= Sarge-Dapper (OldStable) ={{Warning|The OpenVZ packages at http://debianmajority of the content on this page only applies to older, unsupported Debian versions and is archived on this page for historical reasons only.systs'''The page you need is [[Installation on Debian]].org/ aimed to install OpenVZ in a easy way, some tasks are even completed during the install process!'''}}
== edit apt source settings ==Add to your "/etc/apt/sourcesOpenVZ consists of a kernel, user-level tools, and container templates.list"
<pre>This guide tells how to install the kernel and the tools on [http://www.debian.org Debian] Etch or Lenny/Squeeze. deb For Squeeze, use the Lenny directions. For Wheezy (7.0), use the vzctl package included in wheezy, together with the Wheezy OpenVZ kernels from [http://download.openvz.org/debian/ http://download.systsopenvz.org/debian sarge openvz</pre>]. Alternatively reduced functionality may be possible using the stock Debian Wheezy kernel (based on kernel.org version 3.2) and [[Vzctl_for_upstream_kernel]].
and get You may also wish to check the new package listsinformation on [http://wiki.debian.org/OpenVz the Debian wiki].
<pre># apt-get update</pre>For Etch users, this document explains how to partially upgrade to Debian Lenny and install from lenny repositories ('''use this options at your risk''').
== precompiled kernel images at debian.systs.org (dso) Requirements ==The kernel-images on debian.systs.org (dso) use the same kernel-config taken from OpenVZ.(most kernel-modules are built-in!)
If there is more than one CPU available === Filesystems ===It's recommended that you use a separate partition for container privatedirectories (or a CPU with hyperthreadingby default <code>/var/lib/vz/private/<CTID></code>), . The reason for this is that if you wish to use the kernelOpenVZ per-smp deb.If there is more than 4 Gb of RAM availablecontainer disk quota, you won't be able to use usual Linux disk quotas on the kernelsame partition. Bear in mind that "per-enterprise deb.Otherwisecontainer quota" in this context includes not only pure per-container quota but also the usual Linux disk quota used in container, use not on the plain kernel deb (kernel)[[HN]].
{| class="wikitable"|+'''Kernel flavors list'''! Kernel type !! Description !! Hardware !! Use case|-! -| uniprocessor| up At the very least try to 4GB avoid using the root partition for containers, because the root user of RAM||-! -smp| symmetric multiprocessor| up a container will be able to 4 GB of RAM| 10-20 VPSs|-! -entnosplit| SMP + PAE support| up to 64 GB of RAM| 10-30 VPSs|-! -enterprise| SMP + PAE support + 4/4GB split| up to 64 GB of RAM| >20-30 VPSs|}overcome the 5% disk space barrier in some situations. If the HN root partition is completely filled, it will break the system.
kernelOpenVZ per-image: i368 and amd64<pre> ovzkernel-2.6.9 ovzkernelcontainer disk quota is supported only for ext2/ext3 filesystems; therefore it makes sense to use one of these filesystems (ext3 is recommended) if you need per-2container disk quota.6.9-smp</pre>
kernel-image: i386 === Repository setup (Etch only:<pre> ovzkernel-2.6.9-enterprise ovzkernel-2.6.9-entnosplit</pre>) ===
OpenVZ tool(s) for i386 '''If you are using Debian Lenny, this step in no longer required. Openvz kernel packages and amd64<pre> vzctl vzquota vzprocps vzdump</pre>tools are available on main repository.'''
template(s) for i368 and amd64 : Debian 3==== 1.1 Minimal<pre> vzctl-ostmpl-debian</pre>Using openvz.org repositories ====
== installing At the kernel-images, toolset and debian-os-template ==Examplemoment two different repositories are online at http://download.openvz.org: install the stable OpenVZ kernel, tools and Debian OS Template
# aptitude install ovzkernel; by Ola Lundqvist <opal@debian.org>: (OpenVZ kernels only): apt-2uri http://download.6openvz.9 vzctl vzquota vzdump vzctl-ostmpl-org/debian
; by Thorsten Schifferdecker <tsd@debian.systs.org>
: apt-uri http://download.openvz.org/debian-systs
: (Mirror of OpenVZ Repository from http://debian.systs.org/)
If you are using GRUB, maybe you need to update {{Note|The next steps use the repository at http:/boot/grubdownload.openvz.org/menu.lst file(can be configured at debian-systs; the actual OpenVZ Tools for Debian exist only as unstable builds, see http:/etc/kernel-imgpackages.debian.conf):org/vzctl}}
# {{Note|By default, on Ubuntu systems root tasks are executed with [https:/sbin/grub-update help.ubuntu.com/community/RootSudo sudo]}}
This can be done via the following commands, as root or as privileged "sudo" user
<pre>
# echo -e "\ndeb http://download.openvz.org/debian-systs etch openvz" >> /etc/apt/sources.list
# wget -q http://download.openvz.org/debian-systs/dso_archiv_signing_key.asc -O- | apt-key add - && apt-get update
</pre>
Reboot in your new ==== 2. Using Debian Sarge OpenVZ Systemrepositories (upgrade to lenny) ====
