Editing Deploying Debian VEs without Templates
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | Installing Debian Virtual Environments without relying on a precreated template has many advantages and a few drawbacks | + | Installing Debian Virtual Environments without relying on a precreated template has many advantages and a few drawbacks. |
− | |||
== Templates == | == Templates == | ||
[[Template|Templates]] are at the heart of the OpenVZ VE creation process. A "template cache" is basically a tarball consisting of a minimum operating system installation of a given Linux flavor. | [[Template|Templates]] are at the heart of the OpenVZ VE creation process. A "template cache" is basically a tarball consisting of a minimum operating system installation of a given Linux flavor. | ||
+ | |||
== Reasons for pre-built templates == | == Reasons for pre-built templates == | ||
Line 25: | Line 25: | ||
=== Management of tarballs can be tedious === | === Management of tarballs can be tedious === | ||
− | Managing templates in a non-trivial environment can become it's own demanding task, if taken seriously. The templates have to be updated constantly to reflect new security updates or | + | Managing templates in a non-trivial environment can become it's own demanding task, if taken seriously. The templates have to be updated constantly to reflect new security updates or point releases. And with every updated template, said templates have to be distributed to all Hardware Nodes where they are used. |
− | Experience has shown, that quality is one of the first things being cut in operations/production environments when being time constrained, so preventing one source of constant work improves quality and security instantly | + | Experience has shown, that quality is one of the first things being cut in operations/production environments when being time constrained, so preventing one source of constant work improves quality and security instantly. |
− | === | + | === Tarballs are of questionable security === |
Pre-built templates, especially those which can be downloaded from the internet, are of doubtful trustworthiness. It's trivial to open backdoors, install keyloggers or run DDoS clients if you have full control of the binaries which are going to be run in a VE. | Pre-built templates, especially those which can be downloaded from the internet, are of doubtful trustworthiness. It's trivial to open backdoors, install keyloggers or run DDoS clients if you have full control of the binaries which are going to be run in a VE. | ||
Line 35: | Line 35: | ||
=== It's not needed after all === | === It's not needed after all === | ||
− | With Debian, there is no reason to actually use pre-built templates if you're not time-constrained in the deployment process and have other means of managing your configuration. | + | With Debian, there is no reason to actually use pre-built templates if you're not time-constrained in the deployment process and have other means of managing your configuration, since <tt>debootstrap</tt> is the tool at the core of every Debian installation and it doesn't matter if it's run by the [http://wiki.debian.org/DebianInstaller|Debian Installer], by hand or a completely different distribution. |
− | |||
− | |||
− | |||
== Basic Steps == | == Basic Steps == | ||
Line 45: | Line 42: | ||
The basic steps needed to deploy Debian VEs are outlined in [[Debian template creation]]. | The basic steps needed to deploy Debian VEs are outlined in [[Debian template creation]]. | ||
− | == | + | == A working solution == |
To automate the process of deploying VEs with <tt>debootstrap</tt> a bit of shell-scripting glue is needed. | To automate the process of deploying VEs with <tt>debootstrap</tt> a bit of shell-scripting glue is needed. | ||
− | + | A work-in-progress version of such a tool can be found at https://workbench.amd.co.at/hg/vzstuff/. To get a local copy you need a [http://www.selenic.com/mercurial/wiki/ mercurial] client installed and then run the following command: | |
− | + | ||
+ | hg clone -r stable https://workbench.amd.co.at/hg/vzstuff/ | ||
− | |||
− | |||
− | |||
Following the instructions in the README file should get you started nicely. | Following the instructions in the README file should get you started nicely. | ||