6,534
edits
Changes
Created (from http://forum.openvz.org/index.php?t=tree&goto=359&#msg_359)
These are rough instructions of how to manually create minimal Debian Sarge (3.1) template cache, which can be used to create OpenVZ [[VE]]s based on Debian Sarge (3.1).
== Prerequisites ==
I have used OpenVZ on a Gentoo Linux for this work, but any distribution is fine, as long as you can have a working <tt>debootstrap</tt> utility on it.
For Gentoo, run
<pre>emerge debootstrap</pre>
For other distros you might need to install it from sources, or google for an appropriate package for your distro. Some rpms are avaialable from [http://people.debian.org/~blade/install/debootstrap/].
== Bootstrapping Debian ==
All the commands below are executed from the root shell. We use VE ID of 777 for this example; surely it can be any other unused ID.
For Debian Sarge on an '''x86''' (a.k.a. '''i386''') architecture:
<pre>
debootstrap --arch i386 sarge /vz/private/777 http://ftp.freenet.de/debian
</pre>
For Debian Sarge on an '''x86_64''' (a.k.a. '''AMD64''') architecture (Sarge/amd64 is not official so we have to use another repository):
<pre>
debootstrap --arch amd64 sarge /vz/private/777 http://amd64.debian.net/debian
</pre>
== Preparing and starting the VE ==
=== Setting VE config ===
First, we need a config for the [[VE]]:
<pre>
vzctl set 777 --applyconfig vps.basic --save
</pre>
=== Setting VE OSTEMPLATE ===
Also, we need <tt>OSTEMPLATE</tt> to be set, for the [[vzctl]] to work properly.
For Gentoo host system:
<pre>echo "OSTEMPLATE=debian-3.1" >> /etc/vz/777.conf
</pre>
For other systems:
<pre>
echo "OSTEMPLATE=debian-3.1" >> /etc/sysconfig/vz-scripts/777.conf
</pre>
=== Setting VE IP address ===
For the [[VE]] to be able to download updates from network, we need a valid IP address for it:
<pre>
vzctl set 777 --ipadd x.x.x.x --save
</pre>
=== Setting Debian repositories ===
For '''x86_64''':
<pre>
cat << EOF > /vz/private/777/etc/apt/sources.list
deb http://amd64.debian.net/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
EOF
</pre>
For '''i386''':
<pre>
cat << EOF > /vz/private/777/etc/apt/sources.list
deb http://ftp.freenet.de/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
EOF
</pre>
=== Starting VE ===
Now start the VE:
<pre>
vzctl start 777
</pre>
== Customizing the installation ==
A few things needs to be done inside a newly created VE for it to become suitable for OpenVZ. All those things are done inside the VE, so first command is <tt>vzctl enter</tt>.
{{Note|Do not run these commands inside host system, they are only for VE!}}
<pre>
vzctl enter 777
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
</pre>
=== Convert the system to use shadow passwords ===
<pre>
pwconv
</pre>
=== Get new security updates ===
<pre>
apt-get update
apt-get upgrade
</pre>
=== Install some more packages ===
This could be an interactive process so the system would ask some questions. Here you can add more packages you like to be present, like <tt>less</tt>, <tt>vim</tt> etc.
<pre>
apt-get install ssh quota
</pre>
=== Disable root login===
<pre>
usermod -L root
</pre>
{{Note|The root login will be enabled back then you use <tt>vzctl set ''VEID'' --userpasswd root:''xxxx''</tt>.}}
=== Disable getty ===
Disable running <tt>getty</tt>s on terminals as a VE does not have any:
<pre>
sed -i -e '/getty/d' /etc/inittab
</pre>
=== Put sane permissions for <tt>/root</tt> directory ===
<pre>
chmod 700 /root
</pre>
=== Disable <tt>sync()</tt> for syslog ===
Turn off doing <tt>sync()</tt> on every write for <tt>syslog</tt>'s log files, to improve I/O performance:
<pre>
sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf
</pre>
=== Fix <tt>/etc/mtab</tt> ===
Link <tt>/etc/mtab</tt> to <tt>/proc/mounts</tt>, so <tt>df</tt> and stuff will work:
<pre>
rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab
</pre>
=== Remove some unneeded packages ===
<pre>
dpkg --purge modutils
dpkg --purge ppp pppoeconf pppoe pppconfig
</pre>
=== Disable services ===
Do not start some services, stick to bare minimum:
<pre>
update-rc.d -f klogd remove
update-rc.d -f quotarpc remove
update-rc.d -f exim4 remove
update-rc.d -f inetd remove
</pre>
=== Fix SSH host keys ===
SSH host keys should be created later, upon the first [[VE]] start:
<pre>
rm -f /etc/ssh/ssh_host_*
cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
#!/bin/bash
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
rm -f \$0
EOF
chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
</pre>
=== Clean packages ===
<pre>
apt-get clean
</pre>
Now everything is done. Exit from the VE by pressing Ctrl-D (or typing <tt>exit</tt>).
