Difference between revisions of "User:Dusty/Debian template creation"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
m
(Delete me, please.)
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
(this is just a working area to make sure I've got my facts straight)
 
  
These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ [[VE]]s based on Debian Etch (4.0).
 
 
'''Notes:'''
 
* You shouldn't be running as root, but as a user that is permitted to use sudo instead.  Even though it's a dangerous idea, run as root at your peril.
 
* Anywhere you see <tt>/vz</tt>, you might really need to use <tt>/var/lib/vz</tt> instead, especially on a Debian Etch host.
 
* Anywhere you see <tt>http://debian.osuosl.org/debian/</tt>, you can substitute your favorite Debian mirror.  ([http://www.debian.org/mirror/list List of official Debian Mirrors])
 
 
 
== Prerequisites ==
 
You need to have a working copy of <tt>debootstrap</tt> running on your hardware node.
 
 
For Debian:
 
sudo apt-get install debootstrap
 
 
For Gentoo:
 
sudo emerge debootstrap
 
 
For other distros you might need to install it from sources, or search for an appropriate package for your distribution.  An RPM is available on the [http://forum.openvz.org/index.php?t=tree&th=142&mid=584 OpenVZ Forum].
 
 
== Bootstrapping Debian ==
 
Change to a directory where you'll have about 200MB of usable space and the ability to run executables.  Depending on your configuration, <tt>/tmp</tt> might be set <tt>noexec</tt> which would mean you'd have to use some other location.  I'm going to use <tt>/vz/private</tt> for this.
 
 
cd /vz/private
 
 
Download Debian Etch to a directory called "etch-temp":
 
sudo debootstrap etch etch-temp http://debian.osuosl.org/debian/
 
 
''Or'' you can (but probably shouldn't need to) specify the architecture manually using one of these commands instead:
 
 
To specify i386/x86 architecture:
 
sudo debootstrap --arch i386 etch etch-temp http://debian.osuosl.org/debian/
 
 
For AMD64/x86_64, use <tt>amd64</tt> instead of <tt>i386</tt>.  For ia64, use <tt>ia64</tt>.
 
 
== Inside the template ==
 
The following actions are all performed inside the template.  To get inside, run this:
 
sudo chroot etch-temp
 
 
=== Set Debian repositories ===
 
cat <<EOF > /etc/apt/sources.list
 
deb http://debian.osuosl.org/debian/ etch main contrib
 
deb http://security.debian.org etch/updates main contrib
 
EOF
 
 
=== Update and upgrade packages ===
 
This will update the available packages list, upgrade installed packages with security updates, and install the new packages that are listed below.  Feel free to add your own.
 
apt-get update
 
apt-get upgrade
 
 
=== Install more packages ===
 
Installing packages could be an interactive process so the system might ask some questions.  You can install more packages if you'd like.  For example:
 
apt-get install ssh quota
 
 
=== Set sane permissions for <tt>/root</tt> directory ===
 
chmod 700 /root
 
 
=== Disable root login===
 
This will disable root login by default.
 
usermod -L root
 
 
=== Disable getty ===
 
Disable running <tt>getty</tt>s on terminals as a VE does not have any:
 
sed -i -e '/getty/d' /etc/inittab
 
 
=== Disable <tt>sync()</tt> for syslog ===
 
Turn off doing <tt>sync()</tt> on every write for <tt>syslog</tt>'s log files, to improve I/O performance:
 
sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf
 
 
=== Fix <tt>/etc/mtab</tt> ===
 
Link <tt>/etc/mtab</tt> to <tt>/proc/mounts</tt>, so <tt>df</tt> and friends will work:
 
rm -f /etc/mtab
 
ln -s /proc/mounts /etc/mtab
 
 
=== Remove some unneeded packages ===
 
If you have any packages you'd like to remove, now's the time for it.  Here's an example:
 
dpkg --purge fortune-mod fortunes-min
 
 
=== Disable services ===
 
If there are any services you'd like to disable, do that now.  Here's an example:
 
update-rc.d -f klogd remove
 
 
=== Fix SSH host keys ===
 
This is only useful if you installed SSH.  Each individual [[VE]] should have its own pair of SSH host keys.  The code below will wipe out the existing SSH keys and instruct the newly-created [[VE]] to create new SSH keys on first boot.
 
rm -f /etc/ssh/ssh_host_*
 
cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
 
#!/bin/bash
 
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
 
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
 
rm -f \$0
 
EOF
 
chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
 
 
=== Clean packages cache ===
 
After installing packages, you'll have some junk packages laying around in your cache.  Since you don't want your template to have those, this command will wipe them out.
 
apt-get clean
 
 
=== Get out of the template ===
 
Now everything is done.  Exit from the template and go back to the hardware node.
 
exit
 
 
== Preparing for and packing template cache ==
 
Now create a cached OS tarball.  In the command below, you'll want to replace <tt>i386</tt> with your architecture (i386, amd64, ia64, etc).
 
 
cd etch-temp
 
sudo tar -zcf /vz/template/cache/debian-4.0-i386-basic.tar.gz .
 
 
Check to make sure the filesize of the resulting tarball is sane:
 
# ls -lh /vz/template/cache
 
-rw-r--r--  1 root root  51M Apr 10 03:16 debian-4.0-i386-basic.tar.gz
 
 
== Dispose of the temporary template directory ==
 
You're done with the template directory.  Remove it.
 
sudo rm -Rf etch-temp
 
 
== Use your new template ==
 
We can now create a VE based on the just-created template cache.  Be sure to change <tt>i386</tt> to your architecture just like you did when you named the tarball above.
 
 
sudo vzctl create 12345 --ostemplate debian-4.0-i386-basic
 
 
Now make sure that it works:
 
sudo vzctl start 12345
 
sudo vzctl exec 12345 ps ax
 
 
You should see that a few processes are running as expected.
 
 
== Final cleanup ==
 
Stop and remove the test VE you just created:
 
sudo vzctl stop 12345
 
sudo vzctl destroy 12345
 

Latest revision as of 05:14, 10 April 2007