>

Now your [[Hardware Node]] can ping VE and VE can ping HN:
<pre>
root@Knoppix:~# ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms

--- 10.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms
root@Knoppix:~#
root@Knoppix:~# vzctl exec 101 ping 192.168.0.244
PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data.
64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms

root@Knoppix:~#
</pre>

However, it is not possible to ping other computers in the network: for it we need to
set up NAT (Network Address Translation) and set the nameserver.

Assume that you've set up network on HN (for example via DHCP) and the IP address
of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1.
<pre>
root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244
root@Knoppix:~# vzctl set 101 --nameserver 192.168.1.1 --save
File resolv.conf was modified
Saved parameters for VE 101
root@Knoppix:~# vzctl exec 101 ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms
</pre>

== Installing software inside VE ==
I guess you've noted that there is not so many packages in VE. It is because minimal template was used.
But of course, you can install any software in VE by yourself. For example, in Debian usual apt-get tool can be used.

Now, for example, we can install gcc inside VE 101 for developing purposes:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
Knoppix:/# apt-get install gcc
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
binutils cpp cpp-3.3 gcc-3.3
Suggested packages:
binutils-doc cpp-doc make manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-3.3-doc
Recommended packages:
libc-dev libc6-dev
The following NEW packages will be installed:
binutils cpp cpp-3.3 gcc gcc-3.3
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 5220kB of archives.
After unpacking 13.6MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.freenet.de stable/main binutils 2.15-6 [2221kB]
Get:2 http://ftp.freenet.de stable/main cpp-3.3 1:3.3.5-13 [1393kB]
Get:3 http://ftp.freenet.de stable/main cpp 4:3.3.5-3 [29.6kB]
Get:4 http://ftp.freenet.de stable/main gcc-3.3 1:3.3.5-13 [1570kB]
Get:5 http://ftp.freenet.de stable/main gcc 4:3.3.5-3 [4906B]
Fetched 5220kB in 10s (507kB/s)
Selecting previously deselected package binutils.
(Reading database ... 7436 files and directories currently installed.)
Unpacking binutils (from .../binutils_2.15-6_i386.deb) ...
Selecting previously deselected package cpp-3.3.
Unpacking cpp-3.3 (from .../cpp-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package cpp.
Unpacking cpp (from .../cpp_4%3a3.3.5-3_i386.deb) ...
Selecting previously deselected package gcc-3.3.
Unpacking gcc-3.3 (from .../gcc-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package gcc.
Unpacking gcc (from .../gcc_4%3a3.3.5-3_i386.deb) ...
Setting up binutils (2.15-6) ...

Setting up cpp-3.3 (3.3.5-13) ...
Setting up cpp (3.3.5-3) ...
Setting up gcc-3.3 (3.3.5-13) ...
Setting up gcc (3.3.5-3) ...

Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Resource limiting ==
The very important feature of VE is that you can limit it by resources: CPU, memory, disk space.
It is also performed via vzctl. Current usage values and limits of memory-related resources can be viewed through
<code>/proc/bc/VEID/resources</code> file:
<pre>
root@Knoppix:~# cat /proc/bc/101/resources
kmemsize 628209 976969 2752512 2936012 0
lockedpages 0 0 32 32 0
privvmpages 5238 6885 49152 53575 0
shmpages 5012 5014 8192 8192 0
numproc 3 11 65 65 0
physpages 5084 6020 0 2147483647 0
vmguarpages 0 0 6144 2147483647 0
oomguarpages 5084 6020 6144 2147483647 0
numtcpsock 0 2 80 80 0
numflock 1 5 100 110 0
numpty 0 1 16 16 0
numsiginfo 0 6 256 256 0
tcpsndbuf 0 4440 319488 524288 0
tcprcvbuf 0 42180 319488 524288 0
othersockbuf 2220 6660 132096 336896 0
dgramrcvbuf 0 2220 132096 132096 0
numothersock 1 6 80 80 0
dcachesize 0 0 1048576 1097728 0
numfile 106 339 2048 2048 0
numiptent 10 10 128 128 0
root@Knoppix:~#
</pre>
First column is resource name, second is current usage, third is peak usage, forth and fifth are barrier and limit, and last column is fail counter.

Note that if you have nonzero values in the last column, it means that this VE
experienced a resource shortage. This is very common reason why some application fail to
work in a VE. In this case you should increase limits/barriers accordingly; see
[[resource shortage]] for more info.

== Stopping/removing VE ==
Well, let's stop VE and destroy it:
<pre>
root@Knoppix:~# vzctl stop 101
Stopping VE ...
VE was stopped
VE is unmounted
root@Knoppix:~# vzctl destroy 101
Destroying VE private area: /var/lib/vz/private/101
VE private area was destroyed
root@Knoppix:~#
</pre>

== Links ==
That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org/ .

If you experience some difficulties, contact us via http://forum.openvz.org/ . Templates and other tools are available from http://download.openvz.org/ .

Getting started with OpenVZ live CD

2007-05-27T21:51:05Z

Kingneutron: /* Executing commands in VE */

This article is written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ.

== Introduction ==
So, as you probably know, OpenVZ allows the user to create [[VE]]s, or Virtual Environments, which seem very much
like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc.
In the same way, a VE can be based on various [[OS template|OS (Operating System) templates]]. On the LiveCD only few minimal OS templates are installed because of disk space limit. Each VE is indentified by its number -- a '''VEID'''.

== VE creation ==
So, how to create a VE with VEID of 101 based on Debian template? Very easy. Just type the following commands in your
terminal (you must be root):
<pre>
root@Knoppix:~# vzctl create 101 --ostemplate debian-3.1-i386-minimal
Creating VE private area (debian-3.1-i386-minimal)
Performing postcreate actions
VE private area was created
</pre>

'''vzctl''' is the tool that manages VEs. Look in <tt>/var/lib/vz/template/cache/</tt> directory for other OS templates available on LiveCD:
<pre>
root@Knoppix:~# ls -1 /var/lib/vz/template/cache/
centos-4-i386-minimal.tar.gz
debian-3.1-i386-minimal.tar.gz
fedora-core-5-i386-minimal.tar.gz
</pre>

== List of VEs ==
You can get the list of all created VEs on '''HN''' (Hardware Node) using '''vzlist''' command:
<pre>
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 - stopped - -
</pre>

As you see, VE 101 is in stopped state now.

== Starting VE ==
Let's start it:
<pre>
root@Knoppix:~# vzctl start 101
Starting VE ...
VE is mounted
Setting CPU units: 1000
VE start in progress...
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 5 running -
</pre>

o Note: In the LiveCD environment, you may have to increase SHMPAGES for the VE or you will run out of "disk space" when trying to install software. You can do this "on the fly" by issuing:

<pre>
' vzctl set 101 --shmpages $((8192*8)):$((8192*8)) --save '
</pre>

o This will give VE 101 64MB of shmpages; you may wish to give it more if you're planning on doing more than just basic openvz testing.

o You can verify the change in-VE by issuing:

<pre>
' vzctl exec 101 cat /proc/user_beancounters '
</pre>

== Executing commands in VE ==
From the "vzlist" command you see that 5 processes are running inside VE 101. (The "NPROC" field indicates the number of Processes, or PIDs, that are active in the VE -- not the number of Processors, or CPUs.) Being on usual [[hardware node]] you can use <code>ps</code> command to identify those, and the same command can be used here. The only difference is that this command should be called inside VE.

