'''This is just a working area to make sure I've got my facts straight.''' It works great on a Debian hardware node, but not so great on RedHat. We might really have to create a temporary VE instead of using the chroot. Pitty.
---
These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ [[VE]]s based on Debian Etch (4.0).
'''Notes:'''
* You shouldn't be running as root, but as a user that is permitted to use sudo instead. It's a dangerous idea, run as root at your peril.
* Anywhere you see <tt>/vz</tt>, you might really need to use <tt>/var/lib/vz</tt> instead, especially on a Debian Etch host.
* Anywhere you see <tt>http://debian.osuosl.org/debian/</tt>, you can substitute your favorite Debian mirror. ([http://www.debian.org/mirror/list List of official Debian Mirrors])
== Prerequisites ==
You need to have a working copy of <tt>debootstrap</tt> running on your hardware node.
For Debian:
sudo apt-get install debootstrap
For Gentoo:
sudo emerge debootstrap
For other distros you might need to install it from sources, or search for an appropriate package for your distribution. An RPM is available on the [http://forum.openvz.org/index.php?t=tree&th=142&mid=584 OpenVZ Forum].
== Bootstrapping Debian ==
Change to a directory where you'll have about 200MB of usable space and the ability to run executables. Depending on your configuration, <tt>/tmp</tt> might be set <tt>noexec</tt> which would mean you'd have to use some other location. I'm going to use <tt>/vz/private</tt> for this.
cd /vz/private
Download Debian Etch to a directory called "etch-temp". Specify your architecture instead of <tt>i386</tt> if you're using something other than i386/x86. For example, for AMD64/x86_64, use <tt>amd64</tt> or for ia64, use <tt>ia64</tt>.
sudo debootstrap --arch i386 etch etch-temp http://debian.osuosl.org/debian/
== Inside the template ==
The following actions are all performed inside the template. To get inside, run this:
sudo chroot etch-temp
=== Set Debian repositories ===
cat <<EOF > /etc/apt/sources.list
deb http://debian.osuosl.org/debian/ etch main contrib
deb http://security.debian.org etch/updates main contrib
EOF
=== Update and upgrade packages ===
This will update the available packages list, upgrade installed packages with security updates, and install the new packages that are listed below. Feel free to add your own.
apt-get update
apt-get upgrade
=== Install more packages ===
Installing packages could be an interactive process so the system might ask some questions. You can install more packages if you'd like. For example:
apt-get install ssh quota
=== Set sane permissions for <tt>/root</tt> directory ===
chmod 700 /root
=== Disable root login===
This will disable root login by default.
usermod -L root
=== Disable getty ===
Disable running <tt>getty</tt>s on terminals as a VE does not have any:
sed -i -e '/getty/d' /etc/inittab
=== Disable <tt>sync()</tt> for syslog ===
Turn off doing <tt>sync()</tt> on every write for <tt>syslog</tt>'s log files, to improve I/O performance:
sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf
=== Fix <tt>/etc/mtab</tt> ===
Link <tt>/etc/mtab</tt> to <tt>/proc/mounts</tt>, so <tt>df</tt> and friends will work:
rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab
=== Remove some unneeded packages ===
If you have any packages you'd like to remove, now's the time for it. Here's an example:
dpkg --purge fortune-mod fortunes-min
=== Disable services ===
If there are any services you'd like to disable, do that now. Here's an example:
update-rc.d -f klogd remove
=== Fix SSH host keys ===
This is only useful if you installed SSH. Each individual [[VE]] should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created [[VE]] to create new SSH keys on first boot.
rm -f /etc/ssh/ssh_host_*
cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
#!/bin/bash
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
rm -f \$0
EOF
chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
=== Clean packages cache ===
After installing packages, you'll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out.
apt-get clean
=== Get out of the template ===
Now everything is done. Exit from the template and go back to the hardware node.
exit
== Preparing for and packing template cache ==
Now create a cached OS tarball. In the command below, you'll want to replace <tt>i386</tt> with your architecture (i386, amd64, ia64, etc).
cd etch-temp
sudo tar -zcf /vz/template/cache/debian-4.0-i386-basic.tar.gz .
cd ..
Check to make sure the filesize of the resulting tarball is sane:
# ls -lh /vz/template/cache
-rw-r--r-- 1 root root 51M Apr 10 03:16 debian-4.0-i386-basic.tar.gz
== Dispose of the temporary template directory ==
You're done with the template directory. Remove it.
sudo rm -Rf etch-temp
== Use your new template ==
We can now create a VE based on the just-created template cache. Be sure to change <tt>i386</tt> to your architecture just like you did when you named the tarball above.
sudo vzctl create 123456 --ostemplate debian-4.0-i386-basic
Now make sure that it works:
sudo vzctl start 123456
sudo vzctl exec 123456 ps ax
You should see that a few processes are running as expected.
== Final cleanup ==
Stop and remove the test VE you just created:
sudo vzctl stop 123456
sudo vzctl destroy 123456
sudo rm /etc/vz/conf/123456.conf.destroyed