# rebootThere is even a '''lenny''' repository with kernel 2.6.28. '''Use it at your own risk!'''
Add lenny repositories to your '''/etc/apt/sources.list'''
<pre>
deb http://DEBIAN-MIRROR/debian/ testing main
deb http://DEBIAN-MIRROR/debian-security/ testing/updates main
</pre>
ThatEnlarge apt-cache adding to '''/etc/apt/apt.conf'''s all this line:<pre>APT::Cache-)Limit "100000000";</pre>
Now itGive etch package priority over lenny packages. Edit 's time to setup your VEs with the minimal Debian-3.1 Template, create new one or download another precreated OS''/etc/apt/preferences''' and set like this:<pre>Package: *Pin: release a=etchPin-Template.Priority: 700
Package: *Pin: release a= Etch (Stable) =lennyPin-Priority: 650OpenVZ is now a part of Debian Etch repository. The packages are 'vzctl' and 'vzquota'.</pre>
== install the kernelThen '''apt-image ==get update && apt-get dist-upgrade''' to upgrade to lenny.
=== precompiled kernel images at download.openvz.org =Kernel installation ==
A Debian OpenVZ kernel repository is online, for direct access http://download.openvz.org/kernel/debian/etch/=== Wheezy and Lenny ===
{{Note|The best kernel to use is [[Download/kernel/rhel6|RHEL6-based]]. Please see [[Install_kernel_from_RPM_on_Debian_6.0]]}}
add to your "/etc/apt/sources.list"<pre> deb http://download.openvz.org/debian etch main</pre>=== Etch ===
Update package lists<pre> # apt-get update</pre>==== 1. Using openvz kernel repositories ====
List downloadable {{Note|In case you want to recompile the OpenVZ linux-images<pre> # apt-cache search linux-image-2.6kernel yourself on Debian, see [[Compiling the OpenVZ kernel (the Debian way)]].18-openvz</pre>}}
Install a First, you need to choose what kernel<pre> # apt-get you want to install <linux-image></pre>.
{| class=== precompiled "wikitable"|+'''OpenVZ Kernel list built with kernel images at debianconfig from http://download.systsopenvz.org ==='''! Kernel !! Description !! Hardware !! Debian Architecture|-! ovzkernel-2.6.18| uniprocessor| up to 4GB of RAM| i386 and amd64|-! ovzkernel-2.6.18-smp| symmetric multiprocessor| up to 4 GB of RAM| i386 and amd64|-! ovzkernel-2.6.18-enterprise| SMP + PAE support + 4/4GB split| up to 64 GB of RAM| i386 only|}
Add {| class="wikitable"|+'''OpenVZ Kernel list built with official Debian kernel config and OpenVZ Settings'''! Kernel !! Description !! Hardware !! Debian Architecture|-! fzakernel-2.6.18-686| uni- and multiprocessor| up to 4GB of RAM| i386|-! fzakernel-2.6.18-686-bigmem| symmetric multiprocessor| up to your "/etc/apt/sources64 GB of RAM| i386|-! fzakernel-2.6.list"18-amd64| uni- and multiprocessor| | amd64|-|}
<pre>
deb http://debian.systs.org/ etch openvz# apt-get install <kernel>
</pre>
Add ===== Configuring the signing key of debian.systs.org (dso) apt-keyring, (need root permissions)<pre> # wget http://debian.systs.org/dso_archiv_signing_key.asc -q -O - | apt-key add -</pre>bootloader =====
and get In case GRUB is used as the new package listsboot loader, it will be configured automatically, or execute update-grub; lines similar to these will be added to the <tt>/boot/grub/menu.lst</tt> file:
<pre>
# apt[...] title Debian GNU/Linux, kernel 2.6.18-get updateovz-028stab051.1-686 root (hd0,1) kernel /vmlinuz-2.6.18-ovz-028stab051.1-686 root=/dev/sda5 ro vga=791 initrd /initrd.img-2.6.18-ovz-028stab051.1-686 savedefault[...]