In order to perform any command inside VE `vzctl exec` is used:
<pre>
root@Knoppix:~# vzctl exec 101 ps
PID TTY TIME CMD
1 ? 00:00:00 init
7672 ? 00:00:00 rc
7674 ? 00:00:00 S10sysklogd
7677 ? 00:00:00 syslogd
7678 ? 00:00:00 syslogd
7683 ? 00:00:00 ps
</pre>

== Entering VE ==
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
</pre>

In this shell you can do almost all you can do on the real HN. For example create a new user:
<pre>
Knoppix:/# useradd new-user
Knoppix:/# passwd new-user
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Knoppix:/# mkdir /home/new-user
Knoppix:/# chown new-user /home/new-user/
Knoppix:/# su new-user
Knoppix:/$ cd ~
Knoppix:~$ pwd
/home/new-user
exit
Knoppix:/#
</pre>

In order to exit from VEs shell, just type exit:
<pre>
Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Setting up VE networking ==
Let's set up networking in VE.

<pre>
root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@Knoppix:~# ifconfig venet0 up
root@Knoppix:~# vzctl set 101 --ipadd 10.1.1.1 --save
Adding IP address(es): 10.1.1.1
Saved parameters for VE 1
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 4 running 10.1.1.1 -
</pre>

Now your [[Hardware Node]] can ping VE and VE can ping HN:
<pre>
root@Knoppix:~# ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms

--- 10.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms
root@Knoppix:~#
root@Knoppix:~# vzctl exec 101 ping 192.168.0.244
PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data.
64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms

root@Knoppix:~#
</pre>

However, it is not possible to ping other computers in the network: for it we need to
set up NAT (Network Address Translation) and set the nameserver.

Assume that you've set up network on HN (for example via DHCP) and the IP address
of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1.
<pre>
root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244
root@Knoppix:~# vzctl set 101 --nameserver 192.168.1.1 --save
File resolv.conf was modified
Saved parameters for VE 101
root@Knoppix:~# vzctl exec 101 ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms
</pre>

== Installing software inside VE ==
I guess you've noted that there is not so many packages in VE. It is because minimal template was used.
But of course, you can install any software in VE by yourself. For example, in Debian usual apt-get tool can be used.

Now, for example, we can install gcc inside VE 101 for developing purposes:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
Knoppix:/# apt-get install gcc
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
binutils cpp cpp-3.3 gcc-3.3
Suggested packages:
binutils-doc cpp-doc make manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-3.3-doc
Recommended packages:
libc-dev libc6-dev
The following NEW packages will be installed:
binutils cpp cpp-3.3 gcc gcc-3.3
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 5220kB of archives.
After unpacking 13.6MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.freenet.de stable/main binutils 2.15-6 [2221kB]
Get:2 http://ftp.freenet.de stable/main cpp-3.3 1:3.3.5-13 [1393kB]
Get:3 http://ftp.freenet.de stable/main cpp 4:3.3.5-3 [29.6kB]
Get:4 http://ftp.freenet.de stable/main gcc-3.3 1:3.3.5-13 [1570kB]
Get:5 http://ftp.freenet.de stable/main gcc 4:3.3.5-3 [4906B]
Fetched 5220kB in 10s (507kB/s)
Selecting previously deselected package binutils.
(Reading database ... 7436 files and directories currently installed.)
Unpacking binutils (from .../binutils_2.15-6_i386.deb) ...
Selecting previously deselected package cpp-3.3.
Unpacking cpp-3.3 (from .../cpp-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package cpp.
Unpacking cpp (from .../cpp_4%3a3.3.5-3_i386.deb) ...
Selecting previously deselected package gcc-3.3.
Unpacking gcc-3.3 (from .../gcc-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package gcc.
Unpacking gcc (from .../gcc_4%3a3.3.5-3_i386.deb) ...
Setting up binutils (2.15-6) ...

Setting up cpp-3.3 (3.3.5-13) ...
Setting up cpp (3.3.5-3) ...
Setting up gcc-3.3 (3.3.5-13) ...
Setting up gcc (3.3.5-3) ...

Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Resource limiting ==
The very important feature of VE is that you can limit it by resources: CPU, memory, disk space.
It is also performed via vzctl. Current usage values and limits of memory-related resources can be viewed through
<code>/proc/bc/VEID/resources</code> file:
<pre>
root@Knoppix:~# cat /proc/bc/101/resources
kmemsize 628209 976969 2752512 2936012 0
lockedpages 0 0 32 32 0
privvmpages 5238 6885 49152 53575 0
shmpages 5012 5014 8192 8192 0
numproc 3 11 65 65 0
physpages 5084 6020 0 2147483647 0
vmguarpages 0 0 6144 2147483647 0
oomguarpages 5084 6020 6144 2147483647 0
numtcpsock 0 2 80 80 0
numflock 1 5 100 110 0
numpty 0 1 16 16 0
numsiginfo 0 6 256 256 0
tcpsndbuf 0 4440 319488 524288 0
tcprcvbuf 0 42180 319488 524288 0
othersockbuf 2220 6660 132096 336896 0
dgramrcvbuf 0 2220 132096 132096 0
numothersock 1 6 80 80 0
dcachesize 0 0 1048576 1097728 0
numfile 106 339 2048 2048 0
numiptent 10 10 128 128 0
root@Knoppix:~#
</pre>
First column is resource name, second is current usage, third is peak usage, forth and fifth are barrier and limit, and last column is fail counter.

Note that if you have nonzero values in the last column, it means that this VE
experienced a resource shortage. This is very common reason why some application fail to
work in a VE. In this case you should increase limits/barriers accordingly; see
[[resource shortage]] for more info.

== Stopping/removing VE ==
Well, let's stop VE and destroy it:
<pre>
root@Knoppix:~# vzctl stop 101
Stopping VE ...
VE was stopped
VE is unmounted
root@Knoppix:~# vzctl destroy 101
Destroying VE private area: /var/lib/vz/private/101
VE private area was destroyed
root@Knoppix:~#
</pre>

== Links ==
That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org/.

If you expirience some difficulties, contact us via http://forum.openvz.org/. Templates and other tools are available from http://download.openvz.org/.

Getting started with OpenVZ live CD

2007-05-27T21:50:18Z

Kingneutron: /* Executing commands in VE */ Explained diff btwn nproc and # of cpu's ==db

This article is written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ.

== Introduction ==
So, as you probably know, OpenVZ allows the user to create [[VE]]s, or Virtual Environments, which seem very much
like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc.
In the same way, a VE can be based on various [[OS template|OS (Operating System) templates]]. On the LiveCD only few minimal OS templates are installed because of disk space limit. Each VE is indentified by its number -- a '''VEID'''.

== VE creation ==
So, how to create a VE with VEID of 101 based on Debian template? Very easy. Just type the following commands in your
terminal (you must be root):
<pre>
root@Knoppix:~# vzctl create 101 --ostemplate debian-3.1-i386-minimal
Creating VE private area (debian-3.1-i386-minimal)
Performing postcreate actions
VE private area was created
</pre>

'''vzctl''' is the tool that manages VEs. Look in <tt>/var/lib/vz/template/cache/</tt> directory for other OS templates available on LiveCD:
<pre>
root@Knoppix:~# ls -1 /var/lib/vz/template/cache/
centos-4-i386-minimal.tar.gz
debian-3.1-i386-minimal.tar.gz
fedora-core-5-i386-minimal.tar.gz
</pre>

== List of VEs ==
You can get the list of all created VEs on '''HN''' (Hardware Node) using '''vzlist''' command:
<pre>
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 - stopped - -
</pre>

As you see, VE 101 is in stopped state now.

== Starting VE ==
Let's start it:
<pre>
root@Knoppix:~# vzctl start 101
Starting VE ...
VE is mounted
Setting CPU units: 1000
VE start in progress...
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 5 running -
</pre>

o Note: In the LiveCD environment, you may have to increase SHMPAGES for the VE or you will run out of "disk space" when trying to install software. You can do this "on the fly" by issuing:

<pre>
' vzctl set 101 --shmpages $((8192*8)):$((8192*8)) --save '
</pre>

o This will give VE 101 64MB of shmpages; you may wish to give it more if you're planning on doing more than just basic openvz testing.

o You can verify the change in-VE by issuing:

<pre>
' vzctl exec 101 cat /proc/user_beancounters '
</pre>

== Executing commands in VE ==
From the previous command you see that 5 processes are running inside VE 101. (The "NPROC" field indicates the number of Processes, or PIDs, that are active in the VE -- not the number of Processors, or CPUs.) Being on usual [[hardware node]] you can use <code>ps</code> command to identify those, and the same command can be used here. The only difference is that this command should be called inside VE.

