Difference between revisions of "Installation on Debian 9"
Narcisgarcia (talk | contribs) (→Install packages: Patch VarLock directory creation) |
Narcisgarcia (talk | contribs) (→Download OS templates: ctcreate to ctctl) |
||
(One intermediate revision by the same user not shown) | |||
Line 109: | Line 109: | ||
* Optionally you can set containers completely stop when service stops at /etc/vz/vz.conf | * Optionally you can set containers completely stop when service stops at /etc/vz/vz.conf | ||
VE_STOP_MODE=stop | VE_STOP_MODE=stop | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
= '''Reboot into OpenVZ kernel''' = | = '''Reboot into OpenVZ kernel''' = | ||
Line 151: | Line 142: | ||
sudo vztmpl-dl --gpg-check debian-8.0-x86_64-minimal | sudo vztmpl-dl --gpg-check debian-8.0-x86_64-minimal | ||
− | + | Alternatives: | |
+ | * Download precreated template caches from [[Download/template/precreated|Download » Template » Precreated]] or from one of the [https://mirrors.openvz.org/ mirrors]. Put those tarballs '''as-is (no unpacking needed)''' to the <tt>/vz/template/cache/</tt> directory. | ||
+ | * '''[https://downloads.actiu.net/ctctl/ ctctl]''' helper to create Debian (or derivative) container without template (caches it as a local template). This tool manages unprivileged LXC containers too. | ||
= Next steps = | = Next steps = |
Latest revision as of 09:25, 28 January 2020
This is a guide to install OpenVZ 6 (legacy) on your Debian 9 "Stretch" (amd64 or i386) machine.
Note: The best and latest Debian version for OpenVZ 6 is Devuan 1.0, but Debian 9 makes really easy the coexistence of OVZ and unprivileged LXC containers. |
Contents
Volumes and file systems[edit]
It is recommended to use a separate partition for containers (by default /var/lib/vz) and format it to compatible ext4.
Ext4[edit]
Debian 9 installer (and tools by default) formats Ext4 with new features, and concrete "metadata_csum" is incompatible with OpenVZ6 kernel. Then it's necessary to boot without requiring the mount of volumes with "metadata_csum". Ordered alternatives:
- After a fresh Debian 9 install, remove metadata_csum feature from filesystems.
- Upgrade from Debian 8 to Debian 9 (metadata_csum not inherited)
- Root volume (/ and others) as Ext3 and deploy /var/lib/vz in a later created Ext4 volume, without metadata_csum.
- Use Ext3
How to remove metadata_csum from a mounted partition[edit]
If your host altready mounts r/w volumes on boot and you can't tune2fs+e2fsck because volumes are in use, this is the solution (example for /dev/sda1):
- First check if the partition is affected.
Volume=/dev/sda1 sudo dumpe2fs -h $Volume 2>/dev/null | grep -e metadata_csum
- If last command didn't return a line with metadata_csum, nothing to do. Otherwise, continue:
echo copy_exec /sbin/e2fsck | sudo tee -a /usr/share/initramfs-tools/hooks/fsck echo copy_exec /sbin/tune2fs | sudo tee -a /usr/share/initramfs-tools/hooks/fsck Script=/etc/initramfs-tools/scripts/local-premount/tune echo '#!/bin/sh' | sudo tee $Script echo 'if [ "$1" = "prereqs" ] ; then exit 0 ; fi' | sudo tee -a $Script echo e2fsck -f $Volume | sudo tee -a $Script echo tune2fs -O -metadata_csum $Volume | sudo tee -a $Script echo e2fsck -f $Volume | sudo tee -a $Script sudo chmod a+x $Script sudo update-initramfs -u -k all
- Reboot and check that metadata_csum disappeared:
sudo reboot (...) Volume=/dev/sda1 sudo dumpe2fs -h $Volume 2>/dev/null | grep -e metadata_csum
- Restore initrd behaviour
sudo rm /etc/initramfs-tools/scripts/local-premount/tune sudo apt --reinstall install initramfs-tools-core sudo update-initramfs -u -k all
This recipe is useful for any volume that can't be neither unmounted nor remounted readonly.
How to remove metadata_csum from a not mounted partition[edit]
This procedure can be applied when partition can be mounted readonly
- Example for /dev/sda9
sudo e2fsck -f /dev/sda9 sudo tune2fs -O -metadata_csum /dev/sda9 sudo e2fsck -f /dev/sda9
How to format a volume to be a compatible Ext4[edit]
- Example for /dev/sda9
sudo mkfs -t ext4 -O -metadata_csum /dev/sda9
btrfs[edit]
You might want btrfs to use per-directory (subvolume) quotas for other simfs/dir containers, such as LXC. Only vzquota doesn't work on a btrfs volume; for OVZ containers it's better to mount /var/lib/vz to an Ext4 volume.
