User:Dusty/Debian template creation
This is just a working area to make sure I've got my facts straight. It works great on a Debian hardware node, but not so great on RedHat. We might really have to create a temporary VE instead of using the chroot. Pitty.
---
These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ VEs based on Debian Etch (4.0).
Notes:
- You shouldn't be running as root, but as a user that is permitted to use sudo instead. It's a dangerous idea, run as root at your peril.
- Anywhere you see /vz, you might really need to use /var/lib/vz instead, especially on a Debian Etch host.
- Anywhere you see http://debian.osuosl.org/debian/, you can substitute your favorite Debian mirror. (List of official Debian Mirrors)
Contents
- 1 Prerequisites
- 2 Bootstrapping Debian
- 3 Inside the template
- 3.1 Set Debian repositories
- 3.2 Update and upgrade packages
- 3.3 Install more packages
- 3.4 Set sane permissions for /root directory
- 3.5 Disable root login
- 3.6 Disable getty
- 3.7 Disable sync() for syslog
- 3.8 Fix /etc/mtab
- 3.9 Remove some unneeded packages
- 3.10 Disable services
- 3.11 Fix SSH host keys
- 3.12 Clean packages cache
- 3.13 Get out of the template
 
- 4 Preparing for and packing template cache
- 5 Dispose of the temporary template directory
- 6 Use your new template
- 7 Final cleanup
Prerequisites
You need to have a working copy of debootstrap running on your hardware node.
For Debian:
sudo apt-get install debootstrap
For Gentoo:
sudo emerge debootstrap
For other distros you might need to install it from sources, or search for an appropriate package for your distribution. An RPM is available on the OpenVZ Forum.
Bootstrapping Debian
Change to a directory where you'll have about 200MB of usable space and the ability to run executables. Depending on your configuration, /tmp might be set noexec which would mean you'd have to use some other location. I'm going to use /vz/private for this.
cd /vz/private
Download Debian Etch to a directory called "etch-temp". Specify your architecture instead of i386 if you're using something other than i386/x86. For example, for AMD64/x86_64, use amd64 or for ia64, use ia64.
sudo debootstrap --arch i386 etch etch-temp http://debian.osuosl.org/debian/
Inside the template
The following actions are all performed inside the template. To get inside, run this:
sudo chroot etch-temp
Set Debian repositories
cat <<EOF > /etc/apt/sources.list deb http://debian.osuosl.org/debian/ etch main contrib deb http://security.debian.org etch/updates main contrib EOF
Update and upgrade packages
This will update the available packages list, upgrade installed packages with security updates, and install the new packages that are listed below. Feel free to add your own.
apt-get update apt-get upgrade
Install more packages
Installing packages could be an interactive process so the system might ask some questions. You can install more packages if you'd like. For example:
apt-get install ssh quota
Set sane permissions for /root directory
chmod 700 /root
Disable root login
This will disable root login by default.
usermod -L root
Disable getty
Disable running gettys on terminals as a VE does not have any:
sed -i -e '/getty/d' /etc/inittab
Disable sync() for syslog
Turn off doing sync() on every write for syslog's log files, to improve I/O performance:
sed -i -e 's@\(space:\)\(/var/log/\)@\1-\2@' /etc/syslog.conf
Fix /etc/mtab
Link /etc/mtab to /proc/mounts, so df and friends will work:
rm -f /etc/mtab ln -s /proc/mounts /etc/mtab
Remove some unneeded packages
If you have any packages you'd like to remove, now's the time for it. Here's an example:
dpkg --purge fortune-mod fortunes-min
Disable services
If there are any services you'd like to disable, do that now. Here's an example:
update-rc.d -f klogd remove
Fix SSH host keys
This is only useful if you installed SSH. Each individual VE should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created VE to create new SSH keys on first boot.
rm -f /etc/ssh/ssh_host_* cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys #!/bin/bash ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N rm -f \$0 EOF chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
Clean packages cache
After installing packages, you'll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out.
apt-get clean
Get out of the template
Now everything is done. Exit from the template and go back to the hardware node.
exit
Preparing for and packing template cache
Now create a cached OS tarball. In the command below, you'll want to replace i386 with your architecture (i386, amd64, ia64, etc).
cd etch-temp sudo tar -zcf /vz/template/cache/debian-4.0-i386-basic.tar.gz . cd ..
Check to make sure the filesize of the resulting tarball is sane:
# ls -lh /vz/template/cache -rw-r--r-- 1 root root 51M Apr 10 03:16 debian-4.0-i386-basic.tar.gz
Dispose of the temporary template directory
You're done with the template directory. Remove it.
sudo rm -Rf etch-temp
Use your new template
We can now create a VE based on the just-created template cache. Be sure to change i386 to your architecture just like you did when you named the tarball above.
sudo vzctl create 123456 --ostemplate debian-4.0-i386-basic
Now make sure that it works:
sudo vzctl start 123456 sudo vzctl exec 123456 ps ax
You should see that a few processes are running as expected.
Final cleanup
Stop and remove the test VE you just created:
sudo vzctl stop 123456 sudo vzctl destroy 123456 sudo rm /etc/vz/conf/123456.conf.destroyed