In order to perform any command inside VE `vzctl exec` is used:
<pre>
root@Knoppix:~# vzctl exec 101 ps
PID TTY TIME CMD
1 ? 00:00:00 init
7672 ? 00:00:00 rc
7674 ? 00:00:00 S10sysklogd
7677 ? 00:00:00 syslogd
7678 ? 00:00:00 syslogd
7683 ? 00:00:00 ps
</pre>

== Entering VE ==
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
</pre>

In this shell you can do almost all you can do on the real HN. For example create a new user:
<pre>
Knoppix:/# useradd new-user
Knoppix:/# passwd new-user
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Knoppix:/# mkdir /home/new-user
Knoppix:/# chown new-user /home/new-user/
Knoppix:/# su new-user
Knoppix:/$ cd ~
Knoppix:~$ pwd
/home/new-user
exit
Knoppix:/#
</pre>

In order to exit from VEs shell, just type exit:
<pre>
Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Setting up VE networking ==
Let's set up networking in VE.

<pre>
root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@Knoppix:~# ifconfig venet0 up
root@Knoppix:~# vzctl set 101 --ipadd 10.1.1.1 --save
Adding IP address(es): 10.1.1.1
Saved parameters for VE 1
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 4 running 10.1.1.1 -
</pre>

Now your [[Hardware Node]] can ping VE and VE can ping HN:
<pre>
root@Knoppix:~# ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms

--- 10.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms
root@Knoppix:~#
root@Knoppix:~# vzctl exec 101 ping 192.168.0.244
PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data.
64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms

root@Knoppix:~#
</pre>

However, it is not possible to ping other computers in the network: for it we need to
set up NAT (Network Address Translation) and set the nameserver.

Assume that you've set up network on HN (for example via DHCP) and the IP address
of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1.
<pre>
root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244
root@Knoppix:~# vzctl set 101 --nameserver 192.168.1.1 --save
File resolv.conf was modified
Saved parameters for VE 101
root@Knoppix:~# vzctl exec 101 ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms
</pre>

== Installing software inside VE ==
I guess you've noted that there is not so many packages in VE. It is because minimal template was used.
But of course, you can install any software in VE by yourself. For example, in Debian usual apt-get tool can be used.

Now, for example, we can install gcc inside VE 101 for developing purposes:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
Knoppix:/# apt-get install gcc
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
binutils cpp cpp-3.3 gcc-3.3
Suggested packages:
binutils-doc cpp-doc make manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-3.3-doc
Recommended packages:
libc-dev libc6-dev
The following NEW packages will be installed:
binutils cpp cpp-3.3 gcc gcc-3.3
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 5220kB of archives.
After unpacking 13.6MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.freenet.de stable/main binutils 2.15-6 [2221kB]
Get:2 http://ftp.freenet.de stable/main cpp-3.3 1:3.3.5-13 [1393kB]
Get:3 http://ftp.freenet.de stable/main cpp 4:3.3.5-3 [29.6kB]
Get:4 http://ftp.freenet.de stable/main gcc-3.3 1:3.3.5-13 [1570kB]
Get:5 http://ftp.freenet.de stable/main gcc 4:3.3.5-3 [4906B]
Fetched 5220kB in 10s (507kB/s)
Selecting previously deselected package binutils.
(Reading database ... 7436 files and directories currently installed.)
Unpacking binutils (from .../binutils_2.15-6_i386.deb) ...
Selecting previously deselected package cpp-3.3.
Unpacking cpp-3.3 (from .../cpp-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package cpp.
Unpacking cpp (from .../cpp_4%3a3.3.5-3_i386.deb) ...
Selecting previously deselected package gcc-3.3.
Unpacking gcc-3.3 (from .../gcc-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package gcc.
Unpacking gcc (from .../gcc_4%3a3.3.5-3_i386.deb) ...
Setting up binutils (2.15-6) ...

Setting up cpp-3.3 (3.3.5-13) ...
Setting up cpp (3.3.5-3) ...
Setting up gcc-3.3 (3.3.5-13) ...
Setting up gcc (3.3.5-3) ...

Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Resource limiting ==
The very important feature of VE is that you can limit it by resources: CPU, memory, disk space.
It is also performed via vzctl. Current usage values and limits of memory-related resources can be viewed through
<code>/proc/bc/VEID/resources</code> file:
<pre>
root@Knoppix:~# cat /proc/bc/101/resources
kmemsize 628209 976969 2752512 2936012 0
lockedpages 0 0 32 32 0
privvmpages 5238 6885 49152 53575 0
shmpages 5012 5014 8192 8192 0
numproc 3 11 65 65 0
physpages 5084 6020 0 2147483647 0
vmguarpages 0 0 6144 2147483647 0
oomguarpages 5084 6020 6144 2147483647 0
numtcpsock 0 2 80 80 0
numflock 1 5 100 110 0
numpty 0 1 16 16 0
numsiginfo 0 6 256 256 0
tcpsndbuf 0 4440 319488 524288 0
tcprcvbuf 0 42180 319488 524288 0
othersockbuf 2220 6660 132096 336896 0
dgramrcvbuf 0 2220 132096 132096 0
numothersock 1 6 80 80 0
dcachesize 0 0 1048576 1097728 0
numfile 106 339 2048 2048 0
numiptent 10 10 128 128 0
root@Knoppix:~#
</pre>
First column is resource name, second is current usage, third is peak usage, forth and fifth are barrier and limit, and last column is fail counter.

Note that if you have nonzero values in the last column, it means that this VE
experienced a resource shortage. This is very common reason why some application fail to
work in a VE. In this case you should increase limits/barriers accordingly; see
[[resource shortage]] for more info.

== Stopping/removing VE ==
Well, let's stop VE and destroy it:
<pre>
root@Knoppix:~# vzctl stop 101
Stopping VE ...
VE was stopped
VE is unmounted
root@Knoppix:~# vzctl destroy 101
Destroying VE private area: /var/lib/vz/private/101
VE private area was destroyed
root@Knoppix:~#
</pre>

== Links ==
That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org/.

If you expirience some difficulties, contact us via http://forum.openvz.org/. Templates and other tools are available from http://download.openvz.org/.

Getting started with OpenVZ live CD

2007-05-27T21:46:39Z

Kingneutron: /* Starting VE */

This article is written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ.

== Introduction ==
So, as you probably know, OpenVZ allows the user to create [[VE]]s, or Virtual Environments, which seem very much
like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc.
In the same way, a VE can be based on various [[OS template|OS (Operating System) templates]]. On the LiveCD only few minimal OS templates are installed because of disk space limit. Each VE is indentified by its number -- a '''VEID'''.

== VE creation ==
So, how to create a VE with VEID of 101 based on Debian template? Very easy. Just type the following commands in your
terminal (you must be root):
<pre>
root@Knoppix:~# vzctl create 101 --ostemplate debian-3.1-i386-minimal
Creating VE private area (debian-3.1-i386-minimal)
Performing postcreate actions
VE private area was created
</pre>

'''vzctl''' is the tool that manages VEs. Look in <tt>/var/lib/vz/template/cache/</tt> directory for other OS templates available on LiveCD:
<pre>
root@Knoppix:~# ls -1 /var/lib/vz/template/cache/
centos-4-i386-minimal.tar.gz
debian-3.1-i386-minimal.tar.gz
fedora-core-5-i386-minimal.tar.gz
</pre>

== List of VEs ==
You can get the list of all created VEs on '''HN''' (Hardware Node) using '''vzlist''' command:
<pre>
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 - stopped - -
</pre>

As you see, VE 101 is in stopped state now.