== Preparing for and packing template cache ==
We don't need an IP for the VE anymore, and we definitely do not need it in template cache, so remove it:
<pre>
vzctl set 777 --ipdel all --save
</pre>
Stop the VE:
<pre>
vzctl stop 777
</pre>
Go to the VE directory:
<pre>
cd /vz/private/777
</pre>
Now create a cached OS tarball.
For '''i386''':
<pre>
tar czf /vz/template/cache/debian-3.1-i386-minimal.tar.gz .
</pre>
For '''AMD64''':
<pre>
tar czf /vz/template/cache/debian-3.1-x86_64-minimal.tar.gz .
</pre>
Look at the resulting tarball to see its size is sane:
<pre>
# ls -lh /vz/template/cache/de*
-rw-r--r-- 1 root root 42M Nov 17 23:50
/vz/template/cache/debian-3.1-x86_64-minimal.tar.gz
</pre>
== Checking if template cache works ==
We can now create a VE based on the just-created template cache.
For '''x86_64''':
<pre>
vzctl create 1002 --ostemplate debian-3.1-x86_64-minimal
</pre>
For '''i386''':
<pre>
vzctl create 1002 --ostemplate debian-3.1-i386-minimal
</pre>
Now check that it works:
<pre>
vzctl start 1002
vzctl exec 1002 ps ax
</pre>
You should see that a few processes are running.
== Final cleanups ==
Let's stop and remove the VE we used to test a new cache:
<pre>
vzctl stop 1002
vzctl destroy 1002
</pre>
Finally, let's remove the VE we used for OS template cache creation:
<pre>
vzctl destroy 777
</pre>
[[Category: HOWTO]]
[[Category: Templates]]
== Prerequisites ==
I have used OpenVZ on a Gentoo Linux for this work, but any distribution is fine, as long as you can have a working <tt>debootstrap</tt> utility on it.
For Gentoo, run
<pre>emerge debootstrap</pre>
For other distros you might need to install it from sources, or google for an appropriate package for your distro. Some rpms are avaialable from [http://people.debian.org/~blade/install/debootstrap/].
== Bootstrapping Debian ==
All the commands below are executed from the root shell. We use VE ID of 777 for this example; surely it can be any other unused ID.
For Debian Sarge on an '''x86''' (a.k.a. '''i386''') architecture:
<pre>
debootstrap --arch i386 sarge /vz/private/777 http://ftp.freenet.de/debian
</pre>
For Debian Sarge on an '''x86_64''' (a.k.a. '''AMD64''') architecture (Sarge/amd64 is not official so we have to use another repository):
<pre>
debootstrap --arch amd64 sarge /vz/private/777 http://amd64.debian.net/debian
</pre>
== Preparing and starting the VE ==
=== Setting VE config ===
First, we need a config for the [[VE]]:
<pre>
vzctl set 777 --applyconfig vps.basic --save
</pre>
=== Setting VE OSTEMPLATE ===
Also, we need <tt>OSTEMPLATE</tt> to be set, for the [[vzctl]] to work properly.
For Gentoo host system:
<pre>echo "OSTEMPLATE=debian-3.1" >> /etc/vz/777.conf
</pre>
For other systems:
<pre>
echo "OSTEMPLATE=debian-3.1" >> /etc/sysconfig/vz-scripts/777.conf
</pre>
=== Setting VE IP address ===
For the [[VE]] to be able to download updates from network, we need a valid IP address for it:
<pre>
vzctl set 777 --ipadd x.x.x.x --save
</pre>
=== Setting Debian repositories ===
For '''x86_64''':
<pre>
cat << EOF > /vz/private/777/etc/apt/sources.list
deb http://amd64.debian.net/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
EOF
</pre>
For '''i386''':
<pre>
cat << EOF > /vz/private/777/etc/apt/sources.list
deb http://ftp.freenet.de/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
EOF
</pre>
=== Starting VE ===
Now start the VE:
<pre>
vzctl start 777
</pre>
== Customizing the installation ==
A few things needs to be done inside a newly created VE for it to become suitable for OpenVZ. All those things are done inside the VE, so first command is <tt>vzctl enter</tt>.