Debian 9 installer (and tools by default) formats btrfs with modern features as: mixed-bg, extref, skinny-metadata, no-holes. All of these are incompatible with OpenVZ6 kernel. Then it's necessary to boot without requiring the mount of volumes with these attributes. Ordered alternatives:
- Pre-format compatible btrfs for a fresh Debian 9 install on root volume (/ and others) and deploy /var/lib/vz in a later created Ext4 volume. Debian 9 installer must not format btrfs but "keep existing data" as allowed in manual partitioning stage.
- Use compatible Ext4 volumes and deploy later the secondary btrfs partitions.
How to format a volume to be a compatible btrfs[edit]
- Example for /dev/sda1
sudo mkfs -t btrfs -O ^mixed-bg,^extref,^skinny-metadata,^no-holes /dev/sda1
You must not format btrfs with Debian installer because features cannot be disabled after.
Change Systemd to SystemV[edit]
Note: Warning! This operation can make some desktop software to stop working. |
sudo apt install sysvinit-core sysvinit-utils # Must boot with SystemV to release Systemd sudo reboot sudo apt --auto-remove remove systemd echo -e 'Package: *systemd*\nPin: release *\nPin-Priority: -1\n' | sudo tee /etc/apt/preferences.d/avoid-systemd
- More recipes at without-systemd.org
Register OVZ updated repository[edit]
RepoFile=/etc/apt/sources.list.d/openvz.list RepoUrl=http://download.openvz.org/debian echo "deb $RepoUrl jessie main" | sudo tee "$RepoFile" echo "deb $RepoUrl wheezy main" | sudo tee -a "$RepoFile" wget -qO - http://ftp.openvz.org/debian/archive.key | sudo apt-key add - sudo apt-get --allow-unauthenticated update
As of July 2017, release key at openvz.org site is invalid, and last command will complain:
W: GPG error: http://download.openvz.org/debian jessie Release: The following signatures were invalid: DA2458173935F9DE9B76BA7547B5DBAB0FCA9BAC W: The repository 'http://download.openvz.org/debian jessie Release' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. W: GPG error: http://download.openvz.org/debian wheezy Release: The following signatures were invalid: DA2458173935F9DE9B76BA7547B5DBAB0FCA9BAC W: The repository 'http://download.openvz.org/debian wheezy Release' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details.
You can continue.
Note: For more info about Debian repositories, see http://download.openvz.org/debian. |
Install packages[edit]
KPackage="linux-image-openvz-$(dpkg --print-architecture)" sudo apt --allow-unauthenticated --install-recommends install $KPackage vzdump ploop initramfs-tools dirmngr if [ ! -d /vz ] ; then sudo ln -s /var/lib/vz/ /vz ; fi
- Create file /etc/vz/vznet.conf with the following line:
EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"
- Optionally you can set containers completely stop when service stops at /etc/vz/vz.conf
VE_STOP_MODE=stop
Reboot into OpenVZ kernel[edit]
Note: At boot manager, in "Advanced options for Debian GNU/Linux", you will find kernels named "2.6.32-openvz". Select the first listed. |
sudo reboot
Check the OpenVZ processes are running:
sudo ps ax | grep -v 'grep' | grep 'vzmond'
Set OpenVZ as default to boot[edit]
Because of GRUB2 default criteria, default kernel to boot can still be the one from Debian's repository (non OVZ). Probably you don't want this behaviour; once you've booted fine into OpenVZ kernel, you can remove other unuseful kernels:
Packages="$(apt list --installed 'linux-image-*' 2>/dev/null | grep -e '^linux-image-' | grep -ve 'openvz' | cut -f 1 -d '/')" sudo apt --autoremove remove $Packages
Download OS templates[edit]
This step is optional, vzctl is able to download templates on demand.
An OS template is a GNU distribution for Linux, installed into a container and then packed into a gzipped tarball. Using such a cache, a new container can be created in a minute.
# Register official container templates: OpenvzKey="$(echo $(sudo gpg --batch --search-keys security@openvz.org 2>&1 | grep -ie ' key.*created' | sed -e 's|key|@|g' | cut -f 2 -d '@') | cut -f 1 -d ' ' | cut -f 1 -d ',')" sudo gpg --recv-keys $OpenvzKey sudo vztmpl-dl --gpg-check --list-remote
# Example: sudo vztmpl-dl --gpg-check debian-8.0-x86_64-minimal
Alternatives:
- Download precreated template caches from Download » Template » Precreated or from one of the mirrors. Put those tarballs as-is (no unpacking needed) to the /vz/template/cache/ directory.
- ctctl helper to create Debian (or derivative) container without template (caches it as a local template). This tool manages unprivileged LXC containers too.
Next steps[edit]
OpenVZ is now set up on your machine. Follow on to basic operations in OpenVZ environment document.
See also[edit]
- Installation on Debian 8 (oldstable) or Devuan 1.0 (Jessie, stable, SystemV)