Difference between revisions of "Slackware template creation"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(Edit /etc/rc.d/rc.syslog)
 
(24 intermediate revisions by 5 users not shown)
Line 1: Line 1:
This page is about making a template cache for OpenVZ [[VE]] from Slackware linux.
+
This page is about making a template cache for OpenVZ [[container]] from Slackware linux.
 
(This method was used for creating the minimal cache from Slackware 10.2)
 
(This method was used for creating the minimal cache from Slackware 10.2)
 
The method is basically the same as described in article [[Debian template creation]].
 
The method is basically the same as described in article [[Debian template creation]].
Line 7: Line 7:
 
=== Downloading and installing Slackware ===
 
=== Downloading and installing Slackware ===
  
First you need to download Slackware linux from [http://www.slackware.org/getslack/ http://www.slackware.org/getslack/]. Then you have to [http://www.slackware.org/install/ install] it to some hardware you can spare while the cache creation process is going on. For [[VE]] creation it is recommended not to install any unnecessary software into the box you are making the cache from.
+
First you need to download Slackware linux from [http://www.slackware.org/getslack/ http://www.slackware.org/getslack/]. Then you have to [http://www.slackware.org/install/ install] it to some hardware you can spare while the cache creation process is going on. For [[container]] creation it is recommended not to install any unnecessary software into the box you are making the cache from.
 
This means for a minimal Slackware 10.2 cache I have chosen only series A (<tt>Base Linux System</tt>) at the package series selection screen of Slackware Setup. Then '''expert''' prompting mode on the next screen. On the Series A package selection screen I chose the following packages:
 
This means for a minimal Slackware 10.2 cache I have chosen only series A (<tt>Base Linux System</tt>) at the package series selection screen of Slackware Setup. Then '''expert''' prompting mode on the next screen. On the Series A package selection screen I chose the following packages:
  
Line 20: Line 20:
 
* dcron
 
* dcron
 
* devs
 
* devs
* e2fsprogs <i>- This is not really needed for a VE, but let him install it</i>
+
* e2fsprogs <i>- This is not really needed for a container, but let him install it</i>
 
* elvis
 
* elvis
 
* etc
 
* etc
Line 45: Line 45:
 
After selecting these packages just install the kernel and lilo, you are ready to run Slackware!
 
After selecting these packages just install the kernel and lilo, you are ready to run Slackware!
  
=== Configuring Slackware for acting as a VE ===
+
=== Configuring Slackware for acting as a container ===
  
 
Now that you have a running minimal Slackware installation, You can begin to prepare it to be
 
Now that you have a running minimal Slackware installation, You can begin to prepare it to be
a template for a [[VE]]. First you need some additional packages, 7 exactly:
+
a template for a [[container]]. First you need some additional packages, 7 exactly:
 
 
* groff-1.19.1-i486-3.tgz <i>from the slackware/ap directory of installation media</i>
 
* man-1.5p-i486-1.tgz <i>from the slackware/ap directory of installation media</i>
 
* quota-3.12-i486-1.tgz <i>from the slackware/ap directory of installation media</i>
 
* iptables-1.3.3-i486-1.tgz <i>from the slackware/n directory of installation media</i>
 
* openssh-4.2p1-i486-1.tgz <i>from the slackware/n directory of installation media</i>
 
* tcpip-0.17-i486-35.tgz <i>from the slackware/n directory of installation media</i>
 
* whois-4.6.16-i486-1.tgz <i>from the slackware/n directory of installation media</i>
 
  
 +
{| class="wikitable"
 +
|+ '''List of additional packages'''
 +
! Package !! Directory of installation media to take the package from
 +
|-
 +
| groff-1.19.1-i486-3.tgz || slackware/ap
 +
|-
 +
| man-1.5p-i486-1.tgz || slackware/ap
 +
|-
 +
| quota-3.12-i486-1.tgz || slackware/ap
 +
|-
 +
| iptables-1.3.3-i486-1.tgz || slackware/n
 +
|-
 +
| openssh-4.2p1-i486-1.tgz || slackware/n
 +
|-
 +
| tcpip-0.17-i486-35.tgz || slackware/n
 +
|-
 +
| whois-4.6.16-i486-1.tgz || slackware/n
 +
|}
 
You can install these packages issuing the following command:
 
You can install these packages issuing the following command:
 
<pre>
 
<pre>
# installpkg <packagename>
+
installpkg <packagename>
 
</pre>
 
</pre>
  
After these steps, you are ready to move your Slackware installation into a [[VE]]
+
After these steps, you are ready to move your Slackware installation into a [[container]].
  
=== Moving a Slackware installation into a VE ===
+
=== Moving a Slackware installation into a container ===
  
 
I did it by compressing the whole filesystem into a tgz file and copying it to the host running OpenVZ.
 