{{Note|Do not run these commands inside host system, they are only for VE!}}
<pre>
vzctl enter 777
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
</pre>
=== Convert the system to use shadow passwords ===
<pre>
pwconv
</pre>
=== Get new security updates ===
<pre>
apt-get update
apt-get upgrade
</pre>
=== Install some more packages ===
This could be an interactive process so the system would ask some questions. Here you can add more packages you like to be present, like <tt>less</tt>, <tt>vim</tt> etc.
<pre>
apt-get install ssh quota
</pre>
=== Disable root login===
<pre>
usermod -L root
</pre>
{{Note|The root login will be enabled back then you use <tt>vzctl set ''VEID'' --userpasswd root:''xxxx''</tt>.}}
=== Disable getty ===
Disable running <tt>getty</tt>s on terminals as a VE does not have any:
<pre>
sed -i -e '/getty/d' /etc/inittab
</pre>
=== Put sane permissions for <tt>/root</tt> directory ===
<pre>
chmod 700 /root
</pre>
=== Disable <tt>sync()</tt> for syslog ===
Turn off doing <tt>sync()</tt> on every write for <tt>syslog</tt>'s log files, to improve I/O performance:
<pre>
sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf
</pre>
=== Fix <tt>/etc/mtab</tt> ===
Link <tt>/etc/mtab</tt> to <tt>/proc/mounts</tt>, so <tt>df</tt> and stuff will work:
<pre>
rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab
</pre>
=== Remove some unneeded packages ===
<pre>
dpkg --purge modutils
dpkg --purge ppp pppoeconf pppoe pppconfig
</pre>
=== Disable services ===
Do not start some services, stick to bare minimum:
<pre>
update-rc.d -f klogd remove
update-rc.d -f quotarpc remove
update-rc.d -f exim4 remove
update-rc.d -f inetd remove
</pre>
=== Fix SSH host keys ===
SSH host keys should be created later, upon the first [[VE]] start:
<pre>
rm -f /etc/ssh/ssh_host_*
cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
#!/bin/bash
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
rm -f \$0
EOF
chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
</pre>
=== Clean packages ===
<pre>
apt-get clean
</pre>
Now everything is done. Exit from the VE by pressing Ctrl-D (or typing <tt>exit</tt>).
== Preparing for and packing template cache ==
We don't need an IP for the VE anymore, and we definitely do not need it in template cache, so remove it:
<pre>
vzctl set 777 --ipdel all --save
</pre>
Stop the VE:
<pre>
vzctl stop 777
</pre>
Go to the VE directory:
<pre>
cd /vz/private/777
</pre>
Now create a cached OS tarball.
For '''i386''':
<pre>
tar czf /vz/template/cache/debian-3.1-i386-minimal.tar.gz .
</pre>
For '''AMD64''':
<pre>
tar czf /vz/template/cache/debian-3.1-x86_64-minimal.tar.gz .
</pre>
Look at the resulting tarball to see its size is sane:
<pre>
# ls -lh /vz/template/cache/de*
-rw-r--r-- 1 root root 42M Nov 17 23:50
/vz/template/cache/debian-3.1-x86_64-minimal.tar.gz
</pre>
== Checking if template cache works ==
We can now create a VE based on the just-created template cache.
For '''x86_64''':
<pre>
vzctl create 1002 --ostemplate debian-3.1-x86_64-minimal
</pre>
For '''i386''':
<pre>
vzctl create 1002 --ostemplate debian-3.1-i386-minimal
</pre>
Now check that it works:
<pre>
vzctl start 1002
vzctl exec 1002 ps ax
</pre>
You should see that a few processes are running.
== Final cleanups ==
Let's stop and remove the VE we used to test a new cache:
<pre>
vzctl stop 1002
vzctl destroy 1002
</pre>
Finally, let's remove the VE we used for OS template cache creation:
<pre>
vzctl destroy 777
</pre>
[[Category: HOWTO]]
[[Category: Templates]]