Slackware template creation
This page is about making a template cache for OpenVZ VE from Slackware linux. (This method was used for creating the minimal cache from Slackware 10.2) The method is basically the same as described in article Debian template creation.
Contents
- 1 Getting a Slackware root filesystem
- 2 Preparing the new VE
- 2.1 Preconfiguring the VE
- 2.2 Getting the filesystem ready to run in a VE
- 2.2.1 Delete the directory /lost+found, clean /boot, /tmp, and /var/mail and make /proc
- 2.2.2 Delete the kernel modules from /lib/modules
- 2.2.3 Make a home directory for root, readable only by him
- 2.2.4 Delete all keys from /etc/ssh
- 2.2.5 Delete the file /etc/mtab and make it a symlink to /proc/mounts.
- 2.2.6 Clean the /etc/fstab file
- 2.2.7 Edit /etc/inittab
- 2.2.8 Edit /etc/shadow
- 2.2.9 Edit /etc/rc.d/rc.S
- 2.2.10 Edit /etc/rc.d/rc.syslog
- 3 Testing the new VE and making a cache file
- 4 Testing the new cache file
Getting a Slackware root filesystem
Downloading and installing Slackware
First you need to download Slackware linux from http://www.slackware.org/getslack/. Then you have to install it to some hardware you can spare while the cache creation process is going on. For VE creation it is recommended not to install any unnecessary software into the box you are making the cache from. This means for a minimal Slackware 10.2 cache I have chosen only series A (Base Linux System) at the package series selection screen of Slackware Setup. Then expert prompting mode on the next screen. On the Series A package selection screen I chose the following packages:
- kernel-ide - This is requied to boot the OS to be able to get it's root filesystem
- aaa_base
- aaa_elflibs
- bash
- bin
- bzip2
- coreutils
- cxxlibs
- dcron
- devs
- e2fsprogs - This is not really needed for a VE, but let him install it
- elvis
- etc
- gawk
- glibc-solibs
- grep
- gzip
- kernel-modules - This is needed for the first boot only as kernel-ide
- less
- lilo - For first boot only too
- logrotate
- module-init-tools
- openssl-solibs
- pkgtools
- procps
- sed
- shadow
- sysklogd
- sysvinit
- tar
- udev
- util-linux
After selecting these packages just install the kernel and lilo, you are ready to run Slackware!
Configuring Slackware for acting as a VE
Now that you have a running minimal Slackware installation, You can begin to prepare it to be a template for a VE. First you need some additional packages, 7 exactly:
- groff-1.19.1-i486-3.tgz from the slackware/ap directory of installation media
- man-1.5p-i486-1.tgz from the slackware/ap directory of installation media
- quota-3.12-i486-1.tgz from the slackware/ap directory of installation media
- iptables-1.3.3-i486-1.tgz from the slackware/n directory of installation media
- openssh-4.2p1-i486-1.tgz from the slackware/n directory of installation media
- tcpip-0.17-i486-35.tgz from the slackware/n directory of installation media
- whois-4.6.16-i486-1.tgz from the slackware/n directory of installation media
You can install these packages issuing the following command:
# installpkg <packagename>
After these steps, you are ready to move your Slackware installation into a VE
Moving a Slackware installation into a VE
I did it by compressing the whole filesystem into a tgz file and copying it to the host running OpenVZ.
Compressing it is easy:
tar czf /slackware.tgz /
But to copy it, you need to setup a network device on the slackware system (use ifconfig and ftp or manually remove the hard drive containing the Slackware installation and copy the tgz file from there.
After you got the tgz file on the host, make a new directory into /vz/private with a new VEID, for example 777. Uncompress the tgz file into this directory and remove the tgz.
mv slackware.tgz /vz/private/777 cd /vz/private/777 gunzip -dc slackware.tgz |tar -xvf - rm /vz/private/777/slackware.tgz
Preparing the new VE
Preconfiguring the VE
Now you need to create the configuration file for the VE, 777.conf:
vzctl set 777 --applyconfig vps.basic --save
You need to set its OSTEMPLATE parameter:
echo "OSTEMPLATE=slackware-10.2-i486-minimal" >> /etc/sysconfig/vz-scripts/777.conf
Set an IP address and a hostname:
vzctl set 777 --ipadd x.x.x.x --save vzctl set 777 --hostname myslacky --save
Getting the filesystem ready to run in a VE
Now you need to make some minor alterations under the /vz/private/777 directory.
Delete the directory /lost+found, clean /boot, /tmp, and /var/mail and make /proc
rm -r /vz/private/777/lost+found rm /vz/private/777/boot/* rm /vz/private/777/tmp/* rm /vz/private/777/var/mail/* mkdir /vz/private/777/proc
Delete the kernel modules from /lib/modules
rm -r /vz/private/777/lib/modules
Make a home directory for root, readable only by him
mkdir /vz/private/777/root chmod 0700 /vz/private/777/root
Delete all keys from /etc/ssh
rm /vz/private/777/etc/ssh/*key*
This will ensure that a unique ssh key is generated for every single VE at the first boot. Edit ssh_config and sshd_config here if you want.
Delete the file /etc/mtab and make it a symlink to /proc/mounts.
rm /vz/private/777/etc/mtab ln -s /vz/private/777/etc/mtab /proc/mouns
Clean the /etc/fstab file
echo -n > /vz/private/777/etc/fstab
Edit /etc/inittab
Edit /vz/private/777/etc/inittab, put a hashmark (#) before the lines containing:
c?:1235:respawn:/sbin/agetty 38400 tty? linux
This will prevent linux gettys to spawn.
Edit /etc/shadow
Edit /vz/private/777/etc/shadow, change root's password in the first line to an exclamation mark (!):
#root:!:13305:0:::::
This will disable the root login until the password chaned with "vzctl set VPSID --userpasswd root:xxx"
Edit /etc/rc.d/rc.S
Edit /vz/private/777/etc/rc.d/rc.S, put a hashmark (#) before the line containing:
/bin/rm -f /etc/mtab*
This should be line 162. This will forbid Slackware to delete our symlink at every reboot.
Edit /etc/rc.d/rc.syslog
Edit /vz/private/777/etc/rc.d/rc.syslog file, put a hashmark (#) before the lines containing
sleep 1 echo "/usr/bin/klogd -c 3 -x" /usr/bin/klogd -c 3 -x killall klogd 2> /dev/null
These should be lines 11, 12, 15 and 21. This will prevent klogd (which is usually not needed) from starting at boot time.
Note: if you are going to use iptables rules inside your Slackware VEs which will do logging (i.e. the ones with the LOG target), you should not disable klogd. |
Testing the new VE and making a cache file
Testing the new VE
To test the new VE, simply start it:
vzctl start 777
If you did everything all right (and this article is correct) your new Slackware VE will boot.
If the VE booted, and you can enter/ssh to it, then stop it:
vzctl stop 777
Making a cache file
Now make a .tar.gz out of the VE:
tar czf /vz/template/cache/slackware-10.2-i486-minimal.tar.gz /vz/private/777/
Testing the new cache file
To test the the new cache file, issue:
vzctl create 555 --ostemplate slackware-10.2-i486-minimal --ipadd x.x.x.x --hostname testy
If created successfully, try to start it:
vzctl start 555
If it started, and you can ssh in, congratulations, you've got a working slackware template!