Difference between revisions of "Installation on Debian 9"
| Narcisgarcia (talk | contribs)  (→Install packages:  Patch VarLock directory creation) | Narcisgarcia (talk | contribs)   (→Install packages:  VarLock: it only was a Devuan issue) | ||
| Line 109: | Line 109: | ||
| * Optionally you can set containers completely stop when service stops at /etc/vz/vz.conf | * Optionally you can set containers completely stop when service stops at /etc/vz/vz.conf | ||
|   VE_STOP_MODE=stop |   VE_STOP_MODE=stop | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| = '''Reboot into OpenVZ kernel''' = | = '''Reboot into OpenVZ kernel''' = | ||
Revision as of 11:22, 7 October 2017
This is a guide to install OpenVZ 6 (legacy) on your Debian 9 "Stretch" (amd64 or i386) machine.
|   | Note: The best and latest Debian version for OpenVZ 6 is Devuan 1.0, but Debian 9 makes really easy the coexistence of OVZ and unprivileged LXC containers. | 
Contents
Volumes and file systems
It is recommended to use a separate partition for containers (by default /var/lib/vz) and format it to compatible ext4.
Ext4
Debian 9 installer (and tools by default) formats Ext4 with new features, and concrete "metadata_csum" is incompatible with OpenVZ6 kernel. Then it's necessary to boot without requiring the mount of volumes with "metadata_csum". Ordered alternatives:
- After a fresh Debian 9 install, remove metadata_csum feature from filesystems.
- Upgrade from Debian 8 to Debian 9 (metadata_csum not inherited)
- Root volume (/ and others) as Ext3 and deploy /var/lib/vz in a later created Ext4 volume, without metadata_csum.
- Use Ext3
How to remove metadata_csum from a mounted partition
If your host altready mounts r/w volumes on boot and you can't tune2fs+e2fsck because volumes are in use, this is the solution (example for /dev/sda1):
- First check if the partition is affected.
Volume=/dev/sda1 sudo dumpe2fs -h $Volume 2>/dev/null | grep -e metadata_csum
- If last command didn't return a line with metadata_csum, nothing to do. Otherwise, continue:
echo copy_exec /sbin/e2fsck | sudo tee -a /usr/share/initramfs-tools/hooks/fsck echo copy_exec /sbin/tune2fs | sudo tee -a /usr/share/initramfs-tools/hooks/fsck Script=/etc/initramfs-tools/scripts/local-premount/tune echo '#!/bin/sh' | sudo tee $Script echo 'if [ "$1" = "prereqs" ] ; then exit 0 ; fi' | sudo tee -a $Script echo e2fsck -f $Volume | sudo tee -a $Script echo tune2fs -O -metadata_csum $Volume | sudo tee -a $Script echo e2fsck -f $Volume | sudo tee -a $Script sudo chmod a+x $Script sudo update-initramfs -u -k all
- Reboot and check that metadata_csum disappeared:
sudo reboot (...) Volume=/dev/sda1 sudo dumpe2fs -h $Volume 2>/dev/null | grep -e metadata_csum
- Restore initrd behaviour
sudo rm /etc/initramfs-tools/scripts/local-premount/tune sudo apt --reinstall install initramfs-tools-core sudo update-initramfs -u -k all
This recipe is useful for any volume that can't be neither unmounted nor remounted readonly.
How to remove metadata_csum from a not mounted partition
This procedure can be applied when partition can be mounted readonly
- Example for /dev/sda9
sudo e2fsck -f /dev/sda9 sudo tune2fs -O -metadata_csum /dev/sda9 sudo e2fsck -f /dev/sda9
How to format a volume to be a compatible Ext4
- Example for /dev/sda9
sudo mkfs -t ext4 -O -metadata_csum /dev/sda9
btrfs
You might want btrfs to use per-directory (subvolume) quotas for other simfs/dir containers, such as LXC. Only vzquota doesn't work on a btrfs volume; for OVZ containers it's better to mount /var/lib/vz to an Ext4 volume.
Debian 9 installer (and tools by default) formats btrfs with modern features as: mixed-bg, extref, skinny-metadata, no-holes. All of these are incompatible with OpenVZ6 kernel. Then it's necessary to boot without requiring the mount of volumes with these attributes. Ordered alternatives:
- Pre-format compatible btrfs for a fresh Debian 9 install on root volume (/ and others) and deploy /var/lib/vz in a later created Ext4 volume. Debian 9 installer must not format btrfs but "keep existing data" as allowed in manual partitioning stage.