</pre>
Choose {{Note|per default on debian/ubuntu, a linux image (version 028stab039.1) :<pre> ovzkernel-2.6.18 (i386 and amd64) ovzkernel-22 kernel will boot before a 2.6.18, please check manually the grub boot order. See man update-smp (i386 and amd64)grub for more details}} ovzkernel===== Installing the user-2.6.18-enterprise only (i386)</pre>level tools =====
# aptOpenVZ needs some user-get install <linux-image>level tools installed. Those are:
=== or build your own kernel-image ; vzctl: A utility to control OpenVZ containers (debian waycreate, destroy, start, stop, set parameters etc.) ===; vzquota: A utility to manage quotas for containers. Mostly used indirectly (by vzctl).
To install the kernel-source and the OpenVZ kernel patch, run:
<pre>
# [sudo] apt-get install kernel-package linux-source-2.6.18 kernel-patch-openvz libncurses5-devvzctl vzquota
</pre>
==== 2 Using Debian lenny repositories ====
Unpack the If you upgrade to lenny, you can search openvz kernel sourceand can install with:<pre>apt-get install linux-image-openvz-686</pre>this command will install latest kernel and all required packages like:
<pre>
# cd /usr/src # tar xjf apt-get install iproute libatm1 linux-sourceimage-2.6.18.tar.bz2 # cd 26-1-openvz-686 linux-sourceimage-openvz-2.6.18686 rsync vzctl vzquota libcgroup-dev
</pre>
and will arrange grub bootloader properly.
=== Rebooting into OpenVZ kernel ===
{{Warning|Before you restart your Server, verify that your system has all needed modules enabled in order to boot your harddisk (e.g. hardware modules, raid system(s), lvm2 etc). You may need a an INITRD (initramdisk) or to compile needed kernel configmodules statically.}}You can use Now reboot the machine and choose the config of OpenVZ Linux Kernel on the debian-kernel:<pre> # cp /boot/config-2loader menu.6.18-5If the OpenVZ kernel has been booted successfully, proceed to installing the user-686 level tools for OpenVZ.config</pre>
=== Confirm proper installation ===
<b>Or</b> get a 21.6.18 kernel config from httpKernel://download.openvz.org/kernel/devel/current/configs/
<pre>
# wget http://download.openvz.org/kernel/devel/current/configs/kerneluname -r 2.6.1826-028test0101-i686.config.ovz openvz-O .config686 #
</pre>
<b>Or</b> get a 2.6.18 Openvz kernel config from httpfacility://download.openvz.org/kernel/branches/2.6.18/current/configs/ (2007/11/09)
<pre>
# wget httpps ax | grep vz 2349 ? S 0://download.openvz.org/kernel/branches/2.6.18/current/configs/kernel-2.6.18-i686.config.ovz -O .config00 [vzmond]
</pre>
Now you can apply the openvz kernel patch and modify your kernel-config3. A network interface for containers:
<pre>
# ../kernelifconfig venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-patches/all/apply/openvz00 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) # make menuconfigTX bytes:0 (0.0 B)
</pre>
== Configuring ==
You need the following OpenVZ kernel config settings:<pre>(taken from OpenVZ Kernel 2.6.18-028test010.1 on 686)=== sysctl ===
Filesystem\_ [*] Second extended fs support (CONFIG_EXT2_FS)\_ [*] Ext3 journalling There are a number of kernel parameters that should be set for OpenVZ to work correctly. These parameters are stored in <tt>/etc/sysctl.conf</tt> file. Here is the relevant part of the file system support (CONFIG_EXT3_FS)\_ [M] Quota Support (CONFIG_QUOTA) \_ [*] Compatibility with older quotactl interface (CONFIG_QUOTA_COMPAT) \_ [*]Quota format v2 support (CONFIG_QFMT_V2)\_ [*] VPS filesystem (CONFIG_SIM_FS)\_ [M] Virtuozzo Disk Quota support (CONFIG_VZ_QUOTA) \-> [*] Per-user and per-group quota in Virtuozzo quota partitions (VZ_QUOTA_UGID); please edit it accordingly.