I did it by compressing the whole filesystem into a tgz file and copying it to the host running OpenVZ.
Line 71: Line 81:
 
Compressing it is easy:
 
Compressing it is easy:
 
<pre>
 
<pre>
# tar czf /slackware.tgz /
+
tar --numeric-owner -czf /slackware.tgz --exclude /slackware.tgz /
 
</pre>
 
</pre>
  
But to copy it, you need to setup a network device on the slackware system (use <tt>ifconfig</tt> and <tt>ftp</tt> or manually remove the hard drive containing the Slackware installation and copying the tgz file from there.
+
But to copy it, you need to setup a network device on the slackware system (use <tt>ifconfig</tt> and <tt>ftp</tt>) or manually remove the hard drive containing the Slackware installation and copy the tgz file from there.
  
After you got the tgz file on the host, make a new directory into /vz/private with a new VPSID, for <b>example</b> 777.
+
After you got the tgz file on the host, make a new directory into <tt>/vz/private</tt> with a new CTID, ''for example'' 777.
Uncompress the tgz file into this directory and delete it.
+
Uncompress the tgz file into this directory and remove the tgz.
 
<pre>
 
<pre>
 
mv slackware.tgz /vz/private/777
 
mv slackware.tgz /vz/private/777
Line 85: Line 95:
 
</pre>
 
</pre>
  
== Preparing the new VE ==
+
== Preparing the new container ==
  
=== Creating a new .conf file ===
+
=== Creating container config ===
  
Now you need to create the config file for the Slackware [[VE]], 777.conf.
+
Now you need to create the configuration file for the [[container]], 777.conf:
  
 
<pre>
 
<pre>
Line 95: Line 105:
 
</pre>
 
</pre>
  
You need to set it's OSTEMPLATE.
+
=== Getting the filesystem ready to run in a container ===
<pre>
 
echo "OSTEMPLATE=slackware-10.2-i486-minimal" >> /etc/sysconfig/vz-scripts/777.conf
 
</pre>
 
 
 
And an IP address and a Hostname
 
<pre>
 
vzctl set 777 --ipadd x.x.x.x --save
 
vzctl set 777 --hostname myslacky --save
 
</pre>
 
 
 
=== Getting the filesystem ready to run in a VE ===
 
  
 
Now you need to make some minor alterations under the /vz/private/777 directory.
 
Now you need to make some minor alterations under the /vz/private/777 directory.
Line 134: Line 133:
 
rm /vz/private/777/etc/ssh/*key*
 
rm /vz/private/777/etc/ssh/*key*
 
</pre>
 
</pre>
This will ensure that a unique ssh key is generated for every single [[VE]] at the first boot.
+
This will ensure that a unique ssh key is generated for every single [[container]] at the first boot.
 
Edit ssh_config and sshd_config here if you want.
 
Edit ssh_config and sshd_config here if you want.
  
Line 140: Line 139:
 
<pre>
 
<pre>
 
rm /vz/private/777/etc/mtab
 
rm /vz/private/777/etc/mtab
ln -s /vz/private/777/etc/mtab /proc/mouns
+
ln -s /proc/mounts /vz/private/777/etc/mtab
 
</pre>
 
</pre>
  
Line 150: Line 149:
 
==== Edit /etc/inittab ====
 
==== Edit /etc/inittab ====
  
Edit /vz/private/777/etc/inittab, put a hashmark (#) before the lines containing ====
+
Edit /vz/private/777/etc/inittab, put a hashmark (#) before the lines containing:
 
<pre>
 
<pre>
 
c?:1235:respawn:/sbin/agetty 38400 tty? linux
 
c?:1235:respawn:/sbin/agetty 38400 tty? linux
Line 158: Line 157:
 
==== Edit /etc/shadow ====
 
==== Edit /etc/shadow ====
  
Edit /vz/private/777/etc/shadow, change root's password in the first line to an exclamation mark (!):
+
Edit <tt>/vz/private/777/etc/shadow</tt>, change root's password in the first line to an exclamation mark (<tt>!</tt>):
 
<pre>
 
<pre>
#root:!:13305:0:::::
+
root:!:13305:0:::::
 
</pre>
 
</pre>
This will disable the root login until the password chaned with "vzctl set VPSID --userpasswd root:xxx"
+
This will disable the root login until the password changed with <tt>vzctl set CTID --userpasswd root:xxx</tt>.
  
