Difference between revisions of "Gentoo template creation"
m (→Download stage3) |
|||
| Line 19: | Line 19: | ||
</pre> | </pre> | ||
| − | ===Edit config=== | + | ===Edit VE config=== |
| − | Add to | + | Add the following to <code>/etc/vz/conf/777.conf</code>: |
<pre> | <pre> | ||
DISTRIBUTION="gentoo" | DISTRIBUTION="gentoo" | ||
| Line 28: | Line 28: | ||
===Make /etc/mtab a symlink to /proc/mounts=== | ===Make /etc/mtab a symlink to /proc/mounts=== | ||
| − | The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to | + | The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to a non-working df command. |
<pre> | <pre> | ||
rm -f /vz/private/777/etc/mtab | rm -f /vz/private/777/etc/mtab | ||
ln -s /proc/mounts /vz/private/777/etc/mtab | ln -s /proc/mounts /vz/private/777/etc/mtab | ||
</pre> | </pre> | ||
| − | After replacing /etc/mtab with a symlink to /proc/mounts, you will always have up-to-date information of what is mounted in /etc/mtab. | + | After replacing <code>/etc/mtab</code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>. |
| − | === | + | ===Replace /etc/fstab=== |
<pre> | <pre> | ||
| Line 41: | Line 41: | ||
</pre> | </pre> | ||
| − | We need only <code>/proc</code> to be mounted at | + | We need only <code>/proc</code> to be mounted at boot time. |
===Edit /etc/inittab=== | ===Edit /etc/inittab=== | ||
| − | Edit <code>/vz/private/777/etc/inittab</code>, | + | Edit <code>/vz/private/777/etc/inittab</code>, and put a hash mark (#) at the beginning of the lines containing: |
<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre> | <pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre> | ||
| − | This prevents | + | This prevents <code>getty</code> and login from starting on ttys that do not exist in VEs. |
===Edit /etc/shadow=== | ===Edit /etc/shadow=== | ||
| − | Edit <code>/vz/private/777/etc/shadow</code>, change root's password in the first line to an exclamation mark (!): | + | Edit <code>/vz/private/777/etc/shadow</code>, and change root's password in the first line to an exclamation mark (!): |
<pre>root:!:10071:0:::::</pre> | <pre>root:!:10071:0:::::</pre> | ||
| − | This will disable | + | This will disable root login until the password is changed with <code>vzctl set VEID --userpasswd root:password</code>. |
===Disable unneeded init scripts=== | ===Disable unneeded init scripts=== | ||
| Line 70: | Line 70: | ||
===Edit /sbin/rc=== | ===Edit /sbin/rc=== | ||
| − | + | Edit <code>/vz/private/777/sbin/rc</code>, and put a hash mark (#) at the beginning of line 244 (your line number may be different): | |
<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre> | <pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre> | ||
| Line 76: | Line 76: | ||
This prevents the VE from attempting to mount <code>/sys</code>. | This prevents the VE from attempting to mount <code>/sys</code>. | ||
| − | To ensure that | + | To ensure that this change isn't automatically overwritten on update, add the following to <code>/vz/private/777/etc/make.conf</code>: |
<pre>CONFIG_PROTECT = /sbin/rc</pre> | <pre>CONFIG_PROTECT = /sbin/rc</pre> | ||
===Set up udev=== | ===Set up udev=== | ||
| − | |||
<div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div> | <div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div> | ||
| Line 111: | Line 110: | ||
</pre> | </pre> | ||
| − | You can check running services | + | You can check running services: |
<pre> | <pre> | ||
| Line 117: | Line 116: | ||
</pre> | </pre> | ||
| − | All services in boot and default runlevels must be started. If everything all right, stop | + | All services in boot and default runlevels must be started. If everything all right, stop the VE: |
<pre> | <pre> | ||
| Line 123: | Line 122: | ||
</pre> | </pre> | ||
| − | === | + | ===Making distfiles and portage tree of the host system available in a VE=== |
{{Warning|This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully!}} | {{Warning|This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully!}} | ||
| − | To install software into a VE with portage you should mount /usr/portage into VE with "bind" option. Do | + | To install software into a VE with portage, you should mount <code>/usr/portage</code> into the VE with the "bind" option. Do the following on the host after the VE is started: |
<pre> | <pre> | ||
| Line 134: | Line 133: | ||
</pre> | </pre> | ||
| − | If your /usr/portage/distfiles | + | If your <code>/usr/portage/distfiles</code> directory resides on a different partition than your <code>/usr/portage</code> directory, do the following: |
<pre> | <pre> | ||
| Line 140: | Line 139: | ||
</pre> | </pre> | ||
| − | Now, to install package into a VE you just need enter | + | Now, to install a package into a VE, you just need to enter the VE using <code>vzctl enter</code> and run |
<pre> | <pre> | ||
| Line 148: | Line 147: | ||
while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system. | while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system. | ||
| − | For security reasons | + | For security reasons, you should have these directories mounted only while installing software into a VE. |
{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VE.}} | {{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VE.}} | ||
| − | ===Create the cache file=== | + | ===Create the template cache file=== |
<pre> | <pre> | ||
| Line 159: | Line 158: | ||
</pre> | </pre> | ||
| − | ===Test the new cache file=== | + | ===Test the new template cache file=== |
| + | |||
| + | Create a new VE from the template file: | ||
<pre> | <pre> | ||
| Line 165: | Line 166: | ||
</pre> | </pre> | ||
| − | If created successfully, try to start it: | + | If the VE was created successfully, try to start it: |
<pre> | <pre> | ||
Revision as of 17:27, 18 May 2008
This page is about making a template cache for OpenVZ VE from Gentoo Linux. The method is basically the same as described in Slackware template creation article.
