Changes

Jump to: navigation, search

Debian template creation

4,392 bytes added, 09:24, 28 January 2020
ctcreate to ctctl
These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ [[VE]]s based on Debian Etch (4.0). (see also <tt> {{Note|'''[https:/usr/sharedownloads.actiu.net/docctctl/vzctl/READMEctctl]''' is an automated helper to create and customize Debian templates.Debian</tt> in the }} {{Warning|The recommended way is '''not to follow'vzctl'' the below instructions, but to use the official Debian templates, modifying those to your needs. Some template + container creation helpers are recommended at page [[Deploying Debian package)VEs without Templates]].}}
'''Notes:'''
* Anywhere you see <tt>/vz</tt>, you might really need to use <tt>/var/lib/vz</tt> instead, especially on a Debian Etch host.
* Anywhere you see <tt>http://http.us.debian.org/debian/</tt>, you can substitute your favorite Debian mirror. ([http://www.debian.org/mirror/list List of official Debian Mirrors])
* See also: <tt>/usr/share/doc/vzctl/README.Debian</tt> in the ''vzctl'' Debian package
== Prerequisites ==
 
{{Warning|if you want to use <code>ext4</code> file system for <code>/vz</code>, use <code>nodelalloc</code> option in <code>/etc/fstab</code>, otherwise it will crash. See {{Bug|1509}} and its duplicates for details.}}
You need to have a working copy of <tt>debootstrap</tt> running on your hardware node.
The command parameters are:
debootstrap --arch ARCH NAME DIRECTORY [URL]
Specify your architecture instead of <tt>i386</tt> if you're using something other than i386/x86. For example, for AMD64/x86_64, use <tt>amd64</tt> or for ia64, use <tt>ia64</tt>. You can use http or ftp in the URL.
We use VE ID of 777 for this example, but it can be any unused ID.
=== Squeeze Stretch (current Debian stable) ===net-tools,ifupdown (not in debootstrap base set) provide ifconfig,ifup; required by OpenVZ to enable venet networking.  debootstrap --arch i386 --include=net-tools,ifupdown stretch /vz/private/777 or debootstrap --arch amd64 --include=net-tools,ifupdown stretch /vz/private/777 === Jessie (current oldstable) ===  debootstrap --arch i386 jessie /vz/private/777 http://http.us.debian.org/debian/ or debootstrap --arch amd64 jessie /vz/private/777 http://ftp.us.debian.org/debian/ === Wheezy (old release) ===  debootstrap --arch i386 wheezy /vz/private/777 http://http.us.debian.org/debian/ or debootstrap --arch amd64 wheezy /vz/private/777 http://ftp.us.debian.org/debian/ === Squeeze (old release) ===
debootstrap --arch i386 squeeze /vz/private/777 http://http.us.debian.org/debian/
debootstrap --arch amd64 squeeze /vz/private/777 ftp://ftp.us.debian.org/debian/
=== Lenny (Debian oldstableold release) ===
debootstrap --arch i386 lenny /vz/private/777 http://http.us.debian.org/debian/ or debootstrap --arch amd64 lenny /vz/private/777 ftp://ftp.usarchive.debian.org/debian/
=== Etch (very old release) ===
debootstrap --arch i386 etch /vz/private/777 http://http.us.debian.org/debian/
=== Sarge (very deeply old release) ===
debootstrap sarge /vz/private/777 http://archive.debian.org/debian
### OpenVZ settings
# On Hardware Node we generally need enable packetforwarding to forward # forwarding enabled packets between the HN network interfaces and proxy venet. # Proxy arp disabledis needed when CT is in a different subnet # or when using veth AND veth is not bridged to a HN # interface. When veth is bridged to a HN interface, # the CT handles its own arps.
net.ipv4.conf.default.forwarding=1
Also, we need <tt>OSTEMPLATE</tt> to be set in VE configuration file, for [[vzctl]] to work properly.
sudo sh -c 'echo OSTEMPLATE=\"debian-56.0\"' >> /etc/vz/conf/777.conf
=== Setting VE IP address ===
== Customizing the installation ==
A few things need to be done inside a newly created VE for it to become suitable for OpenVZ. Enter the VE to begin the configuration(note: if running a wheezy container on a squeeze hardware node, you'll need to manually install a newer version of vzctl (the one from wheezy will be fine - http://packages.debian.org/wheezy/vzctl) due to this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683454 - without making this change, the enter command will hang). Exporting the path is optional.
sudo vzctl enter 777
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
=== Set Debian repositories ===
The list shown is for wheezy, and downloading from US located servers - adjust your release name and mirror location as necessary
cat <<EOF > /etc/apt/sources.list
deb http://http.us.debian.org/debian squeeze wheezy main contrib deb http://security.debian.org squeezewheezy/updates main contrib deb http://http.us.debian.org/debian squeezewheezy-updates main
## backports - ONLY IF YOU KNOW WHAT YOU DO
# deb http://http.us.debian.org/debian-backports/ squeezewheezy-backports main
EOF
sed -i -e '/getty/d' /etc/inittab
It=== Disable <tt>sync()</tt> for syslog ===Turn off doing <tt>sync()</tt> on every write for <tt>syslog</tt>'s about time soemnoe wrote about thislog files, to improve I/O performance: <pre>sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/*syslog.conf</pre>
=== Fix <tt>/etc/mtab</tt> ===
=== Remove some unneeded packages ===
If you have any packages you'd like to remove, now's the time for it. Here's an example — note that not all of those packages are installed by default in Debian Squeeze (although they were in earlier versions):
 
dpkg --purge modutils ppp pppoeconf pppoe pppconfig module-init-tools
=== Disable services ===
Do not start some services, stick to bare minimum:
update-rc.d -f klogd remove
update-rc.d -f quotarpc remove
update-rc.d -f exim4 remove
update-rc.d -f inetd remove
For dependencyDo not start some services, stick to bare minimum. This step is release dependent. ==== for Jessie ==== <source lang="bash"># turn off and stop some servicesfor i in bind9 quotarpc fetchmail ondemand rsync uuidd wide-based boot sequence introduced with dhcpv6-client; do systemctl stop $i systemctl disable $idone # for upstart services comment out the start on in confsfor i in nmbd smbd samba-ad-dc rpcbind; do systemctl disable $idone</source> ==== for Squeeze type:====
update-rc.d-insserv -f klogd remove
update-rc.d-insserv -f exim4 remove
update-rc.d-insserv -f inetd remove
 