 
==== Edit /etc/rc.d/rc.S ====
 
==== Edit /etc/rc.d/rc.S ====
  
Edit /vz/private/777/etc/rc.d/rc.S, put a hashmark (#) before the line containing:
+
Edit <tt>/vz/private/777/etc/rc.d/rc.S</tt>, putting a hashmark (<tt>#</tt>) as the first character of the line containing:
 
<pre>
 
<pre>
 
/bin/rm -f /etc/mtab*
 
/bin/rm -f /etc/mtab*
 
</pre>
 
</pre>
This should be line 162. This will forbid Slackware to delete our symlink at every reboot.
+
This should be line 162 (239 - slackware 13.1). This will forbid Slackware to delete our symlink at every reboot.
  
 
==== Edit /etc/rc.d/rc.syslog ====
 
==== Edit /etc/rc.d/rc.syslog ====
  
Edit /vz/private/777/etc/rc.d/rc.syslog, put a hashmark (#) before the lines containing
+
Edit <tt>/vz/private/777/etc/rc.d/rc.syslog</tt> file, put a hashmark (<tt>#</tt>) before the lines containing
 
<pre>
 
<pre>
 
sleep 1
 
sleep 1
Line 181: Line 180:
 
killall klogd 2> /dev/null
 
killall klogd 2> /dev/null
 
</pre>
 
</pre>
These should be lines 11, 12, 15 and 21. This will prevent klogd (which is not needed) from starting at boottime.
+
These should be lines 11, 12, 15 and 21. This will prevent <tt>klogd</tt> (which is usually not needed) from starting at boot time.
 +
 
 +
Slackware 13.1 (12.0 and newest)
 +
<pre>
 +
chmod -x /vz/private/777/etc/rc.d/rc.syslog
 +
</pre>
 +
 
 +
{{Note|if you are going to use iptables rules inside your Slackware containers which will do logging (i.e. the ones with the <tt>LOG</tt> target), you should not disable <tt>klogd</tt>.}}
  
== Testing the new VE and making a cache file ==
+
== Testing the new container and making a cache file ==
  
=== Testing the new VE ===
+
=== Testing the new container ===
  
To test the new [[VE]], simply start it:
+
To test the new [[container]], simply start it:
 
<pre>
 
<pre>
 
vzctl start 777
 
vzctl start 777
 
</pre>
 
</pre>
If you did everythingall right (and I didn't make a mistake here) your new slackware will boot.
+
If you did everything all right (and this article is correct) your new Slackware [[container]] will boot.
  
If the VE booted, and you can enter/ssh in it, then stop it.
+
If the container booted, and you can enter/ssh to it, then stop it:
 
<pre>
 
<pre>
 
vzctl stop 777
 
vzctl stop 777
Line 200: Line 206:
 
=== Making a cache file ===
 
=== Making a cache file ===
  
Now make a .tar.gz out of the [[VE]]:
+
Now make a .tar.gz out of the [[container]]:
 
<pre>
 
<pre>
 
tar czf /vz/template/cache/slackware-10.2-i486-minimal.tar.gz /vz/private/777/
 
tar czf /vz/template/cache/slackware-10.2-i486-minimal.tar.gz /vz/private/777/

Latest revision as of 08:54, 28 May 2011

This page is about making a template cache for OpenVZ container from Slackware linux. (This method was used for creating the minimal cache from Slackware 10.2) The method is basically the same as described in article Debian template creation.

Getting a Slackware root filesystem[edit]

Downloading and installing Slackware[edit]

First you need to download Slackware linux from http://www.slackware.org/getslack/. Then you have to install it to some hardware you can spare while the cache creation process is going on. For container creation it is recommended not to install any unnecessary software into the box you are making the cache from. This means for a minimal Slackware 10.2 cache I have chosen only series A (Base Linux System) at the package series selection screen of Slackware Setup. Then expert prompting mode on the next screen. On the Series A package selection screen I chose the following packages:

  • kernel-ide - This is requied to boot the OS to be able to get it's root filesystem
  • aaa_base
  • aaa_elflibs
  • bash
  • bin
  • bzip2
  • coreutils
  • cxxlibs
  • dcron
  • devs
  • e2fsprogs - This is not really needed for a container, but let him install it
  • elvis
  • etc
  • gawk
  • glibc-solibs
  • grep
  • gzip
  • kernel-modules - This is needed for the first boot only as kernel-ide
  • less
  • lilo - For first boot only too
  • logrotate
  • module-init-tools
  • openssl-solibs
  • pkgtools
  • procps
  • sed
  • shadow
  • sysklogd
  • sysvinit
  • tar
  • udev
  • util-linux

After selecting these packages just install the kernel and lilo, you are ready to run Slackware!