== Starting VE ==
Let's start it:
<pre>
root@Knoppix:~# vzctl start 101
Starting VE ...
VE is mounted
Setting CPU units: 1000
VE start in progress...
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 5 running -
</pre>

o Note: In the LiveCD environment, you may have to increase SHMPAGES for the VE or you will run out of "disk space" when trying to install software. You can do this "on the fly" by issuing:

<pre>
' vzctl set 101 --shmpages $((8192*8)):$((8192*8)) --save '
</pre>

o This will give VE 101 64MB of shmpages; you may wish to give it more if you're planning on doing more than just basic openvz testing.

o You can verify the change in-VE by issuing:

<pre>
' vzctl exec 101 cat /proc/user_beancounters '
</pre>

== Executing commands in VE ==
From the previous command you see that 5 processes are running inside VE 101. Being on usual [[hardware node]] you can use <code>ps</code> command to identify those, and the same command can be used here. The only difference is that this command should be called inside VE.

In order to perform any command inside VE `vzctl exec` is used:
<pre>
root@Knoppix:~# vzctl exec 101 ps
PID TTY TIME CMD
1 ? 00:00:00 init
7672 ? 00:00:00 rc
7674 ? 00:00:00 S10sysklogd
7677 ? 00:00:00 syslogd
7678 ? 00:00:00 syslogd
7683 ? 00:00:00 ps
</pre>

== Entering VE ==
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
</pre>

In this shell you can do almost all you can do on the real HN. For example create a new user:
<pre>
Knoppix:/# useradd new-user
Knoppix:/# passwd new-user
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Knoppix:/# mkdir /home/new-user
Knoppix:/# chown new-user /home/new-user/
Knoppix:/# su new-user
Knoppix:/$ cd ~
Knoppix:~$ pwd
/home/new-user
exit
Knoppix:/#
</pre>

In order to exit from VEs shell, just type exit:
<pre>
Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Setting up VE networking ==
Let's set up networking in VE.

<pre>
root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@Knoppix:~# ifconfig venet0 up
root@Knoppix:~# vzctl set 101 --ipadd 10.1.1.1 --save
Adding IP address(es): 10.1.1.1
Saved parameters for VE 1
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 4 running 10.1.1.1 -
</pre>

Now your [[Hardware Node]] can ping VE and VE can ping HN:
<pre>
root@Knoppix:~# ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms

--- 10.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms
root@Knoppix:~#
root@Knoppix:~# vzctl exec 101 ping 192.168.0.244
PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data.
64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms

root@Knoppix:~#
</pre>

However, it is not possible to ping other computers in the network: for it we need to
set up NAT (Network Address Translation) and set the nameserver.

Assume that you've set up network on HN (for example via DHCP) and the IP address
of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1.
<pre>
root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244
root@Knoppix:~# vzctl set 101 --nameserver 192.168.1.1 --save
File resolv.conf was modified
Saved parameters for VE 101
root@Knoppix:~# vzctl exec 101 ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms
</pre>

== Installing software inside VE ==
I guess you've noted that there is not so many packages in VE. It is because minimal template was used.
But of course, you can install any software in VE by yourself. For example, in Debian usual apt-get tool can be used.

Now, for example, we can install gcc inside VE 101 for developing purposes:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
Knoppix:/# apt-get install gcc
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
binutils cpp cpp-3.3 gcc-3.3
Suggested packages:
binutils-doc cpp-doc make manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-3.3-doc
Recommended packages:
libc-dev libc6-dev
The following NEW packages will be installed:
binutils cpp cpp-3.3 gcc gcc-3.3
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 5220kB of archives.
After unpacking 13.6MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.freenet.de stable/main binutils 2.15-6 [2221kB]
Get:2 http://ftp.freenet.de stable/main cpp-3.3 1:3.3.5-13 [1393kB]
Get:3 http://ftp.freenet.de stable/main cpp 4:3.3.5-3 [29.6kB]
Get:4 http://ftp.freenet.de stable/main gcc-3.3 1:3.3.5-13 [1570kB]
Get:5 http://ftp.freenet.de stable/main gcc 4:3.3.5-3 [4906B]
Fetched 5220kB in 10s (507kB/s)
Selecting previously deselected package binutils.
(Reading database ... 7436 files and directories currently installed.)
Unpacking binutils (from .../binutils_2.15-6_i386.deb) ...
Selecting previously deselected package cpp-3.3.
Unpacking cpp-3.3 (from .../cpp-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package cpp.
Unpacking cpp (from .../cpp_4%3a3.3.5-3_i386.deb) ...
Selecting previously deselected package gcc-3.3.
Unpacking gcc-3.3 (from .../gcc-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package gcc.
Unpacking gcc (from .../gcc_4%3a3.3.5-3_i386.deb) ...
Setting up binutils (2.15-6) ...

Setting up cpp-3.3 (3.3.5-13) ...
Setting up cpp (3.3.5-3) ...
Setting up gcc-3.3 (3.3.5-13) ...
Setting up gcc (3.3.5-3) ...

Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Resource limiting ==
The very important feature of VE is that you can limit it by resources: CPU, memory, disk space.
It is also performed via vzctl. Current usage values and limits of memory-related resources can be viewed through
<code>/proc/bc/VEID/resources</code> file:
<pre>
root@Knoppix:~# cat /proc/bc/101/resources
kmemsize 628209 976969 2752512 2936012 0
lockedpages 0 0 32 32 0
privvmpages 5238 6885 49152 53575 0
shmpages 5012 5014 8192 8192 0
numproc 3 11 65 65 0
physpages 5084 6020 0 2147483647 0
vmguarpages 0 0 6144 2147483647 0
oomguarpages 5084 6020 6144 2147483647 0
numtcpsock 0 2 80 80 0
numflock 1 5 100 110 0
numpty 0 1 16 16 0
numsiginfo 0 6 256 256 0
tcpsndbuf 0 4440 319488 524288 0
tcprcvbuf 0 42180 319488 524288 0
othersockbuf 2220 6660 132096 336896 0
dgramrcvbuf 0 2220 132096 132096 0
numothersock 1 6 80 80 0
dcachesize 0 0 1048576 1097728 0
numfile 106 339 2048 2048 0
numiptent 10 10 128 128 0
root@Knoppix:~#
</pre>
First column is resource name, second is current usage, third is peak usage, forth and fifth are barrier and limit, and last column is fail counter.

Note that if you have nonzero values in the last column, it means that this VE
experienced a resource shortage. This is very common reason why some application fail to
work in a VE. In this case you should increase limits/barriers accordingly; see
[[resource shortage]] for more info.

== Stopping/removing VE ==
Well, let's stop VE and destroy it:
<pre>
root@Knoppix:~# vzctl stop 101
Stopping VE ...
VE was stopped
VE is unmounted
root@Knoppix:~# vzctl destroy 101
Destroying VE private area: /var/lib/vz/private/101
VE private area was destroyed
root@Knoppix:~#
</pre>

== Links ==
That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org/.

If you expirience some difficulties, contact us via http://forum.openvz.org/. Templates and other tools are available from http://download.openvz.org/.

Getting started with OpenVZ live CD

2007-05-27T21:45:36Z

Kingneutron: /* Starting VE */ Added shmpages fix for livecd ==db

This article is written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ.

== Introduction ==
So, as you probably know, OpenVZ allows the user to create [[VE]]s, or Virtual Environments, which seem very much
like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc.
In the same way, a VE can be based on various [[OS template|OS (Operating System) templates]]. On the LiveCD only few minimal OS templates are installed because of disk space limit. Each VE is indentified by its number -- a '''VEID'''.

