Changes

Jump to: navigation, search

Debian template creation

3,605 bytes added, 09:24, 28 January 2020
ctcreate to ctctl
These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ [[VE]]s based on Debian Etch (4.0). (see also <tt> {{Note|'''[https:/usr/sharedownloads.actiu.net/docctctl/vzctl/READMEctctl]''' is an automated helper to create and customize Debian templates.Debian</tt> in the }} {{Warning|The recommended way is '''not to follow'vzctl'' the below instructions, but to use the official Debian templates, modifying those to your needs. Some template + container creation helpers are recommended at page [[Deploying Debian package)VEs without Templates]].}}
'''Notes:'''
* Anywhere you see <tt>/vz</tt>, you might really need to use <tt>/var/lib/vz</tt> instead, especially on a Debian Etch host.
* Anywhere you see <tt>http://http.us.debian.org/debian/</tt>, you can substitute your favorite Debian mirror. ([http://www.debian.org/mirror/list List of official Debian Mirrors])
* See also: <tt>/usr/share/doc/vzctl/README.Debian</tt> in the ''vzctl'' Debian package
== Prerequisites ==
 
{{Warning|if you want to use <code>ext4</code> file system for <code>/vz</code>, use <code>nodelalloc</code> option in <code>/etc/fstab</code>, otherwise it will crash. See {{Bug|1509}} and its duplicates for details.}}
You need to have a working copy of <tt>debootstrap</tt> running on your hardware node.
The command parameters are:
debootstrap --arch ARCH NAME DIRECTORY [URL]
Specify your architecture instead of <tt>i386</tt> if you're using something other than i386/x86. For example, for AMD64/x86_64, use <tt>amd64</tt> or for ia64, use <tt>ia64</tt>. You can use http or ftp in the URL.
We use VE ID of 777 for this example, but it can be any unused ID.
=== Squeeze Stretch (current Debian stable) ===net-tools,ifupdown (not in debootstrap base set) provide ifconfig,ifup; required by OpenVZ to enable venet networking.  debootstrap --arch i386 --include=net-tools,ifupdown stretch /vz/private/777 or debootstrap --arch amd64 --include=net-tools,ifupdown stretch /vz/private/777 === Jessie (current oldstable) ===  debootstrap --arch i386 jessie /vz/private/777 http://http.us.debian.org/debian/ or debootstrap --arch amd64 jessie /vz/private/777 http://ftp.us.debian.org/debian/ === Wheezy (old release) ===  debootstrap --arch i386 wheezy /vz/private/777 http://http.us.debian.org/debian/ or debootstrap --arch amd64 wheezy /vz/private/777 http://ftp.us.debian.org/debian/ === Squeeze (old release) ===
debootstrap --arch i386 squeeze /vz/private/777 http://http.us.debian.org/debian/
debootstrap --arch amd64 squeeze /vz/private/777 ftp://ftp.us.debian.org/debian/
=== Lenny (Debian oldstableold release) ===
debootstrap --arch i386 lenny /vz/private/777 http://http.us.debian.org/debian/ or debootstrap --arch amd64 lenny /vz/private/777 ftp://ftp.usarchive.debian.org/debian/
=== Etch (very old release) ===
debootstrap --arch i386 etch /vz/private/777 http://http.us.debian.org/debian/
=== Sarge (very deeply old release) ===
debootstrap sarge /vz/private/777 http://archive.debian.org/debian
### OpenVZ settings
# On Hardware Node we generally need enable packetforwarding to forward # forwarding enabled packets between the HN network interfaces and proxy venet. # Proxy arp disabledis needed when CT is in a different subnet # or when using veth AND veth is not bridged to a HN # interface. When veth is bridged to a HN interface, # the CT handles its own arps.
net.ipv4.conf.default.forwarding=1
Also, we need <tt>OSTEMPLATE</tt> to be set in VE configuration file, for [[vzctl]] to work properly.
sudo sh -c 'echo OSTEMPLATE=\"debian-56.0\"' >> /etc/vz/conf/777.conf
=== Setting VE IP address ===
== Customizing the installation ==
A few things need to be done inside a newly created VE for it to become suitable for OpenVZ. Enter the VE to begin the configuration(note: if running a wheezy container on a squeeze hardware node, you'll need to manually install a newer version of vzctl (the one from wheezy will be fine - http://packages.debian.org/wheezy/vzctl) due to this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683454 - without making this change, the enter command will hang). Exporting the path is optional.
sudo vzctl enter 777
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
=== Set Debian repositories ===
The list shown is for wheezy, and downloading from US located servers - adjust your release name and mirror location as necessary
cat <<EOF > /etc/apt/sources.list
deb http://http.us.debian.org/debian squeeze wheezy main contrib deb http://security.debian.org squeezewheezy/updates main contrib deb http://http.us.debian.org/debian squeezewheezy-updates main
## backports - ONLY IF YOU KNOW WHAT YOU DO
# deb http://http.us.debian.org/debian-backports/ squeezewheezy-backports main
EOF
=== Remove some unneeded packages ===
If you have any packages you'd like to remove, now's the time for it. Here's an example — note that not all of those packages are installed by default in Debian Squeeze (although they were in earlier versions):
 
