Creating a template cache : Slackware or HostGIS Linux

From OpenVZ Virtuozzo Containers Wiki
Revision as of 16:48, 30 November 2007 by HostGIS (talk | contribs)
Jump to: navigation, search

Creating a new Host Template Cache for HostGIS Linux 4.x or Slackware 11.x/12.x

This process uses VMWare to install the OS into a VM, then to trim down the VM's contents to only those items suitable for a VPS/VE environment, then to save a snapshot of the system as a host template cache for use in OpenVZ.

This document focuses on HostGIS Linux (a Slackware derivative) but aside from the specifics about installation settings, it should be 99% applicable to Slackware as well.


Create the VM in VMWare

Technically, you could probably do this on a hardware PC without VMWare, but VMWare does make it more convenient.

Start by creating a new VM in VMWare.

  • The disk and RAM stats can be minimal, as the system will never see live use.
  • There is no need to create the entire disk at once during the setup.
  • Create the disk as SCSI.

Then install HGL.

  • Create a small partition at the end of the disk for swap. Some swap is technically necessary, but since you'll never in fact be using it, a few MB should be fine.
  • Set the passwords to 'password'
  • Do set the timezone properly. The internal clock does not use UTC/GMT.
  • Select the default mouse, but do NOT enable GPM at startup.
  • Hostname: template Domain: internal.lan
  • IP config: as appropriate for your LAN
  • Nameserver: no

Reboot into your new HGL install, and log in.


Delete unnecessary stuff

 # kernel, kernel modules, documentation, mount points
 rm -rf /lib/modules /boot /dev/.udev /usr/doc /usr/info /media

 # packages not applicable to a VPS setting, or which we don't use at HostGIS
 # e.g. phpMyAdmin and phpPgAdmin are security holes
 cd /var/log/packages
 for pkg in \
    hotplug-* hdparm-* devmapper-* udev-* usbutils-* pciutils-* module-init-tools-* \
    mdadm-* floppy-* lvm2-* phpMyAdmin-* phppgAdmin-* raidtools-* reiserfsprogs-* \
    smartmontools-* sysfsutils-* syslinux-* wireless_tools.* quota-* iptables-*
 do removepkg $pkg ; done

 # most folks don't use GeoServer, so disable it by default
 chmod 644 /etc/rc.d/rc.geoserver

 # prune init's getty
 vi  /etc/inittab # delete everything after entry l6 (runlevel 6)
 init q

 # clean out the fstab and mtab files
 ( cd /etc ; rm -f fstab mtab ; ln -s ../proc/mounts mtab )
 echo "proc     /proc      proc     defaults    0  0" >> /etc/fstab
 echo "devpts   /dev/pts   devpts   mode=0620   0  0" >> /etc/fstab

 # the startup sequence and services, even the firewall
 cd /etc/rc.d
 rm -f rc.gpm-sample rc.gpm rc.hotplug rc.ip_forward rc.modules \
       rc.scanluns  rc.serial rc.udev rc.sysvinit   rc.firewall
 vi rc.syslog    # delete all mentions of klogd
 vi rc.local     # delete smartd and inetd
 vi rc.M         # delete the setterm entry
 vi rc.S         # delete the MOTD clobbering


Fix permissions and ownerships

  1. clear out old/dummy SSL certificates

mv /etc/ssl/openssl.cnf /tmp ; rm -r /etc/ssl/* ; mv /tmp/openssl.cnf /etc/ssl

  1. fix file permissions

find / -mount -nouser -exec chown root {} \; & find / -mount -nogroup -exec chgrp root {} \; & for i in \ 