Security \{{Note|vzctl version from debian-systs, automatically inserts these options at the last of <tt>[ ] Enable different security models/etc/sysctl.conf</tt>, except for net.ipv4.ip_forward}}
OpenVZ ... (what else :-)\_[*] Virtual Environment support (CONFIG_VE) \_ <M> VE calls interface (CONFIG_VE_CALLS) \_ <Mpre> VE networking (CONFIG_VE_NETDEV) \_ <M> Virtual ethernet device (CONFIG_VE_ETHDEV) \_ <M> VE device (CONFIG_VZ_DEV) \_ [*] VE netfiltering (CONFIG_VE_IPTABLES) \_ <M> VE watchdog module (CONFIG_VZ_WDOG) \_ <M> Checkpointing & restoring Virtual Environments (CONFIG_VZ_CHECKPOINT) User resources ... (User Beancounters)\_ [*] Enable user resource accounting (CONFIG_USER_RESOURCE)\_ [*] Account physical memory usage ( CONFIG_USER_RSS_ACCOUNTING)\_ [*] Account disk IO (CONFIG_UBC_IO_ACCT)\_ [*] Account swap usage (CONFIG_USER_SWAP_ACCOUNTING)\_ [*] Report resource usage in /proc (CONFIG_USER_RESOURCE_PROC)\_ [*] User resources debug features (CONFIG_UBC_DEBUG)\_ [*] Debug kmemsize with cache counters (CONFIG_UBC_DEBUG_KMEM)</pre>
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
INFO: Better to build the kernel-headers as well, so afterward other kernel-modules can net.ipv4.conf.default.forwarding=1be built without whole kernel tree (enet.gipv4. drbd -> drbd0conf.7-module-source)default.proxy_arp=0See also : "make-kpkg --targets"net.ipv4.ip_forward=1
# Enables source route verification
net.ipv4.conf.all.rp_filter=1
Compile your Kernel (as user root, or you need # Enables the magic--rootcmd!)<pre>sysrq key # make-kpkg --append_to_versionkernel.sysrq=-1-openvz --added_patches=openvz --revision=1 --initrd binary-arch or all above with one step
# make-kpkg --append_to_versionTCP Explict Congestion Notification#net.ipv4.tcp_ecn=-1-openvz --added_patches=openvz --revision=1 --initrd --config menuconfig binary-arch</pre>0
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects=1
net.ipv4.conf.all.send_redirects=0
Install the kernel and update initramfs:<pre> # dpkg -i [../linux-image-2.6.18-1-openvz_1_i386.deb # update-initramfs -c -k 2.6.18-1-openvz]
</pre>
<pre> INFO: update # [sudo] sysctl -initramfs is done, when make-kpkg is use with --initrd option INFO: update-grub can be configured by /etc/kernel-img.conf</pre>p
Update the bootloader {{Note|You can make a symlink from /var/lib/vz to /vz as backwardcompatibility to OpenVZ as installed in other distributions(when not done above)Debian vz root directory is /var/lib/vz to be FHS-compliant.}}
GRUB : # [sudo] ln -s /var/lib/vz /vz
# /usr/sbin/update-grub=== OS templates ===
INFO: since the Debian ETCH-release the location {{Note|Support of update-grub OS templates on 64 bit hosts is moved from /sbin/updatesomewhat limited for the time being, so that not all tools or features are available -grub please see [[Making template tools to /usr/sbin/updatework on x86_64]] and [[Install OpenVZ on a x86 64 system Centos-grub !Fedora]] for additional details and information on possible workarounds}}
== Install the toolset ==To install a container, you need OS template(s).
You need the toolset for managing OpenVZ Virtual Environments (VE)Precreated templates can be found [http://wiki.openvz.org/Download/template/precreated here] and [http://download.openvz.org/contrib/template/precreated/ here].
<pre>You can create your own templates, see # apt-get install vzctl vzquota vzdump vzctl-ostmpl-debian</pre>[[Debian template creation]], [[Ubuntu Gutsy template creation]] and [[:Category: Templates]].