Configuring Slackware for acting as a container[edit]

Now that you have a running minimal Slackware installation, You can begin to prepare it to be a template for a container. First you need some additional packages, 7 exactly:

List of additional packages
Package Directory of installation media to take the package from
groff-1.19.1-i486-3.tgz slackware/ap
man-1.5p-i486-1.tgz slackware/ap
quota-3.12-i486-1.tgz slackware/ap
iptables-1.3.3-i486-1.tgz slackware/n
openssh-4.2p1-i486-1.tgz slackware/n
tcpip-0.17-i486-35.tgz slackware/n
whois-4.6.16-i486-1.tgz slackware/n

You can install these packages issuing the following command:

installpkg <packagename>

After these steps, you are ready to move your Slackware installation into a container.

Moving a Slackware installation into a container[edit]

I did it by compressing the whole filesystem into a tgz file and copying it to the host running OpenVZ.

Compressing it is easy:

tar --numeric-owner -czf /slackware.tgz --exclude /slackware.tgz /

But to copy it, you need to setup a network device on the slackware system (use ifconfig and ftp) or manually remove the hard drive containing the Slackware installation and copy the tgz file from there.

After you got the tgz file on the host, make a new directory into /vz/private with a new CTID, for example 777. Uncompress the tgz file into this directory and remove the tgz.

mv slackware.tgz /vz/private/777
cd /vz/private/777
gunzip -dc slackware.tgz |tar -xvf -
rm /vz/private/777/slackware.tgz

Preparing the new container[edit]

Creating container config[edit]

Now you need to create the configuration file for the container, 777.conf:

vzctl set 777 --applyconfig vps.basic --save

Getting the filesystem ready to run in a container[edit]

Now you need to make some minor alterations under the /vz/private/777 directory.

Delete the directory /lost+found, clean /boot, /tmp, and /var/mail and make /proc[edit]

rm -r /vz/private/777/lost+found
rm /vz/private/777/boot/*
rm /vz/private/777/tmp/*
rm /vz/private/777/var/mail/*
mkdir /vz/private/777/proc

Delete the kernel modules from /lib/modules[edit]

rm -r /vz/private/777/lib/modules

Make a home directory for root, readable only by him[edit]

mkdir /vz/private/777/root
chmod 0700 /vz/private/777/root

Delete all keys from /etc/ssh[edit]

rm /vz/private/777/etc/ssh/*key*

This will ensure that a unique ssh key is generated for every single container at the first boot. Edit ssh_config and sshd_config here if you want.

Delete the file /etc/mtab and make it a symlink to /proc/mounts.[edit]

rm /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab

Clean the /etc/fstab file[edit]

echo -n > /vz/private/777/etc/fstab

Edit /etc/inittab[edit]

Edit /vz/private/777/etc/inittab, put a hashmark (#) before the lines containing:

c?:1235:respawn:/sbin/agetty 38400 tty? linux

This will prevent linux gettys to spawn.

Edit /etc/shadow[edit]

Edit /vz/private/777/etc/shadow, change root's password in the first line to an exclamation mark (!):

root:!:13305:0:::::

This will disable the root login until the password changed with vzctl set CTID --userpasswd root:xxx.

Edit /etc/rc.d/rc.S[edit]

Edit /vz/private/777/etc/rc.d/rc.S, putting a hashmark (#) as the first character of the line containing:

/bin/rm -f /etc/mtab*

This should be line 162 (239 - slackware 13.1). This will forbid Slackware to delete our symlink at every reboot.

Edit /etc/rc.d/rc.syslog[edit]

Edit /vz/private/777/etc/rc.d/rc.syslog file, put a hashmark (#) before the lines containing

sleep 1
echo "/usr/bin/klogd -c 3 -x"
/usr/bin/klogd -c 3 -x
killall klogd 2> /dev/null

These should be lines 11, 12, 15 and 21. This will prevent klogd (which is usually not needed) from starting at boot time.

Slackware 13.1 (12.0 and newest)

chmod -x /vz/private/777/etc/rc.d/rc.syslog
Yellowpin.svg Note: if you are going to use iptables rules inside your Slackware containers which will do logging (i.e. the ones with the LOG target), you should not disable klogd.

Testing the new container and making a cache file[edit]

Testing the new container[edit]

To test the new container, simply start it:

vzctl start 777

If you did everything all right (and this article is correct) your new Slackware container will boot.

If the container booted, and you can enter/ssh to it, then stop it:

vzctl stop 777

Making a cache file[edit]

Now make a .tar.gz out of the container:

tar czf /vz/template/cache/slackware-10.2-i486-minimal.tar.gz /vz/private/777/

Testing the new cache file[edit]

To test the the new cache file, issue:

vzctl create 555 --ostemplate slackware-10.2-i486-minimal --ipadd x.x.x.x --hostname testy

If created successfully, try to start it:

vzctl start 555

If it started, and you can ssh in, congratulations, you've got a working slackware template!