  /bin/ping /bin/mount /bin/ping6 /bin/umount /usr/bin/chfn \
  /usr/bin/chsh /usr/bin/crontab /usr/bin/chage /usr/bin/traceroute6 /usr/bin/traceroute \
  /usr/bin/expiry /usr/bin/newgrp /usr/bin/passwd /usr/bin/gpasswd \
  /usr/libexec/ssh-keysign /usr/libexec/pt_chown /usr/bin/wall /usr/bin/write
  do chmod u-s $i ; done
  1. fix Apache's configuration:
  2. add ServerTokens prod
  3. go to the htdocs Directory definition and change Indexes to -Indexes
  4. delete the entries for phpmyadmin and phppgadmin

vi /etc/apache/httpd.conf

  1. keep FTP users chrooted:

echo "" >> /etc/proftpd.conf echo "# keep all users chrooted to their homedir" >> /etc/proftpd.conf echo "DefaultRoot ~" >> /etc/proftpd.conf

  1. allow the mailq to be checked by anybody:

chgrp smmsp /var/spool/mqueue chmod g+rx /var/spool/mqueue


Changes to rc scripts

A VPS cannot actually reboot, since there's no power switch to power-cycle the machine after the VE has been shut down. OpenVZ emulates this effect with an external cronjob called vpsreboot (see /etc/cron.d/vz). In order to reboot a VPS that has been shut down and which is expecting a reboot, the shutdown sequence must create a file named /reboot in the VPS's filesystem.

Also, the /etc/mtab file should point to /proc/mounts so it can detect the / filesystem.

vi /etc/rc.d/rc.6 And add these two lines near the start:

  1. create the reboot flag so we get rebooted automatically

touch /reboot

vi /etc/rc.d/rc.M And add these two lines near the start:

  1. replace the mtab file with a link to /proc/mounts so OpenVZ can find the / filesystem

rm -f /etc/mtab ; ln -s /proc/mounts /etc/mtab


Blanking settings

Lastly, you'll want to delete or blank out a bunch of files so they start fresh when the VE is booted for its first time.

  1. stop all services

apachectl stop killall syslogd klogd udevd crond /etc/rc.d/rc.sendmail stop /etc/webmin/stop /etc/rc.d/rc.pgsql stop /etc/rc.d/rc.mysqld stop killall named proftpd killall xinetd

  1. blow away the network configuration with dummy strings for later replacement
  2. replace the IP address with __IPADDRESS_
  3. replace the netmask with __NETMASK__
  4. replace the GATEWAY with __GATEWAY__

vi /etc/rc.d/rc.inet1.conf

  1. disable the root and user accounts
  2. by changing the password for root and user to a ! character.

vi /etc/shadow

  1. refresh the 'locate' cache

/etc/cron.daily/slocate

  1. blank out the system logfiles

for logfile in \ 

   /var/log/messages /var/log/syslog /var/log/debug /var/log/secure \
   /var/log/maillog /var/log/spooler /var/log/proftpd.log /var/log/xinetd.log \
   /var/log/dmesg /var/log/faillog /var/log/lastlog /var/log/wtmp \
   /var/log/apache/access_log /var/log/apache/error_log \
   /var/log/webmin/miniserv.error /var/log/webmin/miniserv.pid

do cp /dev/null $logfile ; done rmdir /var/log/sa

  1. clear the SSH host key

rm -f /etc/ssh/ssh_host_*

  1. database server logfiles

rm -f /var/lib/mysql/*.err /var/lib/pgsql/logfile

  1. delete vi backup files, bash_history files, and other small application crud

unset HISTFILE find / -name '*~' \ 

   -o -name .bash_history \
   -o -name .gnupg \
   -o -name .lesshst \
   -o -name .viminfo \
   -o -name .rnd \
   -delete
  1. the junk under /tmp

rm -rf /tmp/*


Zipping it up into a cache image

A VE cache is just a tar.gz file of the entire filesystem, excluding some very dynamic stuff which gets populated by the OS at runtime anyway:

tar zcvf /tmp/HostGIS_Linux_4.2_64bit.tar.gz --exclude='/sys/*' --exclude='/proc/*' --exclude='/tmp/*' /

Retrieved from "https://wiki.openvz.org/index.php?title=Creating_a_template_cache_:_Slackware_or_HostGIS_Linux&oldid=3683"