= modify needed settings ={{Note|Setup your prefered standard OS Template : edit the /etc/vz/vz.conf}}
If you want network access for the virtual server then you need to enable IP forwarding # [sudo] apt-get install vzctl-ostmpl-debian-5.0-i386-minimal
An old (before Etch) Debian Way: set "ip_forward" to yes in /etc/network/option.== Additional User Tools ==
# editor /etc/network/options; vzprocps: A set of utilities to provide system information (vzps and vztop)
The new (from Etch) standard way is ; [[vzdump]]: A utility to use sysctl for this (see below)backup and restore container.
# [sudo] apt-get install vzprocps vzdump
In some cases you may need to enable proxy_arp for the network devices that you want your virtual hosts to be accessible on.
You can add this to a specific interface in the network configuration (/etc/network/interfaces) by the following lines, replace %DEV% with your device name (ie. eth0).
Example:On Debian squeeze, vzdump seems packaged in standard aptline. For lenny, See [[Backup_of_a_running_container_with_vzdump]]
<pre>
[...]
# device: %DEV%
iface %DEV% inet static
address 192.168.0.2
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
up sysctl -w net.ipv4.conf.%DEV%.proxy_arp=100 pre-down sysctl -w net.ipv4.conf.%DEV%.proxy_arp=0[...]</pre>Secure it ==
If you want to secure your container with individual firewall rules (instead or use additionally to securing the /etc/network/if-up/ and /etc/network/if-downhost node) then you must run iptables inside the container.d/ directoriesThis works slightly different than on a physical server. So make sure that you check that iptables rules are indeed applied as expected inside the container.
<pre> INFO: # man 5 interfaces (to read more about debian's network interface configuration for ifup and ifdown) INFO: It is recommanded to add Iptables modules required by the magic-sysrq key, to your /etc/sysctlcontainer must be specified in the general vz.conf file or the vzXXX.conf</pre>file of the container.
a (plain) OpenVZ Linux Way:Add the following line into vz.conf to activate the respective iptables modules for all containers.
Add settings to IPTABLES="/etc/sysctl.confip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS"
<pre> # On Hardware Node we generally need # packet forwarding enabled and proxy arp disabled net[[http://wiki.ipv4debian.ip_forward = 1 netorg/DebianFirewall][Configure]] your iptable rules inside the container.ipv4.conf.default.proxy_arp = 0
# Enables source route verification net.ipv4.conf.all.rp_filter = 1{{Warning|Note that iptables rules inside the container are not applied automatically as on a physical server by starting the iptables module! Follow the instructions below}}
# Enables To make sure the magic-sysrq key kernel.sysrq = 1iptables rules are applied on a startup/reboot we'll create a new file:
# TCP Explict Congestion Notification # netnano /etc/network/if-pre-up.ipv4.tcp_ecn = 0d/iptables
# we do not want all our interfaces Add these lines to send redirects net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.send_redirects = 0 </pre>it:
#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules
<pre> INFOThe file needs to be executable so change the permissions: Suggestion: Please make a symlink from /var/lib/vz to /vz as backward compability to Main OpenVZ (Debian vz root directory is installed FHS-like to /var/lib/vz)
# ln -s chmod +x /varetc/libnetwork/vz if-pre-up.d/vz</pre>iptables
Start iptables
'''Before you restart your Server, keep in mind, that your system has all needed modules enabled; booting from your harddisk (e.g. hardware modules, raid system(s), lvm2 /etc). May you need a INITRD (initramdisk) or compile needed kernel modules statically in/init.'''d/iptables start
If the startup shows errors then you have probably not activated the needed iptables modules. See above.
# rebootCheck inside the container that your iptables rules are indeed applied:
iptables -L
If the rules do not show up as you would expect on a physical server then you might not have activated the needed iptables modules.
That's all== Start it!==
Now it's time to create a OS Template or download another precreated OS-Template # [sudo] /etc/init.d/vz start
This does not make the vz system automatically start at boot time. For automatic start:
INFO: Suggestions: Setup your default OS Template in /etc/# [sudo] update-rc.d vz/vz.confdefaults 98
== Use it! ==
After installing the OpenVZ kernel, user tools and a minimal OS template
to create a first container and do some [[basic operations in OpenVZ environment]]. Read the [[download:doc/OpenVZ-Users-Guide.pdf]], browse this wiki.
[[Category: HOWTO]]
[[Category: Debian]]
[[Category: Installation]]