Contents
- 1 Download stage3
- 2 Create directory for the new VE and unarchive stage3
- 3 Create VE config
- 4 Edit VE config
- 5 Make /etc/mtab a symlink to /proc/mounts
- 6 Replace /etc/fstab
- 7 Edit /etc/inittab
- 8 Edit /etc/shadow
- 9 Disable unneeded init scripts
- 10 Edit /sbin/rc
- 11 Set up udev
- 12 Test
- 13 Making distfiles and portage tree of the host system available in a VE
- 14 Create the template cache file
- 15 Test the new template cache file
Download stage3
We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.
Create directory for the new VE and unarchive stage3
mkdir /vz/private/777 tar -xjf /root/stage3-i686-2006.0.tar.bz2 -C /vz/private/777
Create VE config
Now you need to create the configuration file for the VE, 777.conf:
vzctl set 777 --applyconfig vps.basic --save
Edit VE config
Add the following to /etc/vz/conf/777.conf:
DISTRIBUTION="gentoo" OSTEMPLATE="gentoo"
Make /etc/mtab a symlink to /proc/mounts
The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to a non-working df command.
rm -f /vz/private/777/etc/mtab ln -s /proc/mounts /vz/private/777/etc/mtab
After replacing /etc/mtab with a symlink to /proc/mounts, you will always have up-to-date information of what is mounted in /etc/mtab.
Replace /etc/fstab
echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab
We need only /proc to be mounted at boot time.
Edit /etc/inittab
Edit /vz/private/777/etc/inittab, and put a hash mark (#) at the beginning of the lines containing:
c?:1235:respawn:/sbin/agetty 38400 tty? linux
This prevents getty and login from starting on ttys that do not exist in VEs.
Edit /etc/shadow
Edit /vz/private/777/etc/shadow, and change root's password in the first line to an exclamation mark (!):
root:!:10071:0:::::
This will disable root login until the password is changed with vzctl set VEID --userpasswd root:password.
Disable unneeded init scripts
The checkroot and consolefont init scripts should not be started inside VEs:
rm /vz/private/777/etc/runlevels/boot/checkroot rm /vz/private/777/etc/runlevels/boot/consolefont
Edit /sbin/rc
Edit /vz/private/777/sbin/rc, and put a hash mark (#) at the beginning of line 244 (your line number may be different):
# try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}
This prevents the VE from attempting to mount /sys.
To ensure that this change isn't automatically overwritten on update, add the following to /vz/private/777/etc/make.conf:
CONFIG_PROTECT = /sbin/rc
Set up udev
NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?
Delete /lib/udev-state/devices.tar.bz2 and create some device nodes needed to enter a VE:
cd /vz/private/777/lib rm udev-state/devices.tar.bz2 mknod udev/devices/ttyp0 c 3 0 mknod udev/devices/ptyp0 c 2 0 mknod udev/devices/ptmx c 5 2
Set RC_DEVICES="static" in /vz/private/777/etc/conf.d/rc
You have to leave the directory you are in for the next step to be ok, otherwise you will get this error message :
vzquota : (error) Quota on syscall for 777: Device or resource busy
vzquota on failed [3]
cd /
Test
vzctl start 777 vzctl enter 777
You can check running services:
rc-status -a
All services in boot and default runlevels must be started. If everything all right, stop the VE:
vzctl stop 777
Making distfiles and portage tree of the host system available in a VE
|
Warning: This step is optional and will result in shared files between VEs! These steps can save space on disk but trade isolation and security... consider your options carefully! |
To install software into a VE with portage, you should mount /usr/portage into the VE with the "bind" option. Do the following on the host after the VE is started:
mkdir /vz/root/777/usr/portage mount -o bind /usr/portage /vz/root/777/usr/portage
If your /usr/portage/distfiles directory resides on a different partition than your /usr/portage directory, do the following:
mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles
Now, to install a package into a VE, you just need to enter the VE using vzctl enter and run
emerge package_name
while you have all the needed files in the /usr/portage/distfiles of host system.
For security reasons, you should have these directories mounted only while installing software into a VE.
|
Note: you have to umount /vz/root/777/usr/portage/distfiles before trying to stop your VE.
|
Create the template cache file
cd /vz/private/777/ tar czf /vz/template/cache/gentoo.tar.gz *
Test the new template cache file
Create a new VE from the template file:
vzctl create 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps
If the VE was created successfully, try to start it:
vzctl start 800
If it started, and you can ssh in, congratulations, you've got a working Gentoo template!