== VE creation ==
So, how to create a VE with VEID of 101 based on Debian template? Very easy. Just type the following commands in your
terminal (you must be root):
<pre>
root@Knoppix:~# vzctl create 101 --ostemplate debian-3.1-i386-minimal
Creating VE private area (debian-3.1-i386-minimal)
Performing postcreate actions
VE private area was created
</pre>

'''vzctl''' is the tool that manages VEs. Look in <tt>/var/lib/vz/template/cache/</tt> directory for other OS templates available on LiveCD:
<pre>
root@Knoppix:~# ls -1 /var/lib/vz/template/cache/
centos-4-i386-minimal.tar.gz
debian-3.1-i386-minimal.tar.gz
fedora-core-5-i386-minimal.tar.gz
</pre>

== List of VEs ==
You can get the list of all created VEs on '''HN''' (Hardware Node) using '''vzlist''' command:
<pre>
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 - stopped - -
</pre>

As you see, VE 101 is in stopped state now.

== Starting VE ==
Let's start it:
<pre>
root@Knoppix:~# vzctl start 101
Starting VE ...
VE is mounted
Setting CPU units: 1000
VE start in progress...
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 5 running -
</pre>

o Note: In the LiveCD environment, you may have to increase SHMPAGES for the VE or you will run out of "disk space" when trying to install software. You can do this "on the fly" by issuing:

' vzctl set 101 --shmpages $((8192*8)):$((8192*8)) --save '

o This will give VE 101 64MB of shmpages; you may wish to give it more if you're planning on doing more than just basic openvz testing.

o You can verify the change in-VE by issuing:

' vzctl exec 101 cat /proc/user_beancounters '

== Executing commands in VE ==
From the previous command you see that 5 processes are running inside VE 101. Being on usual [[hardware node]] you can use <code>ps</code> command to identify those, and the same command can be used here. The only difference is that this command should be called inside VE.

In order to perform any command inside VE `vzctl exec` is used:
<pre>
root@Knoppix:~# vzctl exec 101 ps
PID TTY TIME CMD
1 ? 00:00:00 init
7672 ? 00:00:00 rc
7674 ? 00:00:00 S10sysklogd
7677 ? 00:00:00 syslogd
7678 ? 00:00:00 syslogd
7683 ? 00:00:00 ps
</pre>

== Entering VE ==
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
</pre>

In this shell you can do almost all you can do on the real HN. For example create a new user:
<pre>
Knoppix:/# useradd new-user
Knoppix:/# passwd new-user
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Knoppix:/# mkdir /home/new-user
Knoppix:/# chown new-user /home/new-user/
Knoppix:/# su new-user
Knoppix:/$ cd ~
Knoppix:~$ pwd
/home/new-user
exit
Knoppix:/#
</pre>

In order to exit from VEs shell, just type exit:
<pre>
Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Setting up VE networking ==
Let's set up networking in VE.

<pre>
root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@Knoppix:~# ifconfig venet0 up
root@Knoppix:~# vzctl set 101 --ipadd 10.1.1.1 --save
Adding IP address(es): 10.1.1.1
Saved parameters for VE 1
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 4 running 10.1.1.1 -
</pre>

Now your [[Hardware Node]] can ping VE and VE can ping HN:
<pre>
root@Knoppix:~# ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms

--- 10.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms
root@Knoppix:~#
root@Knoppix:~# vzctl exec 101 ping 192.168.0.244
PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data.
64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms

root@Knoppix:~#
</pre>

However, it is not possible to ping other computers in the network: for it we need to
set up NAT (Network Address Translation) and set the nameserver.

Assume that you've set up network on HN (for example via DHCP) and the IP address
of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1.
<pre>
root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244
root@Knoppix:~# vzctl set 101 --nameserver 192.168.1.1 --save
File resolv.conf was modified
Saved parameters for VE 101
root@Knoppix:~# vzctl exec 101 ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms
</pre>

== Installing software inside VE ==
I guess you've noted that there is not so many packages in VE. It is because minimal template was used.
But of course, you can install any software in VE by yourself. For example, in Debian usual apt-get tool can be used.

Now, for example, we can install gcc inside VE 101 for developing purposes:
<pre>
root@Knoppix:~# vzctl enter 101
entered into VE 101
Knoppix:/#
Knoppix:/# apt-get install gcc
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
binutils cpp cpp-3.3 gcc-3.3
Suggested packages:
binutils-doc cpp-doc make manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-3.3-doc
Recommended packages:
libc-dev libc6-dev
The following NEW packages will be installed:
binutils cpp cpp-3.3 gcc gcc-3.3
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 5220kB of archives.
After unpacking 13.6MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.freenet.de stable/main binutils 2.15-6 [2221kB]
Get:2 http://ftp.freenet.de stable/main cpp-3.3 1:3.3.5-13 [1393kB]
Get:3 http://ftp.freenet.de stable/main cpp 4:3.3.5-3 [29.6kB]
Get:4 http://ftp.freenet.de stable/main gcc-3.3 1:3.3.5-13 [1570kB]
Get:5 http://ftp.freenet.de stable/main gcc 4:3.3.5-3 [4906B]
Fetched 5220kB in 10s (507kB/s)
Selecting previously deselected package binutils.
(Reading database ... 7436 files and directories currently installed.)
Unpacking binutils (from .../binutils_2.15-6_i386.deb) ...
Selecting previously deselected package cpp-3.3.
Unpacking cpp-3.3 (from .../cpp-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package cpp.
Unpacking cpp (from .../cpp_4%3a3.3.5-3_i386.deb) ...
Selecting previously deselected package gcc-3.3.
Unpacking gcc-3.3 (from .../gcc-3.3_1%3a3.3.5-13_i386.deb) ...
Selecting previously deselected package gcc.
Unpacking gcc (from .../gcc_4%3a3.3.5-3_i386.deb) ...
Setting up binutils (2.15-6) ...

Setting up cpp-3.3 (3.3.5-13) ...
Setting up cpp (3.3.5-3) ...
Setting up gcc-3.3 (3.3.5-13) ...
Setting up gcc (3.3.5-3) ...

Knoppix:/# exit
logout
exited from VE 101
root@Knoppix:~#
</pre>

== Resource limiting ==
The very important feature of VE is that you can limit it by resources: CPU, memory, disk space.
It is also performed via vzctl. Current usage values and limits of memory-related resources can be viewed through
<code>/proc/bc/VEID/resources</code> file:
<pre>
root@Knoppix:~# cat /proc/bc/101/resources
kmemsize 628209 976969 2752512 2936012 0
lockedpages 0 0 32 32 0
privvmpages 5238 6885 49152 53575 0
shmpages 5012 5014 8192 8192 0
numproc 3 11 65 65 0
physpages 5084 6020 0 2147483647 0
vmguarpages 0 0 6144 2147483647 0
oomguarpages 5084 6020 6144 2147483647 0
numtcpsock 0 2 80 80 0
numflock 1 5 100 110 0
numpty 0 1 16 16 0
numsiginfo 0 6 256 256 0
tcpsndbuf 0 4440 319488 524288 0
tcprcvbuf 0 42180 319488 524288 0
othersockbuf 2220 6660 132096 336896 0
dgramrcvbuf 0 2220 132096 132096 0
numothersock 1 6 80 80 0
dcachesize 0 0 1048576 1097728 0
numfile 106 339 2048 2048 0
numiptent 10 10 128 128 0
root@Knoppix:~#
</pre>
First column is resource name, second is current usage, third is peak usage, forth and fifth are barrier and limit, and last column is fail counter.

Note that if you have nonzero values in the last column, it means that this VE
experienced a resource shortage. This is very common reason why some application fail to
work in a VE. In this case you should increase limits/barriers accordingly; see
[[resource shortage]] for more info.

== Stopping/removing VE ==
Well, let's stop VE and destroy it:
<pre>
root@Knoppix:~# vzctl stop 101
Stopping VE ...
VE was stopped
VE is unmounted
root@Knoppix:~# vzctl destroy 101
Destroying VE private area: /var/lib/vz/private/101
VE private area was destroyed
root@Knoppix:~#
</pre>

== Links ==
That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org/.