==== for older releases (Lenny, Sarge etc.) ====
 
update-rc.d -f klogd remove
update-rc.d -f quotarpc remove
update-rc.d -f exim4 remove
update-rc.d -f inetd remove
=== Fix SSH host keys ===
This is only useful if you installed SSH. Each individual [[VE]] should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created [[VE]] to create new SSH keys on first boot.
<!-- please do not remove <source>...</source> pair of tags below,==== for Jessie ==== otherwise quotes after -N (-N '') are not visible -->
<source lang="bash">
# Save /etc/rc.local copymv /etc/rc.local /etc/rc.local.orig # ssh host keys hackecho "#!/bin/shrm -f /etc/ssh/ssh_host_*cat << EOF > /usr/bin/ssh-keygen -t rsa -N '' -f /etc/rc2.dssh/S15ssh_gen_host_keysssh_host_rsa_key#!/usr/bin/bashssh-keygen -t dsa -N '' -f /etc/ssh/ssh_host_rsa_key ssh_host_dsa_key/usr/bin/ssh-keygen -t rsa rsa1 -N ''-f /etc/ssh/ssh_host_key/usr/bin/ssh-keygen -t ecdsa -N '' -f /etc/ssh/ssh_host_dsa_key ssh_host_ecdsa_key/usr/bin/ssh-keygen -t dsa ed25519 -N ''rm -f \$0/etc/ssh/ssh_host_ed25519_keyEOFsystemctl restart sshchmod a+x mv -f /etc/rc2rc.dlocal.orig /etc/S15ssh_gen_host_keysrc.local<" > /source>etc/rc.local
{{Note|This will not work using the dependency-based boot sequence introduced with Squeezechmod a+x /etc/rc. See the section below. }}local</source>
=== Fix SSH host keys in = for Squeeze when using dependency-based booting ====
rm -f /etc/ssh/ssh_host_*
chmod a+x /etc/init.d/ssh_gen_host_keys
insserv /etc/init.d/ssh_gen_host_keys
 
==== for older releases (Lenny, Sarge etc.) ====
 
<!-- please do not remove <source>...</source> pair of tags below,
otherwise quotes after -N (-N '') are not visible -->
<source lang="bash">
rm -f /etc/ssh/ssh_host_*
cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
#!/bin/bash
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
rm -f \$0
EOF
chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
</source>
=== Change timezone ===
<source lang="bash">
dpkg-reconfigure tzdata
</source>
 
=== Create vzfifo script (for Jessie only) ===
 
This step is required '''for Jessie only''' (and is handled automatically by vzctl for earlier Debian releases). It ensures that <code>vzctl start --wait</code> works as expected.
 
<source lang="bash">
# Create vzfifo service
cat >> /lib/systemd/system/vzfifo.service << EOF
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
[Unit]
Description=Tell that Container is started
ConditionPathExists=/proc/vz
ConditionPathExists=!/proc/bc
After=multi-user.target quotaon.service quotacheck.service
 
[Service]
Type=forking
ExecStart=/bin/touch /.vzfifo
TimeoutSec=0
RemainAfterExit=no
SysVStartPriority=99
 
[Install]
WantedBy=multi-user.target
EOF
 
# Enable service
for service in vzfifo; do
systemctl enable $service > /dev/null 2>&1
done
</source>
=== Clean packages ===
After installing packages, you'll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out.
apt-get --purge clean
Now everything is done. Exit from the template and go back to the hardware node.
exit
Heck of == Preparing for and packing template cache == We don't need an IP for the VE anymore, and we definitely do not need it in template cache, so remove it: sudo vzctl set 777 --ipdel all --save Also, remove DNS server and search domain information from ''/etc/resolv.conf'' file '''in VE''': sudo editor /vz/private/777/etc/resolv.conf Also, remove ''/etc/hostname'' file '''in VE''': sudo rm -f /vz/private/777/etc/hostname Stop the VE: sudo vzctl stop 777 Go to the VE directory: cd /vz/private/777 Now create a job therecached OS tarball. In the command below, you'll want to replace <tt>i386</tt> with your architecture (i386, amd64, it absoltuely helps me outia64, etc). sudo tar --numeric-owner -zcf /vz/template/cache/debian-5.0-i386-minimal.tar.gz . Look at the resulting tarball to see its size is sane: # ls -lh /vz/template/cache -rw-r--r-- 1 root root 51M Apr 10 03:16 debian-5.0-i386-minimal.tar.gz
== Checking if template cache works ==
You might want to edit /etc/vz/vz.conf and change DEF_OSTEMPLATE to the name of the template you use most often so that you don't have to specify the template when creating a VE.
DEF_OSTEMPLATE="debian-56.0-i386-minimal"
If you use iptables, you might want to include additional modules in the list for IPTABLES in /etc/vz/vz.conf. See ''man vzctl'' for a list of available modules.
Narcisgarcia
92
edits
Retrieved from "https://wiki.openvz.org/Special:MobileDiff/11486...23238"

Navigation menu