Difference between revisions of "Debian template creation"

These are rough instructions of how to manually create minimal Debian Sarge (3.1) template cache, which can be used to create OpenVZ VEs based on Debian Sarge (3.1).

Prerequisites

I have used OpenVZ on a Gentoo Linux for this work, but any distribution is fine, as long as you can have a working debootstrap utility on it.

For Gentoo, run

emerge debootstrap

For other distros you might need to install it from sources, or google for an appropriate package for your distro. An RPM is available from [1].

Bootstrapping Debian

All the commands below are executed from the root shell. We use VE ID of 777 for this example; surely it can be any other unused ID.

For Debian Sarge on an x86 (a.k.a. i386) architecture:

debootstrap --arch i386 sarge /vz/private/777  http://ftp.freenet.de/debian

For Debian Sarge on an x86_64 (a.k.a. AMD64) architecture (Sarge/amd64 is not official so we have to use another repository):

debootstrap --arch amd64 sarge /vz/private/777 http://amd64.debian.net/debian

For Debian Sarge on an ia64 architecture:

debootstrap --arch ia64  sarge /vz/private/777  http://ftp.freenet.de/debian

Preparing and starting the VE

Setting VE config

First, we need a config for the VE:

vzctl set 777 --applyconfig vps.basic --save

Setting VE OSTEMPLATE

Also, we need OSTEMPLATE to be set in VE configuration file, for the vzctl to work properly.

echo "OSTEMPLATE=debian-3.1" >> /etc/vz/conf/777.conf

Setting VE IP address

For the VE to be able to download updates from the Internet, we need a valid IP address for it:

vzctl set 777 --ipadd x.x.x.x --save

Note: if you use private IP for the VE, you have to set up NAT as described in Using NAT for VE with private IPs.

Setting Debian repositories

For x86_64:

cat << EOF > /vz/private/777/etc/apt/sources.list
deb http://amd64.debian.net/debian  stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
EOF

For i386:

cat << EOF > /vz/private/777/etc/apt/sources.list
deb http://ftp.freenet.de/debian stable main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
EOF

Starting VE

Now start the VE:

vzctl start 777

Customizing the installation

A few things needs to be done inside a newly created VE for it to become suitable for OpenVZ. All those things are done inside the VE, so first command is vzctl enter.

Note: Do not run these commands inside host system, they are only for VE!

vzctl enter 777
export PATH=/sbin:/usr/sbin:/bin:/usr/bin

Convert the system to use shadow passwords

pwconv

Get new security updates

apt-get update
apt-get upgrade

Install some more packages

This could be an interactive process so the system would ask some questions. Here you can add more packages you like to be present, like less, vim etc.

apt-get install ssh quota

Disable root login

usermod -L root

Note: The root login will be enabled back then you use vzctl set VEID --userpasswd root:xxxx.

Disable getty

Disable running gettys on terminals as a VE does not have any:

sed -i -e '/getty/d' /etc/inittab

Put sane permissions for /root directory

chmod 700 /root

Disable sync() for syslog

Turn off doing sync() on every write for syslog's log files, to improve I/O performance:

sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf

Fix /etc/mtab

Link /etc/mtab to /proc/mounts, so df and stuff will work:

rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab

Remove some unneeded packages

dpkg --purge modutils
dpkg --purge ppp pppoeconf pppoe pppconfig

Disable services

Do not start some services, stick to bare minimum:

update-rc.d -f klogd remove
update-rc.d -f quotarpc remove
update-rc.d -f exim4 remove
update-rc.d -f inetd remove

Fix SSH host keys

SSH host keys should be created later, upon the first VE start:

rm -f /etc/ssh/ssh_host_*
cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
#!/bin/bash
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
rm -f \$0
EOF
chmod a+x /etc/rc2.d/S15ssh_gen_host_keys

Clean packages

apt-get clean

Now everything is done. Exit from the VE by pressing Ctrl-D (or typing exit).

Preparing for and packing template cache

We don't need an IP for the VE anymore, and we definitely do not need it in template cache, so remove it:

vzctl set 777 --ipdel all --save

Stop the VE:

vzctl stop 777

Go to the VE directory:

cd /vz/private/777

Now create a cached OS tarball.

For i386:

tar czf /vz/template/cache/debian-3.1-i386-minimal.tar.gz .

For AMD64:

tar czf /vz/template/cache/debian-3.1-x86_64-minimal.tar.gz .

Look at the resulting tarball to see its size is sane:

# ls -lh /vz/template/cache/de*
-rw-r--r--  1 root root 42M Nov 17 23:50 
/vz/template/cache/debian-3.1-x86_64-minimal.tar.gz

Checking if template cache works

We can now create a VE based on the just-created template cache.

For x86_64:

vzctl create 1002 --ostemplate debian-3.1-x86_64-minimal

For i386:

vzctl create 1002 --ostemplate debian-3.1-i386-minimal

Now check that it works:

vzctl start 1002
vzctl exec 1002 ps ax

You should see that a few processes are running.

Final cleanups

Let's stop and remove the VE we used to test a new cache:

vzctl stop 1002
vzctl destroy 1002

Finally, let's remove the VE we used for OS template cache creation:

vzctl destroy 777