If you expirience some difficulties, contact us via http://forum.openvz.org/. Templates and other tools are available from http://download.openvz.org/.

X inside VE

2007-05-26T08:23:18Z

Kingneutron: /* X forwarding */ Added -2 -c blowfish for speed ==db

There are several ways to run X applications inside your [[VE]].

== X forwarding ==

To run an X application inside a [[VE]], one need simply to connect to a VE with '''ssh -X''':
<pre>
host# ssh -2 -c blowfish -X user@address
</pre>

After login to VE check that <code>$DISPLAY</code> variable is set and X11 forwarding is enabled:
<pre>
ve# echo $DISPLAY
localhost:10.0
</pre>

In case <code>$DISPLAY</code> is not set, make sure that X forwarding is enabled in <code>sshd</code> config inside VE. In most Linux distros sshd configuration is stored in <code>/etc/ssh/sshd_config</code>. You should set parameter <code>X11Forwarding</code> to <code>yes</code>. Also VE should contain <code>xauth</code> package, thus install <code>xauth</code> if it is missing. After that, restart your sshd daemon:
<pre>
ve# /etc/init.d/sshd restart
</pre>

{{Note|Don't forget to reconnect after this}}

Now you can run X applications from your VE:
<pre>
ve# firefox
</pre>

Note, that if you want to run complete X window environment (including window manager), you should kill local window manager and run only pure X server. Secondly you shoud use '''-Y''' option when invoking ssh. And if you want to run gnome/kde/..., don't forget to increase [[UBC]] limits, 'cause default values are certainly too small for these monsters. ;)

== VNC for X desktop ==
First, one need to run '''Xvnc''' server inside VE. The easiest way for this is to run
'''vncserver''' script. This scripts starts all the required services
and small http daemon which provides graphical web access to your desktop (via Java applet).

<pre>
ve# vncserver -name mydesktop
New 'mydekstop' desktop is ve:1

Starting applications specified in ~/.vnc/xstartup
Log file is ~/.vnc/ve:1.log
</pre>

Now when your desktop is up and running you can connect to it
using '''vncviewer''' command:
<pre>
host# vncviewer <VE_IP>:1
</pre>

If the VNC desktop is the same size or larger than your X desktop, you will see scroll bars on the bottom and the side. This is often inconvenient. You may reduce your VNC desktop to a more reasonable size like this:
<pre>vncserver -geometry 1000x650</pre>
This setting works quite well for a 1024 by 768 X desktop setting.

=== Starting KDE desktop with VNC ===
To start KDE desktop instead of default twm one replace <code>twm &</code> line with <code>startkde &</code> in user's
<code>~/.vnc/xstartup</code> file on the VE.

=== Connecting with VNC from firewalled network ===
VNC uses 590x TCP ports for its connections. These ports can be firewalled in
many networks so in order to be able to connect to remote side one need to tunnel VNC connections somehow.
A usuall '''ssh''' can be used for tunneling VNC connections as described below.

<pre>
localhost# ssh -L 5900:localhost:5900 <remote host>
</pre>

where <remote host> is the name of the system you want to connect to. When you are asked for a username and password enter your normal username and password. Then start the VNC session to localhost, i.e.

<pre>
localhost# vncviewer localhost
</pre>

== Using xdm ==
It should be also possible to do remote X by running '''xdm''' inside VE and
X -query <remote IP> :1

However VNC approach is much easier.

== External links ==
* http://forum.openvz.org/index.php?t=tree&th=235&mid=1115&&rev=&reveal=
* http://ait.web.psi.ch/services/linux/kde-desktop-sharing.htm
* http://ait.web.psi.ch/services/ssh/vnc-ssh.html
* http://www.vnc.com/pipermail/vnc-list/2002-July/031831.html
* http://www.linuxjournal.com/article/5499
* http://www.realvnc.com/pipermail/vnc-list/2002-March/029502.html
* http://www.redhat.com/archives/rhl-list/2003-December/msg01859.html
* http://faq.gotomyvnc.com/fom-serve/cache/56.html

[[Category: HOWTO]]
[[Category: Networking]]

Virtual Ethernet device

2007-05-26T08:21:08Z

Kingneutron: /* syntax vzctl version >= 3.0.14 */

'''Virtual ethernet device''' is an ethernet-like device which can be used inside a [[VE]]. Unlike
[[venet]] network device, veth device has a MAC address. Due to this, it can be used in configurations, when veth is bridged to ethX or other device and VE user fully sets up his networking himself,
including IPs, gateways etc.

Virtual ethernet device consist of two ethernet devices - one in [[VE0]] and another one
in VE. These devices are connected to each other, so if a packet goes to one
device it will come out from the other device.

== Virtual ethernet device usage ==

=== Kernel module ===
First of all, make sure the <code>vzethdev</code> module is loaded:
<pre>
# lsmod | grep vzeth
vzethdev 8224 0
vzmon 35164 5 vzethdev,vznetdev,vzrst,vzcpt
vzdev 3080 4 vzethdev,vznetdev,vzmon,vzdquota
</pre>

In case it is not loaded, load it:
<pre>
# modprobe vzethdev
</pre>

You might want to add the module to <code>/etc/init.d/vz script</code>, so it will be loaded during startup.

{{Note|since vzctl version 3.0.11, vzethdev is loaded by /etc/init.d/vz}}

=== Adding veth to a VE ===

{{Note|Use random MAC addresses. Do not use MAC addresses of real eth devices, because this can lead to collisions and MAC addresses must be entered in XX:XX:XX:XX:XX:XX format.}}

==== syntax vzctl version < 3.0.14 ====

<pre>
vzctl set <VEID> --veth_add <dev_name>,<dev_addr>,<ve_dev_name>,<ve_dev_addr>
</pre>

Here
* <tt>dev_name</tt> is the ethernet device name that you are creating on the [[VE0|host system]]
* <tt>dev_addr</tt> is its MAC address
* <tt>ve_dev_name</tt> is the corresponding ethernet device name you are creating on the VE
* <tt>ve_dev_addr</tt> is its MAC address

{{Note| that this option is incremental, so devices are added to already existing ones.}}

NB there are no spaces after the commas

Example:

<pre>
vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
</pre>
After executing this command <tt>veth</tt> device will be created for VE 101 and veth configuration will be saved to a VE configuration file.
Host-side ethernet device will have <tt>veth101.0</tt> name and <tt>00:12:34:56:78:9A</tt> MAC address.
VE-side ethernet device will have <tt>eth0</tt> name and <tt>00:12:34:56:78:9B</tt> MAC address.

==== syntax vzctl version >= 3.0.14 ====

Read Update infos about [http://openvz.org/news/updates/vzctl-3.0.14-1 vzctl 3.0.14]

<pre>
vzctl set <VEID> --netif_add <ifname>[,<mac>,<host_ifname>,<host_mac]
</pre>

Here
* <tt>ifname</tt> is the ethernet device name in the VE
* <tt>mac</tt> is its MAC address in the VE
* <tt>host_ifname</tt> is the ethernet device name on the host ([[VE0]])
* <tt>host_mac</tt> is its MAC address on the host ([[VE0]])

{{Note|All parameters except ifname are optional and are automatically generated if not specified.}}

Example:

<pre>
vzctl set 101 --netif_add eth0,00:12:34:56:78:9A,veth101.0,00:12:34:56:78:9B --save
</pre>

o There is a utility script available for generating MAC addresses:

http://www.easyvmx.com/software/easymac.sh

o Recommended Usage:

' chmod +x easymac.sh '

' ./easymac.sh -R '

=== Removing veth from a VE ===

==== syntax vzctl version < 3.0.14 ====

<pre>
vzctl set <VEID> --veth_del <dev_name>
</pre>
Here <tt>dev_name</tt> is the ethernet device name in the [[VE0|host system]].

