|
|
(7 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
− | (this is just a working area to make sure I've got my facts straight)
| |
| | | |
− | These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ [[VE]]s based on Debian Etch (4.0).
| |
− |
| |
− | '''Notes:'''
| |
− | * You shouldn't be running as root, but as a user that is permitted to use sudo instead. Even though it's a dangerous idea, run as root at your peril.
| |
− | * Anywhere you see <tt>/vz</tt>, you might really need to use <tt>/var/lib/vz</tt> instead, especially on a Debian Etch host.
| |
− | * Anywhere you see <tt>http://debian.oregonstate.edu/debian/</tt>, you can substitute your favorite Debian mirror. ([http://www.debian.org/mirror/list List of official Debian Mirrors])
| |
− |
| |
− | == Prerequisites ==
| |
− | You need to have a working copy of <tt>debootstrap</tt> running on your hardware node.
| |
− |
| |
− | For Debian:
| |
− | sudo apt-get install debootstrap
| |
− |
| |
− | For Gentoo:
| |
− | sudo emerge debootstrap
| |
− |
| |
− | For other distros you might need to install it from sources, or search for an appropriate package for your distribution. An RPM is available from [http://forum.openvz.org/index.php?t=tree&th=142&mid=584].
| |
− |
| |
− | == Bootstrapping Debian ==
| |
− | Change to a directory where you'll have about 200MB of usable space and the ability to run executables. Depending on your configuration, <tt>/tmp</tt> might be set <tt>noexec</tt> which would mean you'd have to use some other location. I'm going to use <tt>/vz/private</tt> for this.
| |
− |
| |
− | chdir /vz/private
| |
− |
| |
− | Download Debian Etch to a directory called "etch-temp":
| |
− | sudo debootstrap etch etch-temp http://debian.oregonstate.edu/debian/
| |
− |
| |
− | ''Or'' you can (but probably shouldn't need to) specify the architecture manually using one of these commands instead:
| |
− |
| |
− | To specify i386/x86 architecture:
| |
− | sudo debootstrap --arch i386 etch etch-temp http://debian.oregonstate.edu/debian/
| |
− |
| |
− | For AMD64/x86_64, use <tt>amd64</tt> instead of <tt>i386</tt>. For ia64, use <tt>ia64</tt>.
| |
− |
| |
− | == Inside the template ==
| |
− | The following actions are all performed inside the template. To get inside, run this:
| |
− | sudo chroot etch-temp
| |
− |
| |
− | === Set Debian repositories ===
| |
− | cat <<EOF > /etc/apt/sources.list
| |
− | deb http://debian.oregonstate.edu/debian etch main contrib
| |
− | deb http://security.debian.org etch/updates main contrib
| |
− | EOF
| |
− |
| |
− | === Update and upgrade packages ===
| |
− | This will update the available packages list, upgrade installed packages with security updates, and install the new packages that are listed below. Feel free to add your own.
| |
− | apt-get update
| |
− | apt-get upgrade
| |
− |
| |
− | === Install more packages ===
| |
− | Installing packages could be an interactive process so the system might ask some questions. You can install more packages if you'd like. For example:
| |
− | apt-get install ssh quota
| |
− |
| |
− | === Put sane permissions for <tt>/root</tt> directory ===
| |
− | chmod 700 /root
| |
− |
| |
− | === Disable root login===
| |
− | This will disable root login by default.
| |
− | usermod -L root
| |
− |
| |
− | === Disable getty ===
| |
− | Disable running <tt>getty</tt>s on terminals as a VE does not have any:
| |
− | sed -i -e '/getty/d' /etc/inittab
| |
− |
| |
− | === Disable <tt>sync()</tt> for syslog ===
| |
− | Turn off doing <tt>sync()</tt> on every write for <tt>syslog</tt>'s log files, to improve I/O performance:
| |
− | sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf
| |
− |
| |
− | === Fix <tt>/etc/mtab</tt> ===
| |
− | Link <tt>/etc/mtab</tt> to <tt>/proc/mounts</tt>, so <tt>df</tt> and friends will work:
| |
− | rm -f /etc/mtab
| |
− | ln -s /proc/mounts /etc/mtab
| |
− |
| |
− | === Remove some unneeded packages ===
| |
− | If you have any packages you'd like to remove, now's the time for it. Here's an example:
| |
− | dpkg --purge fortune-mod fortunes-min
| |
− |
| |
− | === Disable services ===
| |
− | If there are any services you'd like to disable, do that now. Here's an example:
| |
− | update-rc.d -f klogd remove
| |
− |
| |
− | === Fix SSH host keys ===
| |
− | This is only useful if you installed SSH. Each individual [[VE]] should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created [[VE]] to create new SSH keys on first boot.
| |
− | rm -f /etc/ssh/ssh_host_*
| |
− | cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
| |
− | #!/bin/bash
| |
− | ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
| |
− | ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
| |
− | rm -f \$0
| |
− | EOF
| |
− | chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
| |
− |
| |
− | === Clean packages cache ===
| |
− | After installing packages, you'll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out.
| |
− | apt-get clean
| |
− |
| |
− | === Get out of the template ===
| |
− | Now everything is done. Exit from the template and go back to the hardware node.
| |
− | exit
| |
− |
| |
− | == Preparing for and packing template cache ==
| |
− | Now create a cached OS tarball. In the command below, you'll want to replace <tt>i386</tt> with your architecture (i386, amd64, ia64, etc).
| |
− |
| |
− | cd etch-temp
| |
− | sudo tar -zcf /vz/template/cache/debian-4.0-i386-basic.tar.gz .
| |
− |
| |
− | Check to make sure the filesize of the resulting tarball is sane:
| |
− | # ls -lh /vz/template/cache
| |
− | -rw-r--r-- 1 root root 51M Apr 10 03:16 debian-4.0-i386-basic.tar.gz
| |
− |
| |
− | == Dispose of the temporary template directory ==
| |
− | You're done with the template directory. Remove it.
| |
− | sudo rm -Rf etch-temp
| |
− |
| |
− | == Use your new template ==
| |
− | We can now create a VE based on the just-created template cache. Be sure to change <tt>i386</tt> to your architecture just like you did when you named the tarball above.
| |
− |
| |
− | sudo vzctl create 12345 --ostemplate debian-4.0-i386-basic
| |
− |
| |
− | Now make sure that it works:
| |
− | sudo vzctl start 12345
| |
− | sudo vzctl exec 12345 ps ax
| |
− |
| |
− | You should see that a few processes are running as expected.
| |
− |
| |
− | == Final cleanup ==
| |
− | Stop and remove the test VE you just created:
| |
− | sudo vzctl stop 12345
| |
− | sudo vzctl destroy 12345
| |