- Use compatible Ext4 volumes and deploy later the secondary btrfs partitions.
How to format a volume to be a compatible btrfs
- Example for /dev/sda1
sudo mkfs -t btrfs -O ^mixed-bg,^extref,^skinny-metadata,^no-holes /dev/sda1
You must not format btrfs with Debian installer because features cannot be disabled after.
Change Systemd to SystemV
|   | Note: Warning! This operation can make some desktop software to stop working. | 
sudo apt install sysvinit-core sysvinit-utils # Must boot with SystemV to release Systemd sudo reboot sudo apt --auto-remove remove systemd echo -e 'Package: *systemd*\nPin: release *\nPin-Priority: -1\n' | sudo tee /etc/apt/preferences.d/avoid-systemd
- More recipes at without-systemd.org
Register OVZ updated repository
RepoFile=/etc/apt/sources.list.d/openvz.list RepoUrl=http://download.openvz.org/debian echo "deb $RepoUrl jessie main" | sudo tee "$RepoFile" echo "deb $RepoUrl wheezy main" | sudo tee -a "$RepoFile" wget -qO - http://ftp.openvz.org/debian/archive.key | sudo apt-key add - sudo apt-get --allow-unauthenticated update
As of July 2017, release key at openvz.org site is invalid, and last command will complain:
W: GPG error: http://download.openvz.org/debian jessie Release: The following signatures were invalid: DA2458173935F9DE9B76BA7547B5DBAB0FCA9BAC W: The repository 'http://download.openvz.org/debian jessie Release' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. W: GPG error: http://download.openvz.org/debian wheezy Release: The following signatures were invalid: DA2458173935F9DE9B76BA7547B5DBAB0FCA9BAC W: The repository 'http://download.openvz.org/debian wheezy Release' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details.
You can continue.
|   | Note: For more info about Debian repositories, see http://download.openvz.org/debian. | 
Install packages
KPackage="linux-image-openvz-$(dpkg --print-architecture)" sudo apt --allow-unauthenticated --install-recommends install $KPackage vzdump ploop initramfs-tools dirmngr if [ ! -d /vz ] ; then sudo ln -s /var/lib/vz/ /vz ; fi
- Create file /etc/vz/vznet.conf with the following line:
EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"
- Optionally you can set containers completely stop when service stops at /etc/vz/vz.conf
VE_STOP_MODE=stop
Reboot into OpenVZ kernel
|   | Note: At boot manager, in "Advanced options for Debian GNU/Linux", you will find kernels named "2.6.32-openvz". Select the first listed. | 
sudo reboot
Check the OpenVZ processes are running:
sudo ps ax | grep -v 'grep' | grep 'vzmond'
Set OpenVZ as default to boot
Because of GRUB2 default criteria, default kernel to boot can still be the one from Debian's repository (non OVZ). Probably you don't want this behaviour; once you've booted fine into OpenVZ kernel, you can remove other unuseful kernels:
Packages="$(apt list --installed 'linux-image-*' 2>/dev/null | grep -e '^linux-image-' | grep -ve 'openvz' | cut -f 1 -d '/')" sudo apt --autoremove remove $Packages
Download OS templates
This step is optional, vzctl is able to download templates on demand.
An OS template is a GNU distribution for Linux, installed into a container and then packed into a gzipped tarball. Using such a cache, a new container can be created in a minute.
# Register official container templates: OpenvzKey="$(echo $(sudo gpg --batch --search-keys security@openvz.org 2>&1 | grep -ie ' key.*created' | sed -e 's|key|@|g' | cut -f 2 -d '@') | cut -f 1 -d ' ' | cut -f 1 -d ',')" sudo gpg --recv-keys $OpenvzKey sudo vztmpl-dl --gpg-check --list-remote
# Example: sudo vztmpl-dl --gpg-check debian-8.0-x86_64-minimal
Alternatively, you can also download precreated template caches from Download » Template » Precreated, or from one of the mirrors. Put those tarballs as-is (no unpacking needed) to the /vz/template/cache/ directory.
Next steps
OpenVZ is now set up on your machine. Follow on to basic operations in OpenVZ environment document.
See also
- Installation on Debian 8 (oldstable) or Devuan 1.0 (Jessie, stable, SystemV)
