Editing Gentoo template creation
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 3: | Line 3: | ||
== Download stage3 == | == Download stage3 == | ||
− | We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror | + | We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml. |
− | |||
− | + | == Create directory for the new container and unarchive stage3 == | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | == Create | ||
<pre> | <pre> | ||
− | + | mkdir /vz/private/777 | |
− | mkdir /vz/private/ | + | tar -xjf /root/stage3-i686-2008.0_beta2.tar.bz2 -C /vz/private/777 |
− | tar - | ||
</pre> | </pre> | ||
== Create CT config == | == Create CT config == | ||
− | Now you need to create the configuration file for the container, | + | Now you need to create the configuration file for the container, 777.conf: |
<pre> | <pre> | ||
− | vzctl set | + | vzctl set 777 --applyconfig vps.basic --save |
</pre> | </pre> | ||
− | + | == Edit CT config == | |
− | |||
− | |||
− | |||
− | + | Add the following to <code>/etc/vz/conf/777.conf</code>: | |
<pre> | <pre> | ||
− | + | OSTEMPLATE="gentoo" | |
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
Creation of container at end of this HowTo obeys quota limits and might exceed | Creation of container at end of this HowTo obeys quota limits and might exceed | ||
those limits set in <code>vps.basic</code> by default (at least encountered with Gentoo | those limits set in <code>vps.basic</code> by default (at least encountered with Gentoo | ||
10.1 release). Thus it might be required to increase limits now. The following | 10.1 release). Thus it might be required to increase limits now. The following | ||
− | values are providing 2 | + | values are providing 2 GiByte soft limit with 2.5 GiByte hard limit: |
− | + | <pre> | |
− | + | DISKSPACE="2097152:2621440" | |
− | + | </pre> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
After that you copy that configuration file turning it into a sample configuration for later use: | After that you copy that configuration file turning it into a sample configuration for later use: | ||
− | + | <pre> | |
+ | # cp /etc/vz/conf/777.conf /etc/vz/conf/ve-gentoo.conf-sample | ||
+ | </pre> | ||
== Make /etc/mtab a symlink to /proc/mounts == | == Make /etc/mtab a symlink to /proc/mounts == | ||
The container's root filesystem is mounted by the host system, not the guest — and therefore root fs will not appear in <code>/etc/mtab</code>. It will lead to a non-working <code>df</code> command. To fix, link /etc/mtab to /proc/mounts. | The container's root filesystem is mounted by the host system, not the guest — and therefore root fs will not appear in <code>/etc/mtab</code>. It will lead to a non-working <code>df</code> command. To fix, link /etc/mtab to /proc/mounts. | ||
<pre> | <pre> | ||
− | rm -f /vz/private/ | + | rm -f /vz/private/777/etc/mtab |
− | ln -s /proc/mounts /vz/private/ | + | ln -s /proc/mounts /vz/private/777/etc/mtab |
</pre> | </pre> | ||
− | After replacing <code>/etc/mtab</code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>. | + | After replacing <code>/etc/mtab</code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>. |
== Replace /etc/fstab == | == Replace /etc/fstab == | ||
<pre> | <pre> | ||
− | echo "proc /proc proc defaults 0 0" > /vz/private/ | + | echo "proc /proc proc defaults 0 0" > /vz/private/777/etc/fstab |
</pre> | </pre> | ||
We need only <code>/proc</code> to be mounted at boot time. | We need only <code>/proc</code> to be mounted at boot time. | ||
− | == Edit /etc/inittab | + | == Edit /etc/inittab == |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | < | + | Edit <code>/vz/private/777/etc/inittab</code> and put a hash mark (#) at the beginning of the lines containing: |
− | + | <pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre> | |
This prevents <code>getty</code> and login from starting on ttys that do not exist in containers. | This prevents <code>getty</code> and login from starting on ttys that do not exist in containers. | ||
Line 140: | Line 66: | ||
== Edit /etc/shadow == | == Edit /etc/shadow == | ||
− | Edit <code>/vz/private/ | + | Edit <code>/vz/private/777/etc/shadow</code> and change root's password in the first line to an exclamation mark (!): |
<pre>root:!:10071:0:::::</pre> | <pre>root:!:10071:0:::::</pre> | ||
Line 149: | Line 75: | ||
The checkroot and consolefont init scripts should not be started inside containers: | The checkroot and consolefont init scripts should not be started inside containers: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<pre> | <pre> | ||
− | + | rm /vz/private/777/etc/runlevels/boot/checkroot | |
− | + | rm /vz/private/777/etc/runlevels/boot/consolefont | |
</pre> | </pre> | ||
== Edit /sbin/rc == | == Edit /sbin/rc == | ||
− | Edit <code>/vz/private/ | + | Edit <code>/vz/private/777/sbin/rc</code> and put a hash mark (#) at the beginning of line 244 (your line number may be different): |
