== Creating a new Host Template Cache for HostGIS Linux 4.x or Slackware 11.x/12.x == This process uses VMWare VMware to install the OS into a VM, then to trim down the VM's contents to only those items suitable for a VPS/[[VE ]] environment, then to save a snapshot of the system as a host template cache for use in OpenVZ.

=== Create the VM in VMWare =VMware ==

Technically, you could probably do this on a hardware PC without VMWareVMware, but VMWare VMware does make it more convenient.

Start by creating a new VM in VMWareVMware.

* Hostname: template * Domain: internal.lan* IP config: as appropriate for your LAN

# packages not applicable to a VPS setting, or which we don't use at HostGIS # e.g. phpMyAdmin and phpPgAdmin are security holesVE

mdadm-* floppy-* lvm2-* phpMyAdmin-* phppgAdmin-* raidtools-* reiserfsprogs-* \

# the startup sequence and services, even the firewall

rc.scanluns rc.serial rc.udev rc.sysvinit rc.firewall

# clear out old/dummy SSL certificates mv /etc/ssl/openssl.cnf /tmp ; rm -r /etc/ssl/* ; mv /tmp/openssl.cnf /etc/ssl

# fix file permissionsset an ownership on any unowned files find / -mount -nouser -exec chown root {} \; & find / -mount -nogroup -exec chgrp root {} \; &for i in \ /bin/ping /bin/mount /bin/ping6 /bin/umount /usr/bin/chfn \ /usr/bin/chsh /usr/bin/crontab /usr/bin/chage /usr/bin/traceroute6 /usr/bin/traceroute \ /usr/bin/expiry /usr/bin/newgrp /usr/bin/passwd /usr/bin/gpasswd \ /usr/libexec/ssh-keysign /usr/libexec/pt_chown /usr/bin/wall /usr/bin/write do chmod u-s $i ; done

# fix Apache's configuration:remove the setuid bit from programs which nobody else should use # add ServerTokens prodyou may want to review this list first, as some folks want their users # go able to the htdocs Directory definition edit cronjobs and to change Indexes to -Indexestheir own passwords, etc.# delete the entries for phpmyadmin and phppgadmini in \vi /bin/ping /bin/mount /bin/ping6 /etcbin/umount /usr/apachebin/httpd.confchfn \ /usr/bin/chsh /usr/bin/crontab /usr/bin/chage /usr/bin/traceroute6 /usr/bin/traceroute \# keep FTP users chrooted: /usr/bin/expiry /usr/bin/newgrp /usr/bin/passwd /usr/bin/gpasswd \echo "" >> /etcusr/proftpd.confecho "# keep all users chrooted to their homedir" >> libexec/etcssh-keysign /proftpd.confecho "DefaultRoot ~" >> usr/etclibexec/proftpd.conf # allow the mailq to be checked by anybody:chgrp smmsp pt_chown /varusr/spoolbin/mqueuechmod g+rx wall /varusr/spoolbin/mqueuewrite do chmod u-s $i ; done

A VPS cannot actually reboot, since there's no power switch to power-cycle the machineafter the VE has been shut down. OpenVZ emulates this effect rebooting with an external cronjobcalled vpsreboot (see /etc/cron.d/vz). In order to reboot a VPS that has been shut downand which is expecting a reboot, the shutdown sequence must create a dummy file named called /rebootin within the VPS's filesystem. AlsoVE, and emulates the /etc/mtab file should point by pointing it to /proc/mounts so it can detect So, some small changes are necessary to the / filesystemrc scripts.

# somewhere in rc.6 add this command: touch /reboot vi /etc/rc.d/rc.6And add these two lines near the start:# create the reboot flag so we get rebooted automaticallytouch /reboot

vi /etc/rc.d/ # somewhere in rc.MAnd , add these two lines near the startthis command:# replace the mtab file with a link to /proc/mounts so OpenVZ can find the / filesystemrm -f /etc/mtab ; ln -s /proc/mounts /etc/mtab vi /etc/rc.d/rc.M

# stop all services apachectl stop killall syslogd klogd udevd crond /etc/rc.d/rc.sendmail stop /etc/rc.d/rc.inetd stop /etc/webmin/stop /etc/rc.d/rc.pgsql stop /etc/rc.d/rc.mysqld stop killall named proftpdkillall xinetd

# blow away the network configuration with dummy strings for later replacement # replace the IP address with __IPADDRESS_ # replace the netmask with __NETMASK__ # replace the GATEWAY with __GATEWAY__ vi /etc/rc.d/rc.inet1.conf

# disable the root and user accounts # by changing the password for root and user to a ! character. vi /etc/shadow

# refresh the 'locate' cache /etc/cron.daily/slocate

# blank out the system logfiles for logfile in \ /var/log/messages /var/log/syslog /var/log/debug /var/log/secure \ /var/log/maillog /var/log/spooler /var/log/proftpd.log /var/log/xinetd.log \ /var/log/dmesg /var/log/faillog /var/log/lastlog /var/log/wtmp \ /var/log/apache/access_log /var/log/apache/error_log \ /var/log/webmin/miniserv.error /var/log/webmin/miniserv.pid do cp /dev/null $logfile ; done rmdir /var/log/sa

# clear the SSH host key rm -f /etc/ssh/ssh_host_*

# database server logfiles rm -f /var/lib/mysql/*.err /var/lib/pgsql/logfile

# delete vi backup files, bash_history files, and other small application crud unset HISTFILE find / -name '*~' \ -o -name .bash_history \ -o -name .gnupg \ -o -name .lesshst \ -o -name .viminfo \ -o -name .rnd \ -delete

# the junk anything under /tmp rm -rf /tmp/*

A VE CT cache is just a tar.gz file of the entire filesystem, excluding some very dynamic stuff which gets populated by the OS at runtime anyway: <code>

tar --numeric-owner -zcvf /tmp/HostGIS_Linux_4.2_64bit.tar.gz --exclude='/sys/*' --exclude='/proc/*' --exclude='/tmp/*' /