Difference between revisions of "Gentoo template creation"
(→Test the new template cache file) |
(dedicated installation of portage) |
||
| Line 177: | Line 177: | ||
{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your container.}} | {{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your container.}} | ||
| + | |||
| + | |||
| + | == Dedicated installation of portage == | ||
| + | |||
| + | If you decide not to share portage with host as described before, you'll still need a portage installed into your container. | ||
| + | |||
| + | Get latest snapshot of portage tree from your favourite mirror (http://www.gentoo.org/main/en/mirrors.xml) and extract it into <code>/vz/private/777/usr</code>: | ||
| + | |||
| + | <pre> | ||
| + | # wget <your-mirro>/snapshots/portage-latest.tar.bz2 | ||
| + | # tar xjf portage-latest.tar.bz2 -C /vz/private/777/usr | ||
| + | </pre> | ||
== Create the template cache file == | == Create the template cache file == | ||
Revision as of 12:15, 11 April 2010
This page is about making a template cache for OpenVZ container from Gentoo Linux. The method is basically the same as described in Slackware template creation article.
Contents
- 1 Download stage3
- 2 Create directory for the new container and unarchive stage3
- 3 Create CT config
- 4 Edit CT config
- 5 Make /etc/mtab a symlink to /proc/mounts
- 6 Replace /etc/fstab
- 7 Edit /etc/inittab
- 8 Edit /etc/shadow
- 9 Disable unneeded init scripts
- 10 Edit /sbin/rc
- 11 Set up udev
- 12 Test
- 13 Making distfiles and portage tree of the host system available in a container
- 14 Dedicated installation of portage
- 15 Create the template cache file
- 16 Test the new template cache file
- 17 Post Configuration
Download stage3
We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.
Create directory for the new container and unarchive stage3
mkdir /vz/private/777 tar -xjf /root/stage3-i686-2008.0_beta2.tar.bz2 -C /vz/private/777
Create CT config
Now you need to create the configuration file for the container, 777.conf:
vzctl set 777 --applyconfig vps.basic --save
Edit CT config
Add the following to /etc/vz/conf/777.conf:
OSTEMPLATE="gentoo"
Creation of container at end of this HowTo obeys quota limits and might exceed
those limits set in vps.basic by default (at least encountered with Gentoo
10.1 release). Thus it might be required to increase limits now. The following
values are providing 2 GiByte soft limit with 2.5 GiByte hard limit:
DISKSPACE="2097152:2621440"
After that you copy that configuration file turning it into a sample configuration for later use:
# cp /etc/vz/conf/777.conf /etc/vz/conf/ve-gentoo.conf-sample
Make /etc/mtab a symlink to /proc/mounts
The container's root filesystem is mounted by the host system, not the guest — and therefore root fs will not appear in /etc/mtab. It will lead to a non-working df command. To fix, link /etc/mtab to /proc/mounts.
rm -f /vz/private/777/etc/mtab ln -s /proc/mounts /vz/private/777/etc/mtab
After replacing /etc/mtab with a symlink to /proc/mounts, you will always have up-to-date information of what is mounted in /etc/mtab.
Replace /etc/fstab
echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab
We need only /proc to be mounted at boot time.
Edit /etc/inittab
Edit /vz/private/777/etc/inittab and put a hash mark (#) at the beginning of the lines containing:
c?:1235:respawn:/sbin/agetty 38400 tty? linux
This prevents getty and login from starting on ttys that do not exist in containers.
Edit /etc/shadow
Edit /vz/private/777/etc/shadow and change root's password in the first line to an exclamation mark (!):
root:!:10071:0:::::
This will disable root login until the password is changed with vzctl set CTID --userpasswd root:password.
Disable unneeded init scripts
The checkroot and consolefont init scripts should not be started inside containers:
rm /vz/private/777/etc/runlevels/boot/checkroot rm /vz/private/777/etc/runlevels/boot/consolefont
Edit /sbin/rc
Edit /vz/private/777/sbin/rc and put a hash mark (#) at the beginning of line 244 (your line number may be different):
# try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}
This prevents the container from attempting to mount /sys.
To ensure that this change isn't automatically overwritten on update, add the following to /vz/private/777/etc/make.conf:
CONFIG_PROTECT="/sbin/rc"
Set up udev
Using udev you will have problems since some devices nodes are not created.
For example sshd will fail to start since /dev/random and /dev/urandom are missing.
So it's recommended to disable udev.
Edit /vz/private/777/etc/conf.d/rc and change the RC_DEVICES line to:
RC_DEVICES="static"
If you want to enable udev read on.
Create some device nodes needed to enter a container:
cd /vz/private/777/lib mknod udev/devices/ttyp0 c 3 0 mknod udev/devices/ptyp0 c 2 0 mknod udev/devices/ptmx c 5 2
Edit /vz/private/777/etc/conf.d/rc and change the RC_DEVICES and RC_DEVICE_TARBALL lines to:
RC_DEVICES="udev" RC_DEVICE_TARBALL="no"
You have to leave the directory you are in for the next step to be OK, otherwise you will get this error message:
vzquota : (error) Quota on syscall for 777: Device or resource busy vzquota on failed [3]
cd /
Test
vzctl start 777 vzctl enter 777
You can check running services:
rc-status -a
All services in boot and default runlevels must be started. If everything all right, stop the container:
vzctl stop 777
Making distfiles and portage tree of the host system available in a container
|
Warning: This step is optional and will result in shared files between containers! These steps can save space on disk but trade isolation and security... consider your options carefully! |
To install software into a container with portage, you should mount /usr/portage into the container with the "bind" option. Do the following on the host after the container is started:
mkdir /vz/root/777/usr/portage mount -o bind /usr/portage /vz/root/777/usr/portage
If your /usr/portage/distfiles directory resides on a different partition than your /usr/portage directory, do the following:
mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles
Now, to install a package into a container, you just need to enter the container using vzctl enter and run
emerge package_name
while you have all the needed files in the /usr/portage/distfiles of host system.
For security reasons, you should have these directories mounted only while installing software into a container.
|
Note: you have to umount /vz/root/777/usr/portage/distfiles before trying to stop your container.
|
Dedicated installation of portage
If you decide not to share portage with host as described before, you'll still need a portage installed into your container.
Get latest snapshot of portage tree from your favourite mirror (http://www.gentoo.org/main/en/mirrors.xml) and extract it into /vz/private/777/usr:
# wget <your-mirro>/snapshots/portage-latest.tar.bz2 # tar xjf portage-latest.tar.bz2 -C /vz/private/777/usr
Create the template cache file
cd /vz/private/777/ tar --numeric-owner -czf /vz/template/cache/gentoo.tar.gz *
Test the new template cache file
Create a new container from the template file:
vzctl create 800 --config gentoo --ipadd 192.168.0.10 --hostname testvps
If the container was created successfully, try to start it:
vzctl start 800
If it started, and you can enter it using
vzctl enter 800
congratulations, you've got a working Gentoo template!
Post Configuration
After entering container before, it's time to enable SSH now:
# rc-update add sshd default # /etc/init.d/sshd start
Now it should be possible to login over SSH.