Example:
<pre>
vzctl set 101 --veth_del veth101.0 --save
</pre>
After executing this command veth device with host-side ethernet name veth101.0 will be removed from VE 101 and veth configuration will be updated in VE config file.

==== syntax vzctl version >= 3.0.14 ====
<pre>
vzctl set <VEID> --netif_del <dev_name>|all
</pre>

Here
* <code>dev_name</code> is the ethernet device name in the [[VE]].

{{Note|If you want to remove all ethernet devices in VE, use <code>all</code>.}}

Example:

<pre>
vzctl set 101 --netif_del eth0 --save
</pre>

== Common configurations with virtual ethernet devices ==
Module <tt>vzethdev</tt> must be loaded to operate with veth devices.

=== Simple configuration with virtual ethernet device ===

==== Start a VE ====
<pre>
[host-node]# vzctl start 101
</pre>

==== Add veth device to VE ====
<pre>
[host-node]# vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
</pre>

==== Configure devices in VE0 ====
<pre>
[host-node]# ifconfig veth101.0 0
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/veth101.0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/veth101.0/proxy_arp
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
</pre>

==== Configure device in VE ====
<pre>
[host-node]# vzctl enter 101
[ve-101]# /sbin/ifconfig eth0 0
[ve-101]# /sbin/ip addr add 192.168.0.101 dev eth0
[ve-101]# /sbin/ip route add default dev eth0
</pre>

==== Add route in [[VE0]] ====
<pre>
[host-node]# ip route add 192.168.0.101 dev veth101.0
</pre>

=== Virtual ethernet device with IPv6 ===

==== Start [[VE]] ====
<pre>
[host-node]# vzctl start 101
</pre>

==== Add veth device to [[VE]] ====
<pre>
[host-node]# vzctl set 101 --veth_add veth101.0,00:12:34:56:78:9A,eth0,00:12:34:56:78:9B --save
</pre>

==== Configure devices in [[VE0]] ====
<pre>
[host-node]# ifconfig veth101.0 0
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/veth101.0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
</pre>

==== Configure device in [[VE]] ====
<pre>
[host-node]# vzctl enter 101
[ve-101]# /sbin/ifconfig eth0 0
</pre>

==== Start router advertisement daemon (radvd) for IPv6 in VE0 ====
First you need to edit radvd configuration file. Here is a simple example of <tt>/etc/radv.conf</tt>:
<pre>
interface veth101.0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;

prefix 3ffe:2400:0:0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};

interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;

prefix 3ffe:0302:0011:0002::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
</pre>

Then, start radvd:
<pre>
[host-node]# /etc/init.d/radvd start
</pre>

==== Add IPv6 addresses to devices in [[VE0]] ====
<pre>
[host-node]# ip addr add dev veth101.0 3ffe:2400::212:34ff:fe56:789a/64
[host-node]# ip addr add dev eth0 3ffe:0302:0011:0002:211:22ff:fe33:4455/64
</pre>

=== Virtual ethernet devices can be joined in one bridge ===
Perform steps 1 - 4 from Simple configuration chapter for several VEs and/or veth devices

==== Create bridge device ====
<pre>
[host-node]# brctl addbr vzbr0
</pre>

==== Add veth devices to bridge ====
<pre>
[host-node]# brctl addif vzbr0 veth101.0
...
[host-node]# brctl addif vzbr0 veth101.n
[host-node]# brctl addif vzbr0 veth102.0
...
...
[host-node]# brctl addif vzbr0 vethXXX.N
</pre>

==== Configure bridge device ====
<pre>
[host-node]# ifconfig vzbr0 0
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/forwarding
[host-node]# echo 1 > /proc/sys/net/ipv4/conf/vzbr0/proxy_arp
</pre>

==== Add routes in [[VE0]] ====
<pre>
[host-node]# ip route add 192.168.101.1 dev vzbr0
...
[host-node]# ip route add 192.168.101.n dev vzbr0
[host-node]# ip route add 192.168.102.1 dev vzbr0
...
...
[host-node]# ip route add 192.168.XXX.N dev vzbr0
</pre>

Thus you'll have more convinient configuration, i.e. all routes to VEs will be through this bridge and VEs can communicate with each other even without these routes.

=== Making a veth-device persistent ===

At the moment, it is not possible to have the commands needed for a persistent veth being made automatically be vzctl. A bugreport ( http://bugzilla.openvz.org/show_bug.cgi?id=301 ) has already been made. Until then, here's a way to make the above steps persistent.

1. First, edit the VE's configuration to specify what the veth's IP address(es) should be, and to indicate that a custom script should be run when starting up a VE.
* Open up /etc/vz/conf/VEID.conf
* Comment out any IP_ADDRESS entries to prevent a VENET-device from being created in the VE
* Add or change the entry CONFIG_CUSTOMIZED="yes"
* Add an entry VETH_IP_ADDRESS="<VE IP>" The VE IP can have multiple IPs, separated by spaces

2. Now to create that "custom script". The following helper script will check the configuration file for IP addresses and for the veth interface, and configure the IP routing accordingly. Create the script /usr/sbin/vznetaddroute to have the following, and then <code>chmod 0500 /usr/sbin/vznetaddroute</code> to make it executable.

<pre>
#!/bin/bash
# /usr/sbin/vznetaddroute
# a script to bring up bridged network interfaces (veth's) in a VE

CONFIGFILE=/etc/vz/conf/$VEID.conf
. $CONFIGFILE
VZHOSTIF=`echo $NETIF |sed 's/^.*host_ifname=$.*$,.*$/\1/g'`

if [ ! -n "$VETH_IP_ADDRESS" ]; then
echo "According to $CONFIGFILE VE$VEIDI has no veth IPs configured."
exit 1
fi

if [ ! -n "$VZHOSTIF" ]; then
echo "According to $CONFIGFILE VE$VEIDI has no veth interface configured."
exit 1
fi

for IP in $VETH_IP_ADDRESS; do
echo "Adding interface $VZHOSTIF and route $IP for VE$VEID to VE0"
/sbin/ifconfig $VZHOSTIF 0
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/$VZHOSTIF/forwarding
/sbin/ip route add $IP dev $VZHOSTIF
done

exit 0
</pre>

3. Now create /etc/vz/vznet.conf containing the following. This is what defines the "custom script" as being the vznetaddroute which you just created.

<pre>
#!/bin/bash
EXTERNAL_SCRIPT="/usr/sbin/vznetaddroute"
</pre>

4. Of course, the VE's operating system will need to be configured with those IP address(es) as well. Consult the manual for your VE's OS for details.

That's it! At this point, when you restart the VE you should see a new line in the output, indicating that the interface is being configured and a new route being added. And you should be able to ping the host, and to enter the VE and use the network.

=== Virtual ethernet devices + VLAN ===
This configuration can be done by adding vlan device to the previous configuration.

== See also ==
* [[Virtual network device]]
* [[Differences between venet and veth]]

== External links ==
* [http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-radvd.html Linux IPv6 HOWTO, a chapter about radvd]

[[Category: Networking]]
[[Category: HOWTO]]

2007-05-26T07:12:13Z

Kingneutron: /* /etc/init.d services */

A rough description of how to migrate existing physical server into a [[VE]].

== Prepare a new “empty” VE ==
For OpenVZ this would mean the following (assume you chose VE ID of 123):

mkdir /vz/root/123 /vz/private/123
cat /etc/vz/conf/ve-vps.basic.conf-sample > /etc/vz/conf/123.conf

== Preparing to migrate ==

Stop most services on a machine to be migrated. “Most” means services such as web server, databases and the like — so you will not loose your data. Just leave the bare minimum (including ssh daemon).