dpkg --purge modutils ppp pppoeconf pppoe pppconfig module-init-tools
=== Disable services ===
Do not start some services, stick to bare minimum:
update-rc.d -f klogd remove
update-rc.d -f quotarpc remove
update-rc.d -f exim4 remove
update-rc.d -f inetd remove
For dependencyDo not start some services, stick to bare minimum. This step is release dependent. ==== for Jessie ==== <source lang="bash"># turn off and stop some servicesfor i in bind9 quotarpc fetchmail ondemand rsync uuidd wide-based boot sequence introduced with dhcpv6-client; do systemctl stop $i systemctl disable $idone # for upstart services comment out the start on in confsfor i in nmbd smbd samba-ad-dc rpcbind; do systemctl disable $idone</source> ==== for Squeeze type:====
update-rc.d-insserv -f klogd remove
update-rc.d-insserv -f exim4 remove
update-rc.d-insserv -f inetd remove
 
==== for older releases (Lenny, Sarge etc.) ====
 
update-rc.d -f klogd remove
update-rc.d -f quotarpc remove
update-rc.d -f exim4 remove
update-rc.d -f inetd remove
=== Fix SSH host keys ===
This is only useful if you installed SSH. Each individual [[VE]] should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created [[VE]] to create new SSH keys on first boot.
<!-- please do not remove <source>...</source> pair of tags below,==== for Jessie ==== otherwise quotes after -N (-N '') are not visible -->
<source lang="bash">
# Save /etc/rc.local copymv /etc/rc.local /etc/rc.local.orig # ssh host keys hackecho "#!/bin/shrm -f /etc/ssh/ssh_host_*cat << EOF > /usr/bin/ssh-keygen -t rsa -N '' -f /etc/rc2.dssh/S15ssh_gen_host_keysssh_host_rsa_key#!/usr/bin/bashssh-keygen -t dsa -N '' -f /etc/ssh/ssh_host_rsa_key ssh_host_dsa_key/usr/bin/ssh-keygen -t rsa rsa1 -N ''-f /etc/ssh/ssh_host_key/usr/bin/ssh-keygen -t ecdsa -N '' -f /etc/ssh/ssh_host_dsa_key ssh_host_ecdsa_key/usr/bin/ssh-keygen -t dsa ed25519 -N ''rm -f \$0/etc/ssh/ssh_host_ed25519_keyEOFsystemctl restart sshchmod a+x mv -f /etc/rc2rc.dlocal.orig /etc/S15ssh_gen_host_keysrc.local<" > /source>etc/rc.local
{{Note|This will not work using the dependency-based boot sequence introduced with Squeezechmod a+x /etc/rc. See the section below. }}local</source>
=== Fix SSH host keys in = for Squeeze when using dependency-based booting ====
rm -f /etc/ssh/ssh_host_*
chmod a+x /etc/init.d/ssh_gen_host_keys
insserv /etc/init.d/ssh_gen_host_keys
 
==== for older releases (Lenny, Sarge etc.) ====
 
<!-- please do not remove <source>...</source> pair of tags below,
otherwise quotes after -N (-N '') are not visible -->
<source lang="bash">
rm -f /etc/ssh/ssh_host_*
cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
#!/bin/bash
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
rm -f \$0
EOF
chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
</source>
=== Change timezone ===
</source>
Calilng all cars=== Create vzfifo script (for Jessie only) === This step is required '''for Jessie only''' (and is handled automatically by vzctl for earlier Debian releases). It ensures that <code>vzctl start --wait</code> works as expected. <source lang="bash"># Create vzfifo servicecat >> /lib/systemd/system/vzfifo.service << EOF# This file is part of systemd.## systemd is free software; you can redistribute it and/or modify it# under the terms of the GNU General Public License as published by# the Free Software Foundation; either version 2 of the License, calling all carsor# (at your option) any later version. [Unit]Description=Tell that Container is startedConditionPathExists=/proc/vzConditionPathExists=!/proc/bcAfter=multi-user.target quotaon.service quotacheck.service [Service]Type=forkingExecStart=/bin/touch /.vzfifoTimeoutSec=0RemainAfterExit=noSysVStartPriority=99 [Install]WantedBy=multi-user.targetEOF # Enable servicefor service in vzfifo; do systemctl enable $service > /dev/null 2>&1done</source> === Clean packages ===After installing packages, weyou're ready ll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out. apt-get clean Now everything is done. Exit from the template and go back to make a dealthe hardware node. exit
== Preparing for and packing template cache ==
Also, remove DNS server and search domain information from ''/etc/resolv.conf'' file '''in VE''':
sudo nano editor /vz/private/777/etc/resolv.conf
Also, remove ''/etc/hostname'' file '''in VE''':
You might want to edit /etc/vz/vz.conf and change DEF_OSTEMPLATE to the name of the template you use most often so that you don't have to specify the template when creating a VE.
DEF_OSTEMPLATE="debian-56.0-i386-minimal"
If you use iptables, you might want to include additional modules in the list for IPTABLES in /etc/vz/vz.conf. See ''man vzctl'' for a list of available modules.
Narcisgarcia
92
edits
Retrieved from "https://wiki.openvz.org/Special:MobileDiff/11470...23238"

Navigation menu