We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.

mkdir /vz/private/777
tar -xjf /root/stage3-i686-2006.0.tar.bz2 -C /vz/private/777

Now you need to create the configuration file for the VE, 777.conf:

vzctl set 777 --applyconfig vps.basic --save

Add to the /etc/vz/conf/777.conf:

DISTRIBUTION="gentoo"
OSTEMPLATE="gentoo"

The VE root filesystem is mounted by the host system, not the guest -- and therefore root fs will not appear in /etc/mtab. It will lead to df command non-working.

rm -f /vz/private/777/etc/mtab
ln -s /proc/mounts /vz/private/777/etc/mtab

After replacing /etc/mtab with a symlink to /proc/mounts, you will always have up-to-date information of what is mounted in /etc/mtab.

echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab

We need only /proc to be mounted at the boot time.

Edit /vz/private/777/etc/inittab, putting a hashmark (#) before the lines containing:

c?:1235:respawn:/sbin/agetty 38400 tty? linux

This prevents from starting getty and login on ttys that does not exist in VEs.

Edit /vz/private/777/etc/shadow, change root's password in the first line to an exclamation mark (!):

root:!:10071:0:::::

This will disable the root login until the password changed with vzctl set VEID --userpasswd root:password.

The checkroot and consolefont init scripts should not be started inside VEs:

rm /vz/private/777/etc/runlevels/boot/checkroot
rm /vz/private/777/etc/runlevels/boot/consolefont

Comment out line number 244 in /vz/private/777/sbin/rc:

# try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}

This prevents the VE from attempting to mount /sys.

To ensure that these changes aren't automatically overwritten on update, add the following to /vz/private/777/etc/make.conf:

CONFIG_PROTECT = /sbin/rc

Delete /lib/udev-state/devices.tar.bz2 and create some device nodes needed to enter a VE:

cd /vz/private/777/lib
rm udev-state/devices.tar.bz2
mknod udev/devices/ttyp0 c 3 0
mknod udev/devices/ptyp0 c 2 0
mknod udev/devices/ptmx c 5 2

Set RC_DEVICES="static" in /vz/private/777/etc/conf.d/rc

You have to leave the directory you are in for the next step to be ok, otherwise you will get this error message :
vzquota : (error) Quota on syscall for 777: Device or resource busy
vzquota on failed [3]

cd /

vzctl start 777
vzctl enter 777

You can check running services.

rc-status -a

All services in boot and default runlevels must be started. If everything all right, stop it

vzctl stop 777

To install software into a VE with portage you should mount /usr/portage into VE with "bind" option. Do this after VE starts:

mkdir /vz/root/777/usr/portage
mount -o bind /usr/portage /vz/root/777/usr/portage

If your /usr/portage/distfiles placed on the other partition do:

mount -n -o bind /usr/portage/distfiles /vz/root/777/usr/portage/distfiles

Now, to install package into a VE you just need enter there by vzctl enter and run

emerge package_name

while you have all the needed files in the /usr/portage/distfiles of host system.

For security reasons hold this directories mounted only while you are installing software into a VE.

cd /vz/private/777/
tar czf /vz/template/cache/gentoo.tar.gz *

vzctl create 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps

If created successfully, try to start it:

vzctl start 800

If it started, and you can ssh in, congratulations, you've got a working Gentoo template!