<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre> | <pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre> | ||
Line 170: | Line 89: | ||
This prevents the container from attempting to mount <code>/sys</code>. | This prevents the container from attempting to mount <code>/sys</code>. | ||
− | To ensure that this change isn't automatically overwritten on update, add the following to <code>/vz/private/ | + | To ensure that this change isn't automatically overwritten on update, add the following to <code>/vz/private/777/etc/make.conf</code>: |
<pre>CONFIG_PROTECT="/sbin/rc"</pre> | <pre>CONFIG_PROTECT="/sbin/rc"</pre> | ||
− | |||
− | |||
== Set up udev == | == Set up udev == | ||
Line 181: | Line 98: | ||
For example sshd will fail to start since /dev/random and /dev/urandom are missing. | For example sshd will fail to start since /dev/random and /dev/urandom are missing. | ||
So it's recommended to disable udev. | So it's recommended to disable udev. | ||
− | Edit <code>/vz/private/ | + | Edit <code>/vz/private/777/etc/conf.d/rc</code> and change the <code>RC_DEVICES</code> line to: |
<pre> | <pre> | ||
RC_DEVICES="static" | RC_DEVICES="static" | ||
</pre> | </pre> | ||
− | |||
If you want to enable udev read on. | If you want to enable udev read on. | ||
Line 193: | Line 109: | ||
<pre> | <pre> | ||
− | cd /vz/private/ | + | cd /vz/private/777/lib |
mknod udev/devices/ttyp0 c 3 0 | mknod udev/devices/ttyp0 c 3 0 | ||
mknod udev/devices/ptyp0 c 2 0 | mknod udev/devices/ptyp0 c 2 0 | ||
Line 199: | Line 115: | ||
</pre> | </pre> | ||
− | Edit <code>/vz/private/ | + | Edit <code>/vz/private/777/etc/conf.d/rc</code> and change the <code>RC_DEVICES</code> and <code>RC_DEVICE_TARBALL</code> lines to: |
<pre> | <pre> | ||
Line 207: | Line 123: | ||
You have to leave the directory you are in for the next step to be OK, otherwise you will get this error message: | You have to leave the directory you are in for the next step to be OK, otherwise you will get this error message: | ||
− | vzquota : (error) Quota on syscall for | + | vzquota : (error) Quota on syscall for 777: Device or resource busy |
vzquota on failed [3] | vzquota on failed [3] | ||
Line 217: | Line 133: | ||
Some changes are required for successful setting user's password with <code>vzctl</code> util. | Some changes are required for successful setting user's password with <code>vzctl</code> util. | ||
− | Edit <code>/vz/private/ | + | Edit <code>/vz/private/777/etc/pam.d/chpasswd</code> and change the <code>password</code> lines to: |
<pre> | <pre> | ||
Line 226: | Line 142: | ||
<pre> | <pre> | ||
− | vzctl start | + | vzctl start 777 |
− | vzctl enter | + | vzctl enter 777 |
</pre> | </pre> | ||
Line 249: | Line 165: | ||
<pre> | <pre> | ||
− | vzctl stop | + | vzctl stop 777 |
</pre> | </pre> | ||
Line 259: | Line 175: | ||
<pre> | <pre> | ||
− | mkdir /vz/ | + | mkdir /vz/private/777/usr/portage |
− | mount -o bind /usr/portage /vz/ | + | mount -o bind /usr/portage /vz/private/777/usr/portage |
</pre> | </pre> | ||
Line 266: | Line 182: | ||
<pre> | <pre> | ||
− | mount -n -o bind /usr/portage/distfiles /vz/ | + | mount -n -o bind /usr/portage/distfiles /vz/private/777/usr/portage/distfiles |
</pre> | </pre> | ||
Line 279: | Line 195: | ||
For security reasons, you should have these directories mounted only while installing software into a container. | For security reasons, you should have these directories mounted only while installing software into a container. | ||
− | {{Note|you have to <code>umount /vz/ | + | {{Note|you have to <code>umount /vz/private/777/usr/portage/distfiles</code> before trying to stop your container.}} |
== Dedicated installation of portage == | == Dedicated installation of portage == | ||
Line 285: | Line 201: | ||
If you decide not to share portage with host as described before, you'll still need a portage installed into your container. | If you decide not to share portage with host as described before, you'll still need a portage installed into your container. | ||
− | Get latest snapshot of portage tree from your favourite mirror (http://www.gentoo.org/main/en/mirrors.xml) and extract it into <code>/vz/private/ | + | Get latest snapshot of portage tree from your favourite mirror (http://www.gentoo.org/main/en/mirrors.xml) and extract it into <code>/vz/private/777/usr</code>: |
<pre> | <pre> | ||
− | # wget | + | # wget <your-mirro>/snapshots/portage-latest.tar.bz2 |
− | # tar xjf portage-latest.tar.bz2 -C /vz/private/ | + | # tar xjf portage-latest.tar.bz2 -C /vz/private/777/usr |
</pre> | </pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Create the template cache file == | == Create the template cache file == | ||
<pre> | <pre> | ||
− | cd /vz/private/ | + | cd /vz/private/777/ |
tar --numeric-owner -czf /vz/template/cache/gentoo.tar.gz * | tar --numeric-owner -czf /vz/template/cache/gentoo.tar.gz * | ||
</pre> | </pre> |