== Copying the data ==

Copy all your data from the machine to an OpenVZ box. Say you'll be using VE with ID of 123, then all the data should be placed to <code>/vz/private/123/</code> directory (so there will be directories such as <code>/vz/private/123/bin</code>, <code>etc</code>, <code>var</code> and so on). This could be done in several ways:

=== rsync ===
rsync example (run from the new HN):
rsync -arvpz --numeric-ids --exclude dev --exclude proc --exclude tmp -e "ssh -l root@a.b.c.d" root@a.b.c.d:/ /vz/private/123/

'''Advantage:''' Your system doesn't really go down.

=== Live CD ===
Another way to do is using a live cd, booting up and use tar to dump the complete disk in a tar you save over the network or on a USB device.

=== Tar ===
Another approach is using tar and excluding some dirs, you could do it like this:

Create a file /tmp/excludes.excl with these contents:
.bash_history
/dev/*
/mnt/*
/tmp/*
/proc/*
/sys/*
/usr/src/*

Then create the tar. But remember, when the system is 'not' using udev, you have to look into /proc/ after creating your VE because some devices might not exist. (/dev/ptmx or others)

# tar cjpf /tmp/mysystem.tar.bz2 / -X /tmp/excludes.excl

Naturally, you can only do this when the critical services (MySQL, apache, ..) are stopped and your /tmp filesystem is big enough to contain your tar.

'''Advantage:''' You don't need to boot from a livecd, so your system doesn't really go down.

== Setting VE parameters ==

=== OSTEMPLATE ===
You have to add <code>OSTEMPLATE=xxx</code> line to <code>/etc/vz/conf/123.conf</code> file, where <code>xxx</code> would be distribution name (like <code>debian-3.0</code>) for vzctl to be able to make changes specific for this distribution.

=== IP address(es) ===
Also, you have to supply an IP for a new VE:

vzctl set 123 --ipadd x.x.x.x --save

=== venet vs. veth ===
You may use veth interface instead of venet if you need just bring old server up for seamless migration of services.
It may be nessessary if server you are migrating is badly configured and it is hard to find all hard-coded net interfaces settings and so on.

veth inteface may me included into bridge to allow seamless old installation access.

== Making adjustments ==
Since VE is a bit different than a real physical server, you have to edit some files inside your new VE.

=== /etc/inittab ===
A VE does not have real ttys, so you have to disable getty in <code>/etc/inittab</code> (i. e. <code>/vz/private/123/etc/inittab</code>).

sed -i -e '/getty/d' /vz/private/123/etc/inittab

=== /etc/mtab ===
Link <code>/etc/mtab</code> to <code>/proc/mounts</code>:

rm -f /vz/private/123/etc/mtab
ln -s /proc/mounts /vz/private/123/etc/mtab

=== /etc/fstab ===
Since you do not have any real disk partitions in a VE, /etc/fstab (or most part of it) is no longer needed. Empty it (excluding the line for /dev/pts):

cp /vz/private/123/etc/fstab /vz/private/123/etc/fstab.old
grep devpts /vz/private/123/etc/fstab.old > /vz/private/123/etc/fstab

You can also mount a devpts in a running (but not fully functional) VE:
vzctl exec 123 mount -t devpts none /dev/pts

=== /dev TTY devices ===
In order for vzctl enter to work, a VE need to have some entries in /dev. This can either be /dev/ttyp* and /dev/ptyp*, or /dev/ptmx and mounted /dev/pts.

==== /dev/ptmx ====
Check that /dev/ptmx exists. If it does not, create with:
mknod /vz/private/123/dev/ptmx c 5 2

==== /dev/pts/ ====
Check that /dev/pts exists. It's a directory, if it does not exist, create with:
mkdir /vz/private/123/dev/pts

==== /dev/ttyp* and /dev/ptyp* ====
Check that /dev/ttyp* and /dev/ptyp* files are there. If not, you have to create those, either by using /sbin/MAKEDEV, or by copying them from the host system.

To copy:
cp -a /dev/ttyp* /dev/ptyp* /vz/private/123/dev/

To recreate with MAKEDEV, either
/sbin/MAKEDEV -d /vz/private/123/dev ttyp ptyp
or
cd /vz/private/123/dev && /sbin/MAKEDEV ttyp
====/dev/null====
Make sure sure /dev/null is not a file or directory, if unsure remove and recreate, If this is not correct sshd will not start correctly
rm -f /vz/private/123/dev/null
mknod /vz/private/123/dev/null c 1 3
=== Other devices ===
===/proc===
Make sure the /proc directory exists
ls -la /vz/private/123/ | grep proc
If it does'nt exist, Make it
mkdir /vz/private/123/proc

==== /dev/urandom ====
Check that /dev/urandom exists. If it does not, create with:
mknod /vz/private/123/dev/urandom c 1 9

=== /etc/init.d services ===

Some system services can (or in some cases should) be disabled. A few good candidates are:

* acpid, amd (not needed)
* checkfs, checkroot (no filesystem checking is required in VE)
* clock (no clock setting is required/allowed in VE)
* consolefont (VE does not have a console)
* hdparm (VE does not have real hard drives)
* klogd (unless you use iptables to LOG some packets)
* keymaps (VE does not have a real keyboard)
* kudzu (VE does not have real hardware)
* lm_sensors (VE does not have access to hardware sensors)
* microcodectl (VE can not update CPU microcode)
* netplugd (VE does not have real Ethernet device)

To see which services are enabled:
* RedHat/Fedora/SUSE: <code>/sbin/chkconfig --list</code>
* Debian: <code>Use ' rcconf ' (ncurses) or update-rc.d</code>
* Gentoo: <code>/sbin/rc-update show</code>

To disable the service:
* RedHat/Fedora/SUSE: <code>/sbin/chkconfig --del SERVICENAME </code>
* Debian: <code>*FIXME*</code>
* Gentoo: <code>/sbin/rc-update del SERVICENAME</code>

=== Other ===
There might be other adjustments needed. Please add those here if you have more info.
==== Disable Old Physical Interface ====
You should disable your old physical interface from starting at boot time

In Fedora, edit /vz/private/{VEID}/etc/sysconfig/network-scripts/ifcfg-eth''x''

Make the following look like this:
onboot=no

Other Distros: *FIXME*

== Starting a new VE ==

Try to start your new VE:

vzctl start 123

Now check that everything works fine. If not, see [[#Troubleshooting]] below.

== Troubleshooting ==

=== Can't enter VE ===

If you can not enter your VE (using <code>vzctl enter</code>), you should be able to at least execute commands in it.

First, see the [[#/dev TTY devices]] section above.

Next, check if devpts is mounted:
vzctl exec 123 mount | grep pts

If it is not mounted, mount it:
vzctl exec 123 mount -t devpts none /dev/pts

Then, add the appropriate mount command to VE's startup scripts. On some distros, you need to have the appropriate line in VE's /etc/fstab.

In Fedora, try commenting out any '''udev''' entries in /vz/private/{VEID}/etc/rc.sysinit
vi /vz/private/{VEID}/etc/rc.sysinit
Locate the '''udev''' entry from within vim
/udev
Then comment the line similar to this:
#[ -x /sbin/start_udev ] && /sbin/start_udev

=== Other problems ===
If anything goes wrong, try to find out why and fix. If you have enough Linux experience, it can be handled. Also check out IRC and please report back on this page.

== Success Stories ==
- Debian 3.1 Sarge with MySQL, apache2, PowerDNS
--[[User:Stoffell|stoffell]] 08:41, 8 February 2007 (EST)

- Red Hat 7.2 with MySQL 3.23, apache, Chilisoft --[[User:Stoffell|stoffell]] 13:26, 9 February 2007 (EST)

- Gentoo with Courier, Postfix, MySQL, Apache2
--[[User:bfrackie|bfrackie]] 19:00, 18 March 2007 (EST)

- AltLinux Master with qmail, MySQL, Apache, etc - to Debian/testing with OpenVZ --[[User:alexkuklin|alexkuklin]]

[[Category